| From: | Steve Atkins <steve(at)blighty(dot)com> |
|---|---|
| To: | PG-General Mailing List <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: PostgresSQL and HIPAA compliance |
| Date: | 2016-06-17 17:55:28 |
| Message-ID: | 479D981E-B5ED-46B9-B5F4-D03768ED14B8@blighty.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> On Jun 17, 2016, at 3:03 AM, Alex John <alex(dot)john(at)holmusk(dot)com> wrote:
>
> Hello, I have a few questions regarding the use of PostgreSQL and HIPAA
> compliance. I work for a company that plans on storing protected health
> information (PHI) on our servers. We have looked at various solutions for doing
> so, and RDS is a prime candidate except for the fact that they have explicitly
> stated that the Postgres engine is *not* HIPAA compliant.
There's nothing fundamental to postgresql that would make HIPAA compliance
difficult, and *probably* nothing major with the way it's deployed on RDS. Actual
certification takes time and money, though.
>
> Users on the IRC channel generally say that the guidelines are more catered
> towards building better firewalls and a sane access policy, but I would like to
> know if there is anything within the implementation of Postgres itself that
> violates said compliance.
>
> If anyone works at a similar company and utilizes postgresql to store PHI,
> please let me know.
EnterpriseDB are helping provide HIPAA compliant postgresql on AWS; it
might be worth having a chat with them.
http://www.enterprisedb.com/postgres-plus-edb-blog/fred-dalrymple/postgres-meets-hipaa-cloud
http://www.slideshare.net/EnterpriseDB/achieving-hipaa-compliance-with-postgres-plus-cloud-database
Cheers,
Steve
| From | Date | Subject | |
|---|---|---|---|
| Next Message | James Keener | 2016-06-17 17:59:24 | Re: PostgresSQL and HIPAA compliance |
| Previous Message | Adrian Klaver | 2016-06-17 16:40:46 | Re: ***SPAM*** Re: random huge delay when recreate a VIEW or FUNCTION |