Skip to main content

Compliance Auditing

Overview

The explosion of information technology and the storage of electronic data have led to several recent laws, in the United States and abroad, regulating the disclosure of information. In the U.S., the Health Insurance Portability and Accountability Act restricts the ability of health care institutions to disclose patient data. Similarly, the Gramm-Leach-Bliley Act limits the ability of financial institutions to disclose customer data. Japan, Canada, Australia, and the EU have also passed laws restricting the disclosure of private information. Accordingly, there is a global need for a technical solution to verify compliance with legislation.

The Hippocratic Database (HDB) Compliance Auditing application, called Eunomia (formerly known as PACT), enables companies to verify compliance with data disclosure laws, company policies and customer preferences. Eunomia consists of two components: (1) a logical logging system that records all queries and changes to the database, and (2) an audit tool that reconstructs the state of the database at any given time and provides detailed audit trails that specify the user, recipient, purpose, time and exact (cell-level) information disclosed for any particular database query. Eunomia has a significant performance advantage over auditing applications that log query results because it employs the superior computing power of the database, logs only necessary information; and defers all computation until audit time.

[an error occurred while processing this directive]