Market Segment - Health Care Industry

Client

Data Interaction’s client is responsible for maintaining a database of medical supply products that have been recalled by manufactures. Patients using products recalled by the manufacture must be given instruction about safety alerts.

Project Background

Data Interaction’s client stores data about manufactures medical products, safety alerts, and patients records in an Oracle 10g database. The database contains information about individuals medical records and was required by law to adhere to the guidelines defined in the Health Insurance Portability and Accountability Act (HIPAA).

Solution

Using HIPAA regulation as a guideline, Data Interaction authored administrative, technical, and physical data protection safeguards. In the first phase we addressed the administrative safeguards by defining written policies and procedures designed to comply with HIPAA. Using this as a framework we assisted in the review process used to choose a 3rd party vendor to implement the physical security of the computer hardware that the Oracle database environments resided on.

Once the administrative and physical safeguards had been set in place Data Interaction implemented the technical policies controlling access to the database. Controls included (i) encryption of information flow over the closed network, (ii) auditing of changed or deleted data in unauthorized capacities, (iii) written record of configuration and modified settings, and (iv) operational safeguards in respect to off-site storage and replication of data.