5

We're currently looking for a solution (hardware or software-based) that can monitor and audit all PHI viewing activity per new HIPAA rules. We use MS-SQL for our production database. We have the following requirements:

  1. Can track inserts/updates/deletes/views of PHI
  2. Works for both Database Users and Application Users
  3. Captures changes made over the network and directly in the database (privileged users)
  4. Works on multiple servers

There are some other items that would be nice to have (low-impact to implement, great reporting, alerting for suspicious behaviour), but are not requirements.

Has anybody implemented a solution that accomplishes something similar to this, or has worked with a vendor that offers something like this?

Xander
  • 35,525
  • 27
  • 113
  • 141
user28988
  • 51
  • 1
  • 2

4 Answers4

3

SQL Server itself provides a number of compliance tools that you can take advantage of to secure and audit your database and data. There's a Compliance page on the SQL Server site and Microsoft has written a Compliance whitepaper that will get you started.

Additionally, there are huge number of third-party auditing packages available for SQL Server. A search for a set of terms like SQL Server auditing HIPAA compliance should net you plenty of options to choose from, such as Blackbird Auditor, and OmniAudit. The products obviously have different feature sets, spo you'll need to determine which ones best meet your specific criteria.

Xander
  • 35,525
  • 27
  • 113
  • 141
0

Take a look at Imperva. It pretty much covers what you are looking for, is capable of running in-line or as a agent based sniffer (easier to implement), and many customization features. It's definitely not cheap, however. As for your requirement listing:

  1. it can view the entire SQL protocol, and create an audit trail.
  2. tracks all users that connect to the server, database and application.
  3. built-in privileged operation command groups that you can track.
  4. covers all the major database systems.
bdjb
  • 21
  • 1
0

McAfee Database Activity Monitoring provides a complete coverage of all database activities - network, local and also internal (stored procedures, inflow statements, etc.).

It provides a complete visibility on all transactions and real accessed objects:

  1. if a user is selecting from a view pointing to a table (or tables), audit trail will include the real tables being accessed.
  2. if a DBA creates a stored procedure to execute some selects or updates, it will also audit the real statements executed by the procedure.

http://awards.scmagazine.com/best-database-security-solution-1

user29197
  • 1
-2
  • If Amazon or any other cloud platform use the cloud native monitoring service like AWS Cloud Watch and send it to Cloud Watch Logs to analyse the logs for various Database events.
user218299
  • 1