Data Security

[bcpayne]

There is password access to the open dental software, but what about the database?

Are the SQL tables password encrypted in any way? I am concerned that if my server is sent for repair, or if a backup is lost, that someone could access the tables and have access to all of our patient data. This I imagine would be a HIPPA incident.

If it isn't, what would you have to do to have the database encrypted or at least somewhat secure, so that you could at least claim reasonable effort in the case of data breach.

I am new to this and I am likely uninformed on this issue, but my understanding about database security is just keeping people from accessing the file. Since you are able to access the data in the file from other table editors without using opendental or any passwords.

[jordansparks]

You can encrypt that folder in Windows. But then you need to change the user for the MySQL service to match the user under which the folder was encrypted. So that, combined with a physical lockdown of the server, will protect you from theft directly at the server. But the data also goes out over your network. So our web service is available as a middle tier to prevent other users on the network from directly accessing the database. You probably don't need to go to this extreme for a small to medium office as long as each workstation is password protected.