Lots of acronyms but this is a simple high level article. Today, we will be discussing the creation of a HIPAA (Health Insurance Portability and Accountability Act) compliant HA (Hyper Availability) architecture on the AWS (Amazon Web Server) platform. On the surface, this may seem impossible considering that AWS is a cloud service; however, we will show you how its being done by major companies today.
Typically, you would want to have an on premises or at least a virtual dedicated server to implement the various checks and balances to achieve HIPPA compliance. However, this article focuses on the new world of Cloud computing and how today’s enterprise healthcare companies are staying compliant.
AWS CLOUD
AWS is a cloud server solution owned by Amazon. In short, it provides servers on demand that may be shared with other customers. On the surface, the concept of a shared server defies the idea of protecting sensitive data; however, AWS separates and protects your information from others. In fact, you are not aware of how the server is being segmented and utilized beyond your instance.
AWS has lots of features which you can select and customize to fit the specific needs of your infrastructure. So logically, the process of planning, starts with designing your system and selecting the Amazon features which best facilitate your needs. Questions like which region/location the servers should be, performance stats of the servers, and the amount of servers needed are just some of the questions that need to be answered before you start sending your companies money to amazon.
HIPAA REGULATIONS
This US government regulation has to do with protecting the information of health patients like PPI (personal patient information) and PHI (Personal Health Information). It provides details regarding what is expected from a health institution regarding the storing and access of people’s health information. Fines are large for violation and all healthcare companies are governed by it. Ultimately, if not in america, your country probably has something like this e.g. Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada.
When it comes to storage, AWS provides a HIPAA compliant option in the form of their encrypted database solution RDS and filesystem S3. Together, they provide the storage features necessary to facilitate the requirements of HIPAA. These are configured into your AWS portal and you are charged monthly for their use.
HYPER AVAILABILITY
This is the new fancy term for server instances with 100% uptime. If you spend large sums of money on attracting customers, provide a service that must always be available, you need a HA setup. Ultimately, your servers should never go down baring an actual hacking attack.
How is this possible you may ask, well its actually fairly simple and lots of providers are beginning to offer HA via AWS. Quite simply, AWS offers the ability to have EC2 server instances available in case your server goes down. Monitoring of the failure and the response, can be programmed into AWS (route 53) which is their DNS (Domain Name Server) management tool. In short, route 53 can be configured to continually check your servers, remove a server which isn’t performing, switch to a new server, and spool up a new standby server
CONCLUSION
Anyone can setup a HIPAA regulated HA architecture on the AWS infrastructure. If your represent an healthcare provider and you are interested in having our team review your current setup, contact us today. Our AWS and HIPAA experts are available to help you from planning through to maintenance.