Apr 23, 2014 08:24 AM|Illeris|LINK
MS Dynamics NAV uses the same dbase for multiple companies. Not exactly the best multi-tenancy example you can find on the market :-).
The HIPAA (and others such as Sox, ...) test on data isolation. In practice this means they check if ever customer has it's own data, separated from the others. Then they check if the security model applied over all data sources assures isolation. This can
be done by using dbase specific accounts (at dbase level, but also from connection strings in your application), and by checking how & if encryption is applied.