Besides of implying safeguards to protect patient privacy such as the HIPAA regulations , there are other measures to protecting and keeping patient medical records confidential . Other practical measures I would take to ensure database security is to limit access to the records . For example , IT department does n't require having access to patients ' record as part of their jobs or to fix any IT issues . After determining the access privileges for each user , as the DBA , I would create security policies and procedures , obtain management approval of the policies and procedures and distribute them to authorized users . The last approach I would have is relying on the security features provided by the DBMS , monitoring database usage to detect potential security violations . This will help me to identify who breached security , how the violation occur and preventing a similar violation in the future .