From: frank on
I have just begun work for a health care entity which uses MS Access
for all their client data.
The User interfaces are all standard Access Forms and Pages deployed
over the Lan using Share Permissions.
I will soon begin the task of consolidating and securing these various
databases and the solution must be compliant with HIPAA regulations
for securing Private Health Information. Can anyone please offer any
basic suggestions that I can pursue to properly secure my Access
databases in this environment?
Also, can Access security be integrated with Active Directory like
MSSQL?

Thank You.
From: Douglas J. Steele on
I think you'll find the general consensus is that Access is not appropriate
for HIPAA.

And no, Access security cannot be integrated with Active Directory.

On the topic of Access security, be aware that the new ,accdb file format in
Access 2007 (and Access 2010, which is currently in beta) does not support
Access security (although it's still supported in those versions of Access
if the file is left in the older .mdb file format)

--
Doug Steele, Microsoft Access MVP
http://I.Am/DougSteele
(no e-mails, please!)



"frank" <frankjlinden(a)yahoo.com> wrote in message
news:b1bf4277-a22a-4618-959c-5e1a6f3d6b56(a)q21g2000yqm.googlegroups.com...
>I have just begun work for a health care entity which uses MS Access
> for all their client data.
> The User interfaces are all standard Access Forms and Pages deployed
> over the Lan using Share Permissions.
> I will soon begin the task of consolidating and securing these various
> databases and the solution must be compliant with HIPAA regulations
> for securing Private Health Information. Can anyone please offer any
> basic suggestions that I can pursue to properly secure my Access
> databases in this environment?
> Also, can Access security be integrated with Active Directory like
> MSSQL?
>
> Thank You.

From: bouba1960 on


"frank" <frankjlinden(a)yahoo.com> a �crit dans le message de groupe de
discussion :
b1bf4277-a22a-4618-959c-5e1a6f3d6b56(a)q21g2000yqm.googlegroups.com...
> I have just begun work for a health care entity which uses MS Access
> for all their client data.
> The User interfaces are all standard Access Forms and Pages deployed
> over the Lan using Share Permissions.
> I will soon begin the task of consolidating and securing these various
> databases and the solution must be compliant with HIPAA regulations
> for securing Private Health Information. Can anyone please offer any
> basic suggestions that I can pursue to properly secure my Access
> databases in this environment?
> Also, can Access security be integrated with Active Directory like
> MSSQL?
>
> Thank You.

From: Banana on
Douglas J. Steele wrote:
> I think you'll find the general consensus is that Access is not
> appropriate for HIPAA.
>
> And no, Access security cannot be integrated with Active Directory.
>
> On the topic of Access security, be aware that the new ,accdb file
> format in Access 2007 (and Access 2010, which is currently in beta) does
> not support Access security (although it's still supported in those
> versions of Access if the file is left in the older .mdb file format)
>

FWIW, I did use to work for a company that was bound by HIPAA and I know
of couple others who did likewise.

The way I understood it, it was OK as long you used Windows filesystem
permissions to keep out the non-users and thus only those employees who
were authorized to work with confidential documentations. No different
from emails containing the same content, really. This works OK on a
user-level. When there's a question of needing a different access
security for data, a different backend may be a better solution, but
that doesn't preclude Access as a front-end client.
From: Banana on
frank wrote:
> I have just begun work for a health care entity which uses MS Access
> for all their client data.
> The User interfaces are all standard Access Forms and Pages deployed
> over the Lan using Share Permissions.
> I will soon begin the task of consolidating and securing these various
> databases and the solution must be compliant with HIPAA regulations
> for securing Private Health Information. Can anyone please offer any
> basic suggestions that I can pursue to properly secure my Access
> databases in this environment?
> Also, can Access security be integrated with Active Directory like
> MSSQL?
>
> Thank You.


Have a look at www.accesssecurityblog.com

Please be aware this is an effective solution for controlling access to
objects within an Access database in conjuncture with compiling the file
into a MDE/ACCDE, but this is not appropriate for securing data itself
if it is stored in an Access file. Unless you are content with using
Windows filesystem permission to keep out nonusers, consider using SQL
Server Express, MySQL, PostgreSQL, whatever to secure your data.

HTH.