Re: PostgresSQL and HIPAA compliance
| От | Steve Atkins |
|---|---|
| Тема | Re: PostgresSQL and HIPAA compliance |
| Дата | |
| Msg-id | 479D981E-B5ED-46B9-B5F4-D03768ED14B8@blighty.com обсуждение исходный текст |
| Ответ на | PostgresSQL and HIPAA compliance (Alex John <alex.john@holmusk.com>) |
| Список | pgsql-general |
> On Jun 17, 2016, at 3:03 AM, Alex John <alex.john@holmusk.com> wrote: > > Hello, I have a few questions regarding the use of PostgreSQL and HIPAA > compliance. I work for a company that plans on storing protected health > information (PHI) on our servers. We have looked at various solutions for doing > so, and RDS is a prime candidate except for the fact that they have explicitly > stated that the Postgres engine is *not* HIPAA compliant. There's nothing fundamental to postgresql that would make HIPAA compliance difficult, and *probably* nothing major with the way it's deployed on RDS. Actual certification takes time and money, though. > > Users on the IRC channel generally say that the guidelines are more catered > towards building better firewalls and a sane access policy, but I would like to > know if there is anything within the implementation of Postgres itself that > violates said compliance. > > If anyone works at a similar company and utilizes postgresql to store PHI, > please let me know. EnterpriseDB are helping provide HIPAA compliant postgresql on AWS; it might be worth having a chat with them. http://www.enterprisedb.com/postgres-plus-edb-blog/fred-dalrymple/postgres-meets-hipaa-cloud http://www.slideshare.net/EnterpriseDB/achieving-hipaa-compliance-with-postgres-plus-cloud-database Cheers, Steve
В списке pgsql-general по дате отправления: