On 06/17/2016 03:03 AM, Alex John wrote:
Hello, I have a few questions regarding the use of PostgreSQL and HIPAA compliance. I work for a company that plans on storing protected health information (PHI) on our servers. We have looked at various solutions for doing so, and RDS is a prime candidate except for the fact that they have explicitly stated that the Postgres engine is *not* HIPAA compliant.
Correct but that isn't a Postgres problem, it is an RDS one.
Users on the IRC channel generally say that the guidelines are more catered towards building better firewalls and a sane access policy, but I would like to know if there is anything within the implementation of Postgres itself that violates said compliance.
No.
If anyone works at a similar company and utilizes postgresql to store PHI, please let me know.
We do (see sig) for multiple companies and it is fully compliant. Your issue isn't PostgreSQL. JD -- Command Prompt, Inc. http://the.postgres.company/ +1-503-667-4564 PostgreSQL Centered full stack support, consulting and development. Everyone appreciates your honesty, until you are honest with them. -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
