Creating a HIPAA-Compliant Environment
A US-based healthcare start-up was facing challenges in maintaining a secure cloud infrastructure as per compliance standards. It was also facing problems in protecting sensitive PHI.
Business Challenge
The client needed to deploy a cloud solution that can enable infrastructure audit trails, support HIPAA- compliant infrastructure on the cloud, address security concerns with regard to sensitive PHI, and bring about cost-sensitive deployment.
Technology Components
-
Encrypted database – AWS RDS
-
Cloud API log – Amazon Web Services (AWS) CloudTrail
-
IP whitelisting – AWS VPC Security Group
-
Host-based firewalls – iptables
-
HTTPS – SSL Certificates
Approach
-
Directly imported available patient and pharmaceutical data into database.
-
Developed function to directly fetch data from health devices and feed into the system.
-
Created necessary interface for medical practitioners to upload data on day-to-day basis.
-
Dedicated compute resource for analytics to be deployed in final/ go-live version.
Transformational Effects
-
HIPAA-compliant AWS services used to set up infrastructure.
-
Deployed multiple levels of security to protect sensitive data.
-
Consolidated services to reduce cost.
-
Migrated and hosted solution on supported and managed application stack.
-
Maintained infrastructure audit trails using AWS services.
