couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cory Zue <>
Subject Re: Health care software utilizing CouchDB
Date Tue, 01 Nov 2011 13:48:17 GMT
On Mon, Oct 31, 2011 at 10:17 PM, Nolan Darilek <> wrote:
> What encrypted volume are you using?

Ecryptfs. [1]

We've had pretty solid performance with it, although haven't yet
reached the scale where we might have to worry more about performance.
The major downside is that you need to manually mount the drive in the
case of a reboot which can be problematic if people with the
credentials aren't around. This is only a small piece of the HIPAA
puzzle, but does provide the "encrypted at rest" and "protection if
the server walks away" bits.


> I'm actually not using CouchDB (I had an app based on MongoDB) but the NoSQL
> solutions seem to be lagging behind in things like database encryption. I
> wanted to go with the encrypted volume approach, but finding one that is up
> to HIPAA/HITECH spec was confusing for someone running a small business
> targeting a niche market of mostly solo practitioners.
> On 10/31/2011 02:43 PM, Cory Zue wrote:
>> My organization supports many healthcare applications on CouchDB
>> including multiple that are HIPAA compliant. We store our entire
>> database on an encrypted volume and setup ssh-tunnels for encrypted
>> replication. We have found that the schemalessness of couch is a big
>> win when dealing with health protocols and systems.
>> Cory
>> --
>> Cory L. Zue
>> Dimagi, Inc
>> On Mon, Oct 31, 2011 at 3:06 PM, Alexander Shorin<>
>>  wrote:
>>> On Mon, Oct 31, 2011 at 7:38 PM, Manor Lev-tov<>
>>>  wrote:
>>>> Hello,
>>>> I was curious if anyone here has experience or knows of any company that
>>>> has written an electronic medical record system or any other health care
>>>> related software using CouchDB as the data store?
>>>> Thanks,
>>>> Manor
>>> Working on frond-end for Laboratory Information System based on
>>> CouchDB. Front-end includes: application server, reports, data
>>> collaboration, point of integration with other companies etc. It
>>> perfectly fits to these tasks and could even more (e.g. mobile client
>>> that allows you, as patient, to access your analysis result
>>> everywhere). No success story yet, but all works fine for now(:
>>> --
>>> ,,,^..^,,,

View raw message