Now see, if I gave that away, I wouldn't have interested you, now would I?
As with all databases, you need to collect some kind of identifying
information. That's what the "save 1 or 2 tables" statement was about.
Take this simple system for example.
Table 1 ...
UserID UserName First_Name Last_Name
1 logmeon J.R. Bullington
Table 2 ...
ID1 UserID Site Password
1 1 145 12345
Table 3 ...
SiteID SiteName SiteLoc
145 Home SomePlace USA
And so on and so forth...
Out of the information above, let's "print" some...
If I printed 2 and 3, what could you do with it? Nothing, since the FK is
not the same as PK. Now, we database people know what we could do, but not
the layman.
If I printed 1 and 3, what could you do with it? Nothing, no references...
If I printed 1 and 2, a little more could be done, because you have username
and password, but the rest of the data is unrecognizable.
Now here is the real fun... Take away the table names, add 5000 records to
each table, and shuffle them. That's the typical database size in a
medium-sized clinic. Since you wouldn't actually print all 5000 records onto
paper, you would only print what you wanted to see, how could you figure it
out?
Rhetorical question as you couldn't without the database schema in hand to
relate back to.
Only 1 table out of the ubound(Table(x)) that I could have created (only 3
shown) have personally identifiable data in them. No one but the
administrator and/or data entry person(s) has/ve access to that one table.
Hence... HIPAA compliance.
Welcome to my world...
J.R.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, August 05, 2005 1:46 PM
To: J.R. Bullington
Cc: mysql@lists.mysql.com
Subject: Re: MySQL and HIPAA Compliance?
>> Now the systems that I designed/use were designed with HIPAA in mind,
>> so, save 1 or 2 tables, everything is in integers. Printing out an
>> entire table of data and leaving it in the cafeteria is not an issue
>> as you would see nothing but numbers. Without having the database
>> schema in hand to reference what all the numbers mean, you won't be able
to determine anything.
>That's a clever idea! But didn't you have to store personal information at
somepoint? I guess you
>could do a clever encoding scheme to map a name and address to a very large
integer, but that seems... >not much better. How did you handle that issue?
--
Ross Vandegrift
[EMAIL PROTECTED]
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
