Search Postgresql Archives

Re: PostgresSQL and HIPAA compliance

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/17/2016 03:03 AM, Alex John wrote:
RDS is a prime candidate except for the fact that they have explicitly
stated that the Postgres engine is *not* HIPAA compliant.

More precisely, it is not covered by the BAA Amazon will sign.

I've helped several companies run HIPAA-compliant Postgres on regular EC2 instances (which *are* covered by your BAA, as long as they are dedicated instances---which do cost more). So you just have to do some of the server work yourself. If you are making the rest of your app HIPAA-compliant anyway, it shouldn't add a large burden to do Postgres that way too. Make sure your access rules are good, use SSL for the connections, put it on an encrypted disk (easy these days with encrypted EBS volumes), etc.

Slightly more effort but still very doable is handling requirements for auditing accesses and changes. How you do this probably depends on the rest of your stack.

Yours,
Paul







--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux