Re: Health care software utilizing CouchDB

On Mon, Oct 31, 2011 at 10:17 PM, Nolan Darilek <nolan@...> wrote:
> What encrypted volume are you using?

Ecryptfs. [1]

We've had pretty solid performance with it, although haven't yet
reached the scale where we might have to worry more about performance.
The major downside is that you need to manually mount the drive in the
case of a reboot which can be problematic if people with the
credentials aren't around. This is only a small piece of the HIPAA
puzzle, but does provide the "encrypted at rest" and "protection if
the server walks away" bits.

[1] https://help.ubuntu.com/11.04/serverguide/C/ecryptfs.html

>
> I'm actually not using CouchDB (I had an app based on MongoDB) but the NoSQL
> solutions seem to be lagging behind in things like database encryption. I
> wanted to go with the encrypted volume approach, but finding one that is up
> to HIPAA/HITECH spec was confusing for someone running a small business
> targeting a niche market of mostly solo practitioners.
>
>
> On 10/31/2011 02:43 PM, Cory Zue wrote:
>>
>> My organization supports many healthcare applications on CouchDB
>> including multiple that are HIPAA compliant. We store our entire
>> database on an encrypted volume and setup ssh-tunnels for encrypted
>> replication. We have found that the schemalessness of couch is a big
>> win when dealing with health protocols and systems.