By Gil Vidals, , HIPAA Blog, Resources

The term “SQL Server” refers to the Relational Database Management System (RDBMS) software which runs on the physical/virtual host. There are many different implementations of SQL (Structured Query Language) and choosing between them is dependent upon the database requirements and can have an impact on compliance efforts when dealing with HIPAA guidelines. Many choices are available including these commonly used ones: Microsoft SQL, MySQL, PostgreSQL, and MariaDB.

Choosing which SQL server implementation meets company needs calls many different factors into effect (prerequisites, cost, capacity, etc). As an example: MySQL, PostgreSQL and MariaDB are free and open source products. For shoestring-budget healthcare startups, these would be cost-effective solutions to build an application around a software package that is of no cost. Another solution: Microsoft SQL is a very common choice for database implementation, but requires license/support fees to acquire and implement the product. SQL servers are inherently more secure than flat-file information.

In addition, many HIPAA applications have historically been built around Microsoft SQL Server, which is known to have several particular features that lend it to closely-monitored compliance tasks. For example, it features ‘SQL Server Audit,’ a database auditing program, TDE (transparent database encryption), extensible key management, granular access control, policy-based administration, reporting tools, and policy-based security management. Though, these tools come at the price of a software license. In addition, you would need to run a Windows-based architecture which also requires additional licensing fees, as SQL Server would not run on a non-Windows system.

While the Microsoft SQL option is known as a frontrunner, there are many healthcare startups that use an open source implementation for their database needs. Though Microsoft offers many included tools and features, the open source community has replicated (and in many cases, initially introduced) these features. Linux servers are renowned for their security, and thus are well-suited for HIPAA hosting tasks. In fact, the choice between features in the SQL server product should not be made without considering the operating system on which it will reside. Of these available options, each have their own positive/negative aspects, but in choosing the best SQL implementation to fulfill HIPAA compliance, always consider all factors involved.