Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle NULL vs '' revisited

Re: Oracle NULL vs '' revisited

From: <>
Date: Tue, 21 Aug 2007 14:49:42 -0700
Message-ID: <>

On Aug 21, 11:40 am, DA Morgan <> wrote:
> wrote:
> >> Consider this for example. In a US medical environment with patient data
> >> HIPAA, federal law, requires that SELECT statements be audited. We have
> >> been able to do that in Oracle for years. InSQL Serverit is still
> >> impossible. Something that won't be fixed until at least 2009. If I
> >> tried to put together a page of all differences I would need months just
> >> to catalog the differences.
> > I'm sorry you lose again, I suggest you review SQL Trace with the C2
> > option which has been available sinceSQL Server2000.
> Try again:
> "whileSQL Server2000 can indicate which user might have updated a
> table, it cannot capture the actual content of the update. Still,SQLServer2000 does conform with the C2-level auditing required by certain
> government users."
> Next go to:
> and scroll down to:
> "List of Auditable Events"
> If you are going to comment on a product ... take the time to learn
> something about it. According to Microsoft it can not meet HIPAA based
> on what is published on their website.
> --
> Daniel A. Morgan
> University of Washington
> (replace x with u to respond)
> Puget Sound Oracle Users

These are always such fun.

You said:

"...requires that SELECT statements be audited. We have been able to do that in Oracle for years. InSQL Serverit is still impossible..."

And now you want to have a conversation about updates. I never said that C2 was the answer to HIPAA I said it was the answer to select audits. If you want to discuss a HIPAA solution, thats going to involve trace and some other technologies, its a bit ugly depending on the implementation and in fact C2 would likey be overkill for HIPAA but as I am not a HIPAA expert I can't comment. There is however which is an elegant solution for SQL Server, Oracle and others (which I noticed you dropped in your reply) and mentions HIPAA specifically.

Needless to say there are plenty of orgs using SQL Server that are subject to HIPAA, just as I am sure there are plenty using Oracle, DB2 and other database platforms.

I'm willing to acknowledge that Oracle and IBM have a place in the database industry and that my lack of knowledge and experience with them in recent years means I should refrain from commenting deeply on their functionality/solution areas, it seems once again you are unwilling to take the same position regarding SQL Server.

As always looking forward to the next round.

-Euan Received on Tue Aug 21 2007 - 16:49:42 CDT

Original text of this message