Database Administrator Security

Posted on January 20, 2006 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The Healthcare IT Guy gives some good food for thought when looking at your database administrator and the security of your database. Database administrators often have access to all of the medical information by looking directly at the database. This is often gone unaudited and unmanaged. As part of any HIPAA policy this issue should be addressed and documented. The best way I know how to do this is through implementing a strict policy with stiff penalties if it is ever breached. I think it would be hard to prove that they breached it, but at least it can insulate you from the “HIPAA police”. I’ll continue my research on the subject and post them here as I find them. Unfortunately, I expect that many of them will be database vendor specific.

More importantly, you should seriously consider who you’re hiring as your database administrator. They really have power to do all sorts of bad if they wanted.