HIPAA Compliance with SQL Server 2008

Aside from PCI, I probably hear more about HIPAA compliance (the Health Insurance Portability and Accountability Act) from our customers than other regulations.  Although there is no formal certification around HIPAA at this point, health care providers still have a legal requirement to comply with the regulation.  If you fall in this bucket, you might want to look at this whitepaper published by Jefferson Wells, https://www.jeffersonwells.com/mssql2008hipaa where they descibe HIPAA compliance with SQL Server 2008.  There's also an associated webcast that you can watch, https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032441700&Culture=en-US.

 Hope this helps.

Il-Sung Lee
Program Manager
SQL Server Engine Security

Comments

• Anonymous
  June 23, 2011
  Sure would love to see TDE in SQL Server Standard since not just "enterprises" are bound by the law of the land when it comes to HIPAA. Not sure why this marketing decision was made, but I think you would sell more SQL Server in general if this feature were accessible to the smaller folks with smaller budgets.connect.microsoft.com/.../transparent-data-encryption-tde-for-sql-server-standard
• Anonymous
  August 23, 2013
  As I have just noticed, the download is now available here: www.microsoft.com/.../details.aspx