First published on MSDN on Feb 24, 2010
Aside from PCI, I probably hear more about HIPAA compliance (the Health Insurance Portability and Accountability Act) from our customers than other regulations. Although there is no formal certification around HIPAA at this point, health care providers still have a legal requirement to comply with the regulation. If you fall in this bucket, you might want to look at this whitepaper published by Jefferson Wells,
http://www.jeffersonwells.com/mssql2008hipaa
where they descibe HIPAA compliance with SQL Server 2008. There's also an associated webcast that you can watch,
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032441700&Culture=en-US
.
Hope this helps.
Il-Sung Lee
Program Manager
SQL Server Engine Security
