0

My question is mostly theoretical, but if I have an application (for example for a private clinic) which stores their patient's health information (HIPAA), accepts payments with cards and stores payment history (PCI-DSS), and stores other information not related to any of that compliance, should I use 3 separate databases instances in that case or have 1 database instance with 3 different databases?

Suppose that AWS RDS PostgreSQL/MySQL is suitable for all of the cases. I understand that having 3 separate database instances gives some benefits like independent DB scaling, maintenance windows, version upgrades, etc, but this will significantly increase costs.

Having this, what would your suggestion, should I use 1 DB instance with 3 databases inside or better to use 3 separate independent DB instances? Unfortunately, I haven't found any statements about the real need for that separation, please point me to the link if that's really mentioned somewhere.

jumpy
  • 317
  • 1
  • 12
  • What do you think you would gain by keeping them separate? – Bobson Mar 13 '20 at 03:03
  • @Bobson I will get an ability to adjust scaling (instance size) of those DBs independently, the ability to do all of the maintenance work on one DB without affecting others. But the question is not about the procs/cons of separation, the question is does HIPAA or PCI-DSS **enforce** us to have their data in a separate DB instance? – jumpy Mar 13 '20 at 11:59

0 Answers0