|
[Quoted Text] > Does anyone know what level of encryption Access 2003 supports?
Access uses RC4 encryption with a 32-bit key which is stored in the header
of the file. It is often referred to as "encoding" rather than "encryption"
because it is always fully reversible since the encryption key is always
available (no matter if you apply ULS or not).
It is certainly not an effective means of protecting your data - sure, it
will stop your average Joe from opening the file in a hex editor and seeing
your data (...until he finds the free tool on the net to remove the encoding
instantly...)
> Is Access 2003 HIPAA complient when using a database password and
> encryption?
The database password and encryption are totally seperate mechanisms in all
versions of Access prior to 2007. In Access 2007 the database password is
now used as the "key" for the encryption and therefore is much more
effective at protecting your data with a single password. Obviously this
doesn't help you too much since Access 2007 is only available as beta
software at the moment.
IMO it would not be wise to use Access in this case (well, specifically the
Jet database engine). You could offer much tighter security/encryption with
a server based database.
I don't know (and can't comment on) the specific requirements for HIPAA, but
I do know that some of our clients send us Access databases for repair
asking for NDAs to be signed in advance since their data is under HIPAA.
HTH
Wayne Phillips
http://www.everythingaccess.com
"Rob C" <RobC[ at ]discussions.microsoft.com> wrote in message
news:89F5BEC1-CC2F-4ED9-AC22-FB7270B9EC2D[ at ]microsoft.com...
> Does anyone know what level of encryption Access 2003 supports? We set
> our
> database to encrypted but needed to report on the level of encryption that
> it
> provides
>
> Is anyone using Access 2003 for a HIPAA related project? Is Access 2003
> HIPAA complient when using a database password and encryption?
>
> Regards,
>
> Rob C
|