TalkPHP
Home Forums Articles Glossary Awards Register Rules Members Search Today's Posts Mark Forums Read
 
 
 
Account Login
Latest Articles
» The basic usage of PHPTAL, a XML/XHTML template library for PHP
by awuehr on 11-10-2008 in Tips & Tricks
» Vulnerable methods and the areas they are commonly trusted in.
by Village Idiot on 11-04-2008 in Classes & Objects
» Simple way to protect a form from bot
by codefreek on 10-23-2008 in Basic
» The Basics On: How Session Stealing Works
by wiifanatic on 09-12-2008 in Security & Permissions
» How to keep your forms from double posting data
by drewbee on 07-03-2008 in Tips & Tricks
IRC Channel
IRC Speech Bubble Join the friendly bunch on IRC...
(#TalkPHP on Freenode)

...Also available via a web interface.

See this thread for information on the TalkPHP Free Hugs Initiative™. Subject to availability.
Associates
Associates
CSS Tutorials
TalkPHP > Developer Forums > General » Securing sensitive data in a database
Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 03-04-2008, 09:47 AM   #1 (permalink)
Jmz
The Acquainted
 
Join Date: Oct 2007
Location: Newcastle, UK
Posts: 113
Thanks: 3
Jmz is on a distinguished road
Default Securing sensitive data in a database
We might be starting a new project at work for a doctors surgery. But because the database will contain information such as patient notes etc. I'm worried about security.

Is it sufficiently secure to store sensitive information like this as plain text in a MySQL database? Or should we look at encrypting it in some way, bearing in mind some of the notes may be quite long.
__________________
Free CSS Tutorials
Send a message via MSN to Jmz
Jmz is offline   		Reply With Quote
Old 03-04-2008, 10:27 AM   #2 (permalink)
Alan @ CIT
Member of the Month
The Frequenter
Member of the Month Top Contributor 
 
Alan @ CIT's Avatar
 
Join Date: Apr 2005
Location: South UK
Posts: 483
Thanks: 51
Alan @ CIT is on a distinguished road
Default
I would imagine that the partners at the surgery will demand encryption. It's worth bearing in a mind though that both Emis on the GP side and ISoft PAS on the hospital side all store their patient data unencyrpted, just with multiple levels of security in front of it.

Most of the emis practices in this region for example use a username/password combo then the choose & book smartcards and pin numbers as an additional protection level.

It would also be worth checking if the government has guidelines about storing patient data. It sounds like something they would have published a paper on

Alan
Send a message via MSN to Alan @ CIT
Alan @ CIT is offline   		Reply With Quote
Old 03-04-2008, 10:30 AM   #3 (permalink)
The Contributor
 
flyingbuddha's Avatar
 
Join Date: Jan 2008
Location: Birmingham, UK
Posts: 60
Thanks: 10
flyingbuddha is on a distinguished road
Default
As long as the database is password protected you're fine.
__________________
Pro. Geek
http://www.mikeholloway.co.uk
flyingbuddha is offline   		Reply With Quote
Old 03-04-2008, 10:40 AM   #4 (permalink)
Alan @ CIT
Member of the Month
The Frequenter
Member of the Month Top Contributor 
 
Alan @ CIT's Avatar
 
Join Date: Apr 2005
Location: South UK
Posts: 483
Thanks: 51
Alan @ CIT is on a distinguished road
Default
A few more resrouces for you Jmz

Information Security Management: NHS Code of Practice : Department of Health - Publications
Cryptographic services for the NHS : Department of Health - Managing your organisation
http://nww.connectingforhealth.nhs.uk/igsecurity/gpg/ (need to be on an N3 link to view)

And one last piece of advice, have a chat with your Trusts IT Security chaps as well.

At the end of the day, this is patient data and you can't be too careful. If it did get stolen, you'd be screwed

Alan
Send a message via MSN to Alan @ CIT
Alan @ CIT is offline   		Reply With Quote
The Following User Says Thank You to Alan @ CIT For This Useful Post:
Jmz (03-04-2008)
Old 03-04-2008, 02:01 PM   #5 (permalink)
Jmz
The Acquainted
 
Join Date: Oct 2007
Location: Newcastle, UK
Posts: 113
Thanks: 3
Jmz is on a distinguished road
Default
Thanks for the replies, I'll check out those links Alan :)

The weird thing is, we've been asked to have a look at their current system so that we can add some more functionality to it and it seems seriously insecure, passwords aren't encrypted, the db is stored on a cheap host and the app seems to include half the files from osCommerce .

It really is a disgrace, we're going to advise them that the whole thing is unusable and should be scrapped so I want to make sure we can tell them exactly why they shouldn't use it.
__________________
Free CSS Tutorials
Send a message via MSN to Jmz
Jmz is offline   		Reply With Quote
Old 03-04-2008, 05:13 PM   #6 (permalink)
Alan @ CIT
Member of the Month
The Frequenter
Member of the Month Top Contributor 
 
Alan @ CIT's Avatar
 
Join Date: Apr 2005
Location: South UK
Posts: 483
Thanks: 51
Alan @ CIT is on a distinguished road
Default
Glad I'm not a patient at that practice by the sounds of it

Any application that is like the one you've described is just a nightmare waiting to happen. One that also holds patient data is a lawsuit waiting to happen

Good luck with the project!

Alan
Send a message via MSN to Alan @ CIT
Alan @ CIT is offline   		Reply With Quote
Reply

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 07:13 PM.

 
     
Contact Us - TalkPHP - PHP Community - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Inactive Reminders By Icora Web Design