Hello, I have a few questions regarding the use of PostgreSQL and HIPAA
compliance. I work for a company that plans on storing protected health
information (PHI) on our servers. We have looked at various solutions for doing
so, and RDS is a prime candidate except for the fact that they have explicitly
stated that the Postgres engine is *not* HIPAA compliant.
Users on the IRC channel generally say that the guidelines are more catered
towards building better firewalls and a sane access policy, but I would like to
know if there is anything within the implementation of Postgres itself that
violates said compliance.
If anyone works at a similar company and utilizes postgresql to store PHI,
please let me know.
Thank you,
Alex