Welcome: Guest!

Sharepoint Forum

 
Home » Forum » Sharepoint       Ask a questionRSS Feeds

SharePoint and PHI.....A Dilemma?

  Asked By: Ray Jimenez         Date: Oct 23, 2007      Category: Sharepoint      Views: 272
 

We are currently evaluating whether PHI (Protected Health
Information) should/can be stored in our portal. Currnently we do
not allow it. We do have our portal set up over https with AD
authentication. We are not that happy though with the idea that
files can be downloaded, and that they are accessible from any
computer.

One idea we were looking at was using ISAServer to verify that the
machine/user (laptop) has a valid certificate in addition to AD
crendentials to access PHI information, with the goal of preventing
users from accessing PHI with a non-company computer. To further
restrict file permissions, we are also looking at IRM.

My question is if anyone has had any expreience with either of these
solutions or others. Also, if there are any concerns with either of
the technologies and using them with SharePoint.

We don't necessarily want to retstirct our entire portal this way,
just the component that would potentially contain PHI. My thought is
we would probably have to create a separate web app to host the PHI
so we could contain it more effectivley. I am not sure if it is
possible to apply any of the above within a web app only at certial
libraries, etc. Our ultimate goal would be to not allow any
documents containing PHI to be downloaded, only viewed and saved back
to the server. Any thoughts or advice would be great.

Tagged:        

 

2 Answers Found

 
Answer #1       Answered By: Marjorie Humphrey          Answered On: Oct 23, 2007       

IRM is probably the better way to go for this. Although secured
documents could still be downloaded  to a workstation with an IRM client
they would only be readable on that workstation by the person
downloading them. That's what Windows Rights Management Services is all
about. BTW, you can download a 180 full eval copy of RMS (used to be
called IRM) from Microsoft. RMS will also allow authors to only apply
the stringent control to documents containing PHI and not to an entire
Web App.

 
Answer #2       Answered By: Chelsey Watts          Answered On: Oct 23, 2007       

IRM is enabled/applied at the document library level if you use the MOSS
2007 integration. If you are looking to upload IRM'd content into the
document libraries instead, keep in mind that will render the contents
of the files non-indexable.

I'm not that familiar with ISA server, but I believe what you are
attempting should be possible, and it should also be possible to scope
the authentication at the URL level if you so choose. If I'm wrong,
hopefully someone else here can correct me.

 
Didn't find what you were looking for? Find more on SharePoint and PHI.....A Dilemma? Or get search suggestion and latest updates.


Your Answer
  • Answer should be atleast 30 Characters.
  • Please put code inside [Code] your code [/Code].

 
Hall of Fame  |  Facebook  |  Twitter  |  LinkedIn  |  Terms of Use  |  Privacy Policy  |  Contact us
RSS Feeds: Articles |  Forum |  New Users |  Activities |  Interview FAQ |  Poll |  Hotlinks


Go4Sharepoint, is a Microsoft Featured Community. Microsoft, Windows, Sharepoint, Sharepoint logo, Windows logo, etc are trademarks of the Microsoft Corporation. All product names, logos, copyrights, and trademarks mentioned are acknowledged as the registered intellectual property of their respective owners. This site is not in any way affiliated with, nor has it been authorized, sponsored, or otherwise approved by, Microsoft Corporation.

Copyright © 2008-2011