tina wrote:
keep in mind the HIPAA privacy and security requirements, Pat. an
Access database cannot be completely secured, so you have to consider
whether it will satisfy HIPAA regulations, and the potential
ramifications to the doctor, his practice, and his patients, if it
does not.

We see this a lot and I wonder if anyone has actually researched the
requirements. The weaknesses in Access security are only a factor when you are
trying to secure the data from *authorized users* of the application. If access
to the application file (mdb) is controlled with network security then it is
just as secure from *unauthorized users* as any other file.

Would HIPAA regulations dictate that NO electronic file can contain patient data
unless there is air-tight security actually built into the file itself or only
that appropriate steps are taken to prevent unauthorized access to the file? I
mean most medical records are still in plain old fashioned paper folders. Are
medical organizations required to use a secret code when writing on medical
charts or are they only required to take steps so that only authorized people
get their hands on them? I assume it is the latter. I fail to see why the bar
should be any higher for electronic versions of that same data.

--
I don't check the Email account attached
to this message. Send instead to...
RBrandt at Hunter dot com