I have completed many successful SharePoint migrations using the database attach method but increasingly seeing the benefits of starting fresh with a new install/configuration and performing manual content migration targeting specific content and bulk tagging on the destination site map. Interested in what others are experiencing in the way of database upgrades verses manual content migrations and third party migration tools.
Increasingly hearing from customers questions on storing Protected health information or PHI in SharePoint 2013 and Office 365. Yes, there is a roadmap and implementation guidelines you can follow to store PHI in SharePoint and maintain compliance with HIPPA requirements.
Microsoft has made information available on their vision for PHI in SharePoint. I am providing a summary here in case your organization is evaluating SharePoint 2013 and Office365 available features.
Protected health information or “PHI” “PHI” is a subset of health information, in any media, including demographic information collected from an individual, that is: created or received by a healthcare provider, health plan, employer, or health care clearinghouse; relates to an individual’s health, provision of health care to the individual, or payment for the provision of health care; and identifies an individual or could reasonably be used with other available information to identify an individual. is not specifically excluded from the definition of PHI (generally, education, and employment records are excluded from HIPAA coverage)
PHI includes many common identifiers, such as name, address, and Social Security Number, and can be in any form or media, whether electronic, paper, or oral.
Understanding PHI on SharePoint 2013
Only certain data sets, however, are designated with the appropriate level of security and privacy to comply with the HIPAA security requirements, as described above.
Microsoft strongly recommends that you train your personnel to input PHI only into the appropriately secured and designated areas.
The following data-sets or repositories are suitable for uploading PHI:
PHI Recommended Data Types
- Email body
- Email attachment body
- SharePoint site content
- Information in the body of a SharePoint file
- Lync presentation file body
- IM or voice conversations
- CRM entity records
Examples of data-sets or repositories not suitable for inclusion of PHI:
- Email headers, including “From”, “To”*, or “Subject Line”
- Filenames (including filenames of any attachments or uploaded documents on any Service)
- URLs, or any public SharePoint websites
- Account, billing, or service configuration data
- Internet domain names (e.g., “fabrikam.com”)
If like me you may have been accustomed to drag/drop a DLL into the GAC and finding doesn’t work in Windows Server 2012? There are a number of solutions but sharing a Powershell script I have found useful for this purpose.
From SharePoint Powershell console:
[System.Reflection.Assembly]::Load(“System.EnterpriseServices, Version=22.214.171.124, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a”)
$publish = New-Object System.EnterpriseServices.Internal.Publish