Oracle Tips by Burleson

Chapter 1 Introduction to HIPAA

Closely tied to the above is Confidentiality, which goes a step beyond and ensures that not only is the user authorized to see the records, but is authorized to see all the fields of the record. Certain fields of the record, Social Security Number, for instance, are indicated as very sensitive data, labeled Patient Health Information (PHI) by HIPAA, and require special authorization to view. This step makes sure the user sees this if and only if allowed to see it.

A user may decide to change data after viewing it, but is he or she allowed to do so? This question is posed by the Integrity step, which ensures that the user does not deliberately or accidentally modify information without proper authorization.

Finally, HIPAA mandates that all such users who access information must be recorded as having done so – a task called Auditing.

The primary focus for Oracle professionals dealing with HIPAA, or security in general, can be broadly divided into two categories – Security (which encompasses Authentication, Authorization, Confidentiality, and Integrity) and Auditing. A section in this book is devoted to each category.

HIPAA Terminologies as Applied to Data Management

As an IT professional in charge of making your Oracle database security and auditing infrastructure HIPAA compliant, you should be aware of a few terms.

Protected Health Information (PHI) – PHI is the information that identifies an individual, such as a Social Security Number. The HIPAA regulations apply whenever PHI is transmitted by electronic media, such

The above text is an excerpt from:

http://rampant-books.com/book_2003_2_audit.htm