Reply to Re: Storing form data on client?

Your name:

Reply:


Posted by Jerry Stuckle on 11/10/06 13:15

Mike wrote:
> I have developed an application, for psyc patients.... they type in
> very personal information in a web form to help them work through
> problems in their lives. Once they enter the info, I encrypt the data
> and store it in a MySQL database. Users can then print, edit, delete
> or share the information they entered with their therapist. I'm not
> happy storing this in the database for two reasons: (1) my host places
> restrictions on my database size and number of queries. (2) the
> information is very personal and sensitive, and I'd hate to find out
> the database has been compromised or damaged (even with the
> encryption). Also, currently I don't have any search capabilities, but
> as patients fill out large numbers of forms, they may have a need to
> search.
>
> Is there a way for me to store the form information on the visitor's
> computer.... say a cookie or text file, rather than on the server side?
> How would I go about doing this?
>
> Thanks!
>
> Mike
>

Mike,

If you're in the United States, it could be even worse than that. HIPAA
regulations are quite strict on medical information, and a violation
(even an inadvertent one) can land both you and your client in jail for
a few years. At the least there would be a very large fine.

About the only way you will be able to pass HIPAA regs would be to have
a physically secure server - meaning one locked in your clients office
or similar. Otherwise someone can get in there and access your programs
- which obviously have to have the key for encrypting/decrypting the
data someplace. Also, you would need to use SSL for all communications
with sensitive information, etc.

Additionally, before medical information can be shared, even with a
therapist, you must have a signed authorization. This has to be on real
paper - a web form doesn't work.

Right now this is a VERY touchy subject in the U.S.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация