Is message data, that may contain PHI, encrypted within the QIE DB or should the DB be encrypted?

0 votes
asked Jun 8, 2015 by amanda-w-3695 (4,900 points)
commented Jun 16, 2015 by (100 points)
Thanks, but what I really need to know is if the Qvera supplied encryption makes it HIPAA compliant or if we must put SQL Server encryption (TDE) on the database in order to make it HIPAA compliant???...
commented Jun 17, 2015 by amanda-w-3695 (4,900 points)
See modified answer below

1 Answer

0 votes

All message data, log data, usernames, passwords etc. are encrypted within the QIE database, using AES256 encryption. This encryption satisfies HIPAA requirements for encrypting PHI "at rest" thus eliminating the need to encrypt the entire database.

Whenever a user attempts to export unencrypted message data from QIE, they will be prompted with a reminder regarding the potential sensitive information or PHI and they must select Yes or No to complete the export process. 

answered Jun 8, 2015 by amanda-w-3695 (4,900 points)
edited Jun 17, 2015 by amanda-w-3695