Yes, it stores medical records (a form or what HIPAA calls protected health information) but the HIPAA rules do not address specific technologies, least of all storage. A floppy disk locked in a room to which only authorized personnel have access is as HIPAA compliant as a quarter-million dollar SAN with advertised "compliance" features. HIPAA is as squishy and poisonous as a jellyfish. It does not necessarily mandate file system encryption, for example. However, if someone cracks your OS and steals PHI, and it turns out that similar-sized organizations to yours do have file system encryption, you could be legally vulnerable to claims against due diligence. Each organization must evaluate these issues, and different organizations will reach opposing, but correct, conclusions. I do not personally consider storage technology to enter into the HIPAA equation for our purposes.
-----Original Message----- From: christopher neitzert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:57 PM To: Robinson, Eric R. Subject: RE: [RLUG] Linux-based SAN? On Fri, 2003-08-22 at 20:04, Robinson, Eric R. wrote: > I'd like to build a fault-tolerant storage solution with a meager 250GB > space and room to expand to maybe 1TB. It would be used by 25 servers, each > running a mission-critical medical application. > Of course, I also need a way to back it up really fast. > Oh, and did I mention the solution needs to be dirt-cheap? > Any ideas come to mind? if its medical then it has to be HIPAA complaint. does this store patient records or other HIPPA-Required secure things? if no, then build a cheap-o-JBOD with fbsd and nfs3, tunnel nfs over openvpn and export volumes that way... > I went to the Falconstor site. They have about 50 different and subtly > related products. yeah. chris -- Christopher Neitzert http://www.neitzert.com/~chris 775.853.5314 - [EMAIL PROTECTED] - GPG Key ID: 7DCC491B _______________________________________________ RLUG mailing list [EMAIL PROTECTED] http://www.rlug.org/mailman/listinfo/rlug
