Anyone know anything about Sql Server HIPAA compliance?

Does anyone know of a good tutorial for setting up a website for HIPAA compliance? In particular, what's involved in setting up Sql Server to be compliant?

I'm developing a simple c# website for a friend who owns a small company based in the medical field. Now that his company is growing, he wants to allow his doctors to log into his website to view their patients' test results rather than having to snail mail out the test results every day.

This brings us to a rather delicate issue because even though it's just a few simple pages on the website to view this test result data, I think we're now into HIPAA compliance territory. Meaning we'll have to look at more secure (and expensive) measures than what is currently being performed. For example, I was looking at a web hosting service that provides .net hosting & shared sql server for $15/month. Will I now need to look into a $199/month dedicated server (which probably would cancel the project since, as I said, it's just a simple website with a few small simple features).

Thanks for any help on this.

-Goalie35

You could start by looking athttp://searchsqlserver.techtarget.com/tip/0,289483,sid87_gci1193101,00.html?topic=301323

By shared, is it multiple instances of SQL Server or just multiple databases attached to the one server instance?

ANSI SQL-99 Compliance Level

When I researched SQL Server 2000, I was told (I believe by Hal Berenson) that it was entry-level compliant with SQL-92, but the next version was going to be compliant with SQL-99. I haven't been able to comfirm this in the docs. Can anyone from MS confirm?

Thank You

Garth

We should still be SQL-99 entry-level compliant since it encompasses SQL-92 standard specifications. We also support newer features like windowing functions (ROW_NUMBER, RANK, DENSE_RANK, NTILE) and query expressions (CTE) that are part of SQL-99 specs. I don't believe that there is a topic in Books Online that covers this. I would encourage you to use the feedback link in Books Online to send this request.|||Thank you for the reply.

I sure would like to get a definitive answer as I'm trying to write about how T-SQL differs from ANSI SQL, and it would be helpful to be able to specify what level of compliance we have in 2005.

It would also be helpful to know if FIPS Flagger is going to be updated to compare against SQL-99 instead of SQL-92. Or if there is another method that can be used to ensure a given T-SQL statement is compliant with SQL-99.

Thanks for your time,

Garth|||Note that T-SQL is the procedural language extensions for SQL. It is not the same as the query language described by ANSI SQL. SQL Server however has extensions to the query language or proprietary syntax for example. AFAIK, FIPS flagger has not been updated to check for SQL-99 features. It will not be changed before RTM also. My suggestion is that you can focus on the SQL-92 syntax for DML statements and talk about the SQL-99 specific features like query expression/window functions. There are some additional improvements to referential constraints - we now support SET NULL and SET DEFAULT in addition to NO ACTION and CASCADE.