Develop products in HIPAA-compliant cloud infrastructure
Implement secure, scalable and fully HIPAA compliant cloud infrastructure without having to establish in-house technical teams and manage all aspects of healthcare regulations
HIPAA Compliant Cloud Infrastructure is a customizable solution, which allows to rapidly provision healthcare solutions on AWS. Built as a highly scalable, readily available, and secure infrastructure, it is reinforced through complementary services for access control, monitoring, reporting, and auditability.
Not only does the solution help migrate HIPAA-compliant systems to the cloud, but it also provides a solid background for developing HIPAA solutions from scratch.
Flexible and easily customizable, the HIPAA Compliant Cloud Infrastructure solution can simplify and accelerate the migration of your on-premises infrastructure and workloads to the cloud.
How it works?
HIPAA Compliant Cloud Infrastructure is delivered as a CloudFormation template.
The infrastructure consists of four separate organizations that are hosted in four different accounts, as recommended by the security guidelines of the AWS Well-Architected Framework. These accounts are DEV, PROD, Management, and Root env.
HIPAA Compliant Cloud Infrastructure can be customized to meet the goals and requirements of your application. AWS services for AI/ML, Big Data, Analytics, IoT, etc. can be added in line with the project objectives.
Used for billing and role-based access control in the organization. It does not contain any resources.
Used to collect and audit CloudTrail logs. If required, it can support instances and buckets for data management, resource management, and network access control. It contains a CI/CD server based either on CodePipeline or on third-party solutions, such as CircleCI, Gitlab, Jenkins, etc. To display the account’s stats in the BI dashboard, Amazon QuickSight is used.
Used as a limited access environment; engages with the customer data and the current version of the application. The app’s fundamental design is based on ELB (load balancing and BLUE/GREEN deployment with 0-downtime upgrade). Amazon EKS orchestrates the app in containers while Amazon RDS with HA replicas is used as a data layer. The app’s logs are saved and stored in Amazon CloudWatch, with audits done in Amazon CloudTrail, AWS Trusted Advisor, and AWS Lambda. Alerts and notifications are managed with Amazon SNS. To monitor and track sensitive data stored in Amazon S3 bucket, Amazon Macie is utilized.
Used as an environment almost identical to PROD. Unlike PROD, however, it does not contain any customer data, and it is used strictly by software developers and QA engineers assigned to the project.
Comprehensive reference architecture
for resiliency, availability, and scalability
Incident Response Procedure
Policies and Procedures