开发者

WCF netTCPBinding Built-in Transport Security Strength and HIPAA Compliance

开发者 https://www.devze.com 2023-02-11 02:35 出处:网络
What is the strength of the default TCP transport security using WCF netTCPBinding?Is it HIP开发者_运维问答AA compliant and where is documentation stating this?HIPAA compliance only says what, not how

What is the strength of the default TCP transport security using WCF netTCPBinding? Is it HIP开发者_运维问答AA compliant and where is documentation stating this?


HIPAA compliance only says what, not how. HIPAA requires you to prevent the data from being read in transit. It must be encrypted in some way that makes it non-trivial to decrypt.

From the HHS web site (http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html):

Transmission Security. A covered entity must implement technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network.

The safest bet is to use the maximum security that the netTCP binding offers, which is SSL over TCP and message authentication:

NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.TransportWithMessageCredential; 

You'll want to review the guidance on MSDN about Transport and Message security. There are also many great posts here on SO about configuring security with the netTCP binding.

Be sure to check with your legal department on your company's particular rules on transmitting e-PHI.

To answer your question, when configured correctly, the netTCP binding can securely encrypt traffic, which can meet the Transmission Security requirement.


netTCPBinding is an appropriate system-provided choice for communicating over an Intranet. The default configuration for the NetTcpBinding is faster than the configuration provided by the Htpp bindings.

On another note, I am not sure whether it is HIPAA compliant or not.

0

精彩评论

暂无评论...
验证码 换一张
取 消