Staying hip to HIPAA regulations: How one DBA stays compliant

How do DBAs who adhere to HIPAA regulations get their jobs done while staying compliant? We asked DBA Brandon Leach for some pointers.

Editor's note: This is the first of a two-part story. Check back next week for the second part.

While being a database administrator (DBA) is always a challenging job that forces you to think outside the box, most don't have to think too much about the privacy rights of tens of thousands of patients every time they manipulate a table, back up their database or do most other functions related to their jobs. For those who have to work in industries that require adherence to the Health Insurance Portability Act (HIPAA) regulations, however, this is a constant concern.

Brandon LeachBrandon Leach

Brandon Leach, one such DBA for Medford, Mass.-based Network Health, remembers always being interested in technology.

"My father got me started back when I was a very little kid," Leach said. "He had me start programming [at about 6]. Simple things -- taking existing programs, editing them, simple data entry stuff a few years [later]. … I caught [technology] at a good time -- things were changing. Personal computers were relatively new. Then, the Internet came along as I grew older."

While Leach and his family recognized the value of technology, that wasn't true of everyone in the 1990s.

"My family definitely supported me in technology, that's for sure," he said. "But teachers didn't know what to do with it -- they treated it more as a free-time game."

This was true up until Leach attended high school, when he had the good fortune to attend a vocational school with a computer science program. They learned how to build out servers and program. According to Leach, the teachers there took it more seriously, encouraging students to obtain certifications and learn at least two programming languages before delving deeper into hardware or software.

Making money and making a difference

After completing his education, Leach began doing IT professionally -- first working for his father's company, then for various consultancies. He finally found the right path in 2006, when he landed his first job in the health care field as a developer. He immediately realized it was a better fit than any job he'd previously held.

"I liked that it made a difference, that it actually helped people," he said. "There was a direct relationship between what you were doing and the quality of someone's care, even if you didn't know them personally."

More information on SQL Server and HIPAA

Is your SQL Server secure enough for HIPAA?

HIPAA skills: Different ways to audit SQL Server

Tools you need for HIPAA regulations

His first employer in the health care industry was the Mass Behavioral Health Partnership, where he held a small role working on The Massachusetts Child Psychiatry Access Project, a nonprofit that provided mental health consultation services designed to help primary care providers treat children with mental health issues. Leach said he only had a small part in the nonprofit, but that it was one of the most rewarding things he ever worked on.

After five years there, Leach joined Network Health in March 2012. He can easily name the reasons why he enjoys working for the company -- it invests in him, he feels that his coworkers are very competent and intelligent and Network Health encourages him to explore his interests other than those directly related to his role.  

Being in the health services industry means Leach needs to strictly adhere to HIPAA guidelines, even though that almost always means taking some extra steps. He said that developers like to get real production data that they can "play around with." But this is something you often cannot do if your organization has to adhere to HIPAA guidelines. Leach and his colleagues have to be absolutely certain that test-level data and patient data don't interact. Unlike most DBAs, Leach often cannot use real data when performing his daily tasks -- he and others who work in the health care field must rely on data-generation tools to create realistic data sets to work with instead of real data, or data-masking tools if randomly generated numbers won't do the trick.

This was first published in February 2013

Dig deeper on SQL Server Database Compliance

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchBusinessAnalytics

SearchDataCenter

SearchDataManagement

SearchAWS

SearchOracle

SearchContentManagement

SearchWindowsServer

Close