If I were to hazard a guess, I would say the potential client is probably engaged in an activity which is regulated under those acts. Your role as the database developer and, presumably, administrator, will be to ensure compliance with the acts' requirements both for data security and data persistence. IOW, how do you intend to ensure that the data gathered by the site are protected from authorized intrusion, and what are your plans for backup, disaster recovery, long-term storage, etc. to comply with the requirements that the data be maintained intact, lawfully accessible, and secure.
Just a guess, of course, but I don't see what other reasons they might have for a requirement for you to understand the framework of the acts. Cheers, Scott ----- Original Message ----- From: "PBC Web Design" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, September 20, 2004 3:55 PM Subject: [wdvltalk] Re: please explain: hippa and sarbanes-oxley Stephen, Ohhhhhhhhhhhh ..... THAT hippa! Well, that's a good start anyway - at least I know it deals w/the privacy act. Thanks for the link, I've bookmarked it. I will however, have to figure out apparently what this has to do w/developing a database for a web site but at least the link you sent is more or less understandable to me somewhat, thank you. The little bit I've read seems more geared to the client having to keep these records about their company and employees but maybe it will become more clear why this would have to do w/me getting them a database developed after I do some more reading. Thanks again. Deb At 02:41 PM 9/20/2004, you wrote: >Fear not Deb, you don't have to be a db person. You've just got to be >able to interpret legal mumbo jumbo. HIPAA is the 'Health Insurance >Portability and Accountability Act' which is all about infomation >privacy. The Sarbanes-Oxley Act requires all publicly held US >businesses to gather and retain large amounts of data on employees, >much of which is HIPAA protected. Here's a tidbit from: > >http://www.outerbay.com/compliance.html > ><quote> >To achieve compliance, the company must set and enforce data retention >policy, then archive inactive data in an accessible format. WhatÆs >more, records must be tamper-proof and able to survive potential >system changes, even the retirement of the application itself. ></quote> > >Which, incidentally I came across by googling "hippa and >sarbanes-oxley". Always look before you ask. > >- Stephen ____ . The WDVL Discussion List from WDVL.COM . ____ To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED] To set a personal password send an email to [EMAIL PROTECTED] with the words: "set WDVLTALK pw=yourpassword" in the body of the email. To change subscription settings to the wdvltalk digest version: http://wdvl.internet.com/WDVL/Forum/#sub ________________ http://www.wdvl.com _______________________ You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to %%email.unsub%% To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. ____ • The WDVL Discussion List from WDVL.COM • ____ To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED] To set a personal password send an email to [EMAIL PROTECTED] with the words: "set WDVLTALK pw=yourpassword" in the body of the email. To change subscription settings to the wdvltalk digest version: http://wdvl.internet.com/WDVL/Forum/#sub ________________ http://www.wdvl.com _______________________ You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.