Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

SharePoint and PHI.....A Dilemma?

  Asked By: Ray    Date: Oct 23    Category: Sharepoint    Views: 2011

We are currently evaluating whether PHI (Protected Health
Information) should/can be stored in our portal. Currnently we do
not allow it. We do have our portal set up over https with AD
authentication. We are not that happy though with the idea that
files can be downloaded, and that they are accessible from any

One idea we were looking at was using ISAServer to verify that the
machine/user (laptop) has a valid certificate in addition to AD
crendentials to access PHI information, with the goal of preventing
users from accessing PHI with a non-company computer. To further
restrict file permissions, we are also looking at IRM.

My question is if anyone has had any expreience with either of these
solutions or others. Also, if there are any concerns with either of
the technologies and using them with SharePoint.

We don't necessarily want to retstirct our entire portal this way,
just the component that would potentially contain PHI. My thought is
we would probably have to create a separate web app to host the PHI
so we could contain it more effectivley. I am not sure if it is
possible to apply any of the above within a web app only at certial
libraries, etc. Our ultimate goal would be to not allow any
documents containing PHI to be downloaded, only viewed and saved back
to the server. Any thoughts or advice would be great.



2 Answers Found

Answer #1    Answered By: Marjorie Humphrey     Answered On: Oct 23

IRM is probably the better way to go for this. Although secured
documents could still be downloaded  to a workstation with an IRM client
they would only be readable on that workstation by the person
downloading them. That's what Windows Rights Management Services is all
about. BTW, you can download a 180 full eval copy of RMS (used to be
called IRM) from Microsoft. RMS will also allow authors to only apply
the stringent control to documents containing PHI and not to an entire
Web App.

Answer #2    Answered By: Chelsey Watts     Answered On: Oct 23

IRM is enabled/applied at the document library level if you use the MOSS
2007 integration. If you are looking to upload IRM'd content into the
document libraries instead, keep in mind that will render the contents
of the files non-indexable.

I'm not that familiar with ISA server, but I believe what you are
attempting should be possible, and it should also be possible to scope
the authentication at the URL level if you so choose. If I'm wrong,
hopefully someone else here can correct me.

Didn't find what you were looking for? Find more on SharePoint and PHI.....A Dilemma? Or get search suggestion and latest updates.

Related Topics:



Related Post