HIPAA experience

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

HIPAA experience

DrBloodmoney
Hello,
I was hoping that some of the list members who have experience
building HIPAA-compliant (or SOX-compliant) django apps could share
some of their experiences.  We are beginning to research possibly
implementing some internal apps in our department, but of course
working with patient data requires compliance with HIPAA and now
HITECH.

Specific areas of interest/problems we are interested in solving with
django and python (crypto):

- Auditing (particulary SQL select auditing on sensitive (ie. PHI)
tables) and the need to identify specific user's select (ie. cannot be
database triggered since django connects with as a single user).
- PHI storage encryption as now required under HITECH (I would assume
most solutions would require pycrypto here).

Anyone care to share their experiences?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email].
To unsubscribe from this group, send email to [hidden email].
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Reply | Threaded
Open this post in threaded view
|

Re: HIPAA experience

Mario-72
Hello,

From what I have read it looks like you want to provide your clients
the assurance that the information being presented is not compromised
in addition to meeting the HIPAA and HITECH requirements. This is not
entirely a Django/Python implementation, but falls in line with the
Database back-end support. The manner on how you present the views to
the customer depends on the API customization i.e., wrapper

 I know from experience distributed databases such as Oracle and
Sybase have  built-in encryption capabilities i.e., Data-At-Rest. As
far as Data-In-Transit, I believe Https/SSL should take care of this
scenario although I am not sure if MySQL or PostgresSQL cab support
Data-At-Rest.

Hope this helps.

_Mario




On Jun 10, 9:46 pm, DrBloodmoney <[hidden email]> wrote:

> Hello,
> I was hoping that some of the list members who have experience
> building HIPAA-compliant (or SOX-compliant) django apps could share
> some of their experiences.  We are beginning to research possibly
> implementing some internal apps in our department, but of course
> working with patient data requires compliance with HIPAA and now
> HITECH.
>
> Specific areas of interest/problems we are interested in solving with
> django and python (crypto):
>
> - Auditing (particulary SQL select auditing on sensitive (ie. PHI)
> tables) and the need to identify specific user's select (ie. cannot be
> database triggered since django connects with as a single user).
> - PHI storage encryption as now required under HITECH (I would assume
> most solutions would require pycrypto here).
>
> Anyone care to share their experiences?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email].
To unsubscribe from this group, send email to [hidden email].
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.