Does the server SQL db need to be encrypted to meet HIPAA?

elandau1260 wrote on Tuesday, October 07, 2014:

Hello: I am hosting openEMR on an AWS (Amazon Web Server). I was wondering if I need to encrypt the data on the server to be HIPAA compliant (I am hosting several different physicians’ databases).

Amazon does have a way to do this without modifying the code… kind of like BitLocker on Windows… just wondering if this is required.

Thanks,
-Ed

Ed

visolveemr wrote on Tuesday, October 07, 2014:

Hosting on AWS does not guarantee its HIPAA compliant. Please refer http://aws.amazon.com/compliance/ to learn about Amazon AWS compliance details.

HIPAA requires the data persisted as well as transferred should be encrypted. We can used “dmcrypt” kind of tools for security on data at rest.

Thanks
OpenEMR Customization/Support Team,
ViSolve Inc
services@visolve.com
Demo’s @ ViSolve Demo Library

elandau1260 wrote on Tuesday, October 07, 2014:

Thanks ViSolve. I’m not sure what dmcrypt is but will look into it. I may post back a few questions shortly :).
-Ed