Does anyone know what level of encryption Access 2003 supports?  We set our
database to encrypted but needed to report on the level of encryption that it
provides

Is anyone using Access 2003 for a HIPAA related project?  Is Access 2003
HIPAA complient when using a database password and encryption?

Regards,

Rob C

Access uses RC4 encryption with a 32-bit key which is stored in the header
of the file.  It is often referred to as "encoding" rather than "encryption"
because it is always fully reversible since the encryption key is always
available (no matter if you apply ULS or not).

It is certainly not an effective means of protecting your data - sure, it
will stop your average Joe from opening the file in a hex editor and seeing
your data (...until he finds the free tool on the net to remove the encoding
instantly...)

The database password and encryption are totally seperate mechanisms in all
versions of Access prior to 2007.  In Access 2007 the database password is
now used as the "key" for the encryption and therefore is much more
effective at protecting your data with a single password.  Obviously this
doesn't help you too much since Access 2007 is only available as beta
software at the moment.

IMO it would not be wise to use Access in this case (well, specifically the
Jet database engine).  You could offer much tighter security/encryption with
a server based database.

I don't know (and can't comment on) the specific requirements for HIPAA, but
I do know that some of our clients send us Access databases for repair
asking for NDAs to be signed in advance since their data is under HIPAA.

HTH

Wayne Phillips
http://www.everythingaccess.com



Show quoteHide quote

How Do I Prevent Access 2003 Crash when using Digital ID & Library
User level security 2002 / 2003
Permissions Help
Unsecuring a secure Access Database?
Design Master security
digital signature trouble
Providing logins for users and filtering records based on users
Backend DB Password
access security
Is there a way to set up an audit tracking in Access?