Configuring PostgreSQL to meet HIPAA’s privacy and security rules through encryption, auditing, and access controls.
HIPAA requires confidentiality, integrity, and availability of Protected Health Information (PHI). In PostgreSQL this translates to strong authentication, at-rest and in-transit encryption, fine-grained access, auditing, and backup policies.
Enable full-disk encryption (OS level) or use Transparent Data Encryption (cloud-provider). For column-level protection, install pgcrypto
and store ciphertext in sensitive columns.
Use PGENCRYPT
/PGP_SYM_ENCRYPT
to encrypt and PGP_SYM_DECRYPT
to read. Rotate keys regularly and store them in a Hardware Security Module (HSM) or cloud KMS.
Force SSL/TLS by setting ssl = on
in postgresql.conf
. In pg_hba.conf
, use hostssl
entries only.
Create least-privilege roles: app_reader
, app_writer
, and auditor
. Revoke default public privileges and grant explicit SELECT/INSERT rights on necessary tables.
Enable RLS on PHI tables so users see only authorized rows. Combine with session variables to filter by customer or organization.
Use pgAudit
to log SELECT, INSERT, UPDATE, and DELETE on PHI tables. Send logs to a centralized, immutable store such as AWS CloudWatch or Splunk.
Schedule base backups plus WAL archiving to an encrypted object store. Test restores quarterly and keep a documented Disaster Recovery plan.
• Force TLS
• Encrypt sensitive columns
• Enable RLS
• Use pgAudit
• Rotate credentials and keys
• Test backups
• Sign a Business Associate Agreement (BAA) with hosting provider
A BAA is required only with third-party services that may access PHI. For self-hosting on your own servers, document administrative safeguards instead.
pgAudit adds minimal overhead for typical OLTP workloads. Use the "write" filter and exclude large reference tables to keep logs lean.
Yes. Replicate ciphertext. Ensure the target has the same key management and access controls before decrypting.