MS ACCESS security and HIPAA compliance
in [General]
|
From: frank on 20 Mar 2010 13:15 I have just begun work for a health care entity which uses MS Access for all their client data. The User interfaces are all standard Access Forms and Pages deployed over the Lan using Share Permissions. I will soon begin the task of consolidating and securing these various databases and the solution must be compliant with HIPAA regulations for securing Private Health Information. Can anyone please offer any basic suggestions that I can pursue to properly secure my Access databases in this environment? Also, can Access security be integrated with Active Directory like MSSQL? Thank You.
From: Douglas J. Steele on 20 Mar 2010 13:46 I think you'll find the general consensus is that Access is not appropriate for HIPAA. And no, Access security cannot be integrated with Active Directory. On the topic of Access security, be aware that the new ,accdb file format in Access 2007 (and Access 2010, which is currently in beta) does not support Access security (although it's still supported in those versions of Access if the file is left in the older .mdb file format) -- Doug Steele, Microsoft Access MVP http://I.Am/DougSteele (no e-mails, please!) "frank" <frankjlinden(a)yahoo.com> wrote in message news:b1bf4277-a22a-4618-959c-5e1a6f3d6b56(a)q21g2000yqm.googlegroups.com... >I have just begun work for a health care entity which uses MS Access > for all their client data. > The User interfaces are all standard Access Forms and Pages deployed > over the Lan using Share Permissions. > I will soon begin the task of consolidating and securing these various > databases and the solution must be compliant with HIPAA regulations > for securing Private Health Information. Can anyone please offer any > basic suggestions that I can pursue to properly secure my Access > databases in this environment? > Also, can Access security be integrated with Active Directory like > MSSQL? > > Thank You.
From: bouba1960 on 20 Mar 2010 14:42 "frank" <frankjlinden(a)yahoo.com> a �crit dans le message de groupe de discussion : b1bf4277-a22a-4618-959c-5e1a6f3d6b56(a)q21g2000yqm.googlegroups.com... > I have just begun work for a health care entity which uses MS Access > for all their client data. > The User interfaces are all standard Access Forms and Pages deployed > over the Lan using Share Permissions. > I will soon begin the task of consolidating and securing these various > databases and the solution must be compliant with HIPAA regulations > for securing Private Health Information. Can anyone please offer any > basic suggestions that I can pursue to properly secure my Access > databases in this environment? > Also, can Access security be integrated with Active Directory like > MSSQL? > > Thank You.
From: Banana on 20 Mar 2010 14:55 Douglas J. Steele wrote: > I think you'll find the general consensus is that Access is not > appropriate for HIPAA. > > And no, Access security cannot be integrated with Active Directory. > > On the topic of Access security, be aware that the new ,accdb file > format in Access 2007 (and Access 2010, which is currently in beta) does > not support Access security (although it's still supported in those > versions of Access if the file is left in the older .mdb file format) > FWIW, I did use to work for a company that was bound by HIPAA and I know of couple others who did likewise. The way I understood it, it was OK as long you used Windows filesystem permissions to keep out the non-users and thus only those employees who were authorized to work with confidential documentations. No different from emails containing the same content, really. This works OK on a user-level. When there's a question of needing a different access security for data, a different backend may be a better solution, but that doesn't preclude Access as a front-end client.
From: Banana on 20 Mar 2010 14:59
frank wrote: > I have just begun work for a health care entity which uses MS Access > for all their client data. > The User interfaces are all standard Access Forms and Pages deployed > over the Lan using Share Permissions. > I will soon begin the task of consolidating and securing these various > databases and the solution must be compliant with HIPAA regulations > for securing Private Health Information. Can anyone please offer any > basic suggestions that I can pursue to properly secure my Access > databases in this environment? > Also, can Access security be integrated with Active Directory like > MSSQL? > > Thank You. Have a look at www.accesssecurityblog.com Please be aware this is an effective solution for controlling access to objects within an Access database in conjuncture with compiling the file into a MDE/ACCDE, but this is not appropriate for securing data itself if it is stored in an Access file. Unless you are content with using Windows filesystem permission to keep out nonusers, consider using SQL Server Express, MySQL, PostgreSQL, whatever to secure your data. HTH. |