Creating a HIPAA-Compliant Environment
A US-based healthcare start-up was facing challenges in maintaining a secure cloud infrastructure as per compliance standards. It was also facing problems in protecting sensitive PHI.
Business Challenge
The client needed to deploy a cloud solution that can enable infrastructure audit trails, support HIPAA- compliant infrastructure on the cloud, address security concerns with regard to sensitive PHI, and bring about cost-sensitive deployment.
Technology Components
Encrypted database – AWS RDS
Cloud API log – Amazon Web Services (AWS) CloudTrail
IP whitelisting – AWS VPC Security Group
Host-based firewalls – iptables
HTTPS – SSL Certificates
Approach
Directly imported available patient and pharmaceutical data into database.
Developed function to directly fetch data from health devices and feed into the system.
Created necessary interface for medical practitioners to upload data on day-to-day basis.
Dedicated compute resource for analytics to be deployed in final/ go-live version.
Transformational Effects
HIPAA-compliant AWS services used to set up infrastructure.
Deployed multiple levels of security to protect sensitive data.
Consolidated services to reduce cost.
Migrated and hosted solution on supported and managed application stack.
Maintained infrastructure audit trails using AWS services.