AWS Partner Network (APN) Blog

Recap of Healthcare and Life Sciences Week on the APN Blog

by Kate Miller | on | in Healthcare, Life Sciences | | Comments

Last week we hosted our first Healthcare and Life Sciences Week on the APN Blog as a lead up to HIMSS 2017. Throughout the week, we featured content from AWS subject matter experts and APN Partners. A number of posts detailed how Healthcare and Life Sciences Competency Partners are innovating within the space on AWS. Check out all of the posts from the week:

What other topics would you like our Healthcare and Life Sciences subject matter experts to write about this year? Tell us in the comments section!

Concluding Healthcare and Life Sciences Week on the APN Blog

by Oxana Pickeral | on | in Healthcare, Life Sciences | | Comments

By Oxana Pickeral. Oxana is the Global Segment Leader for Healthcare & Life Sciences at AWS.

As our Healthcare and Life Sciences Week draws to a close, let’s take a look back at some of the highlights of the week and what we are looking forward to heading into HIMSS. We will also share some best practices to help you scale your business as an APN Partner.

Highlights of the week

By sharing some of our Healthcare and Life Sciences Partners’ success stories and know-how this week, we hope you’ve gotten a feel for some of the global technology advancements taking place in this life-changing industry. And this was just a snapshot of the great work being done by our Healthcare and Life Sciences Competency Partners and AWS Customers. Let’s recap all of the posts that we published during the week:

Healthcare and Life Sciences Partners and AWS Customers are consistently building innovative solutions and launching business transformation initiatives on AWS. Our focus on security and compliance helps foster this transformation by providing a secure, robust, and scalable infrastructure on which our customers can architect for their specific security and compliance requirements per the Shared Responsibility Model. Furthermore, Healthcare and Life Sciences Competency Partners can bring both deep expertise and technical proficiency to help accelerate customer innovation. Our healthcare and life sciences customers can then focus on what they do best whether that be discovering new cures or modernizing health care delivery.

As the pace of innovation accelerates, we look forward to experimenting together – be that through testing blockchain for healthcare interoperability, IoT as an integral component of a medical device, or voice-based applications that reduce the friction of processing healthcare content.

Growing as an APN Partner and driving customer success

As an APN Partner, you can utilize a number of business, technical, and marketing resources through the APN as you build your solutions, go-to-market, and look for new opportunities to engage customers. We recommend that you visit the APN Portal to explore a number of these benefits and to get started. While each company’s path is unique, here are some common best practices we recommend for building a successful APN practice:

  1. Demonstrate commitment to your AWS customers. Invest in your AWS-based practice, take advantage of AWS Training and Certification, and focus on your customers and their needs above all else. We recently published a guest blog from Advanced APN Technology Partner Splunk that speaks to this in detail. Click here to read Splunk’s advice for building a strong APN Partner practice.
  2. Differentiate your capabilities. Think about how you may be able to differentiate to customers and help them easily identify your firm based on expertise by earning the AWS Healthcare and/or Life Sciences Competencies. More information on how to earn a Competency can be found here.
  3. Share your insights. You have deep knowledge of your customers’ needs. Let us know what would help you better serve their needs. What new capabilities are required on AWS, for instance, to help you as you support your customers’ objectives?
  4. Establish your thought leadership. Develop and publish content based on the deep expertise you’ve gained in your respective areas of focus.
  5. Share your success. Capture customer success stories. Customer stories are valuable tools to educate AWS teams on your success as an APN Partner, and to highlight your capabilities publicly to prospective customers. You can find a number of health case studies on AWS here, including Orion Health, who worked with Premier APN Consulting Partner and Healthcare Competency Partner Logicworks to build Cal INDEX, one of the largest health information exchanges in the US.
  6. Help strengthen the healthcare and life sciences ecosystem. Think about how you may be able to develop and publish solution architectures and quick starts that others can use and build upon.
  7. Think big. If demand for your product or service is strong, what would it take to grow 10x in the next year? Is now the time to expand geographically? Have you considered AWS Marketplace as a way to scale and simplify procurement? What relationships could you potentially build with other APN Partners that could help you speed your growth?

Looking forward to HIMSS

HIMSS17 is less than a week away, and it is a great chance to engage with AWS Healthcare Competency Partners such as Philips, ClearDATA,, and Infor, or to meet with AWS. You can stop by the AWS Booth (#6969) to talk to one of our Solutions Architects, as well as see demos from Infor, GE Healthcare, ClearDATA, and Alexa. And if you are in Orlando early, please join us for the first HIMSS Cloud Forum, an educational pre-day sponsored by AWS (registration required through HIMSS). Looking forward to seeing you in Orlando!

Let us know what other topics you would like to see on our blog throughout the year. You can also share your feedback by e-mailing us at And let’s continue to innovate together on behalf of patients and families around the globe!

The content and opinions in this blog are those of the author and is not an endorsement of the third-party products discussed. AWS is not responsible for the content or accuracy of this post. This blog is intended for informational purposes and not for the purpose of providing legal advice.

It’s Day One For Our Healthcare and Life Sciences Partners – Looking Ahead to 2017

by Aaron Friedman | on | in APN Competency Partner, AWS Marketplace, AWS Partner Solutions Architect (SA) Guest Post, Big Data, Healthcare, IoT, Life Sciences | | Comments

Aaron Friedman is a Healthcare and Life Sciences Partner Solutions Architect with Amazon Web Services

Over this past week, we’ve seen how many of our Healthcare and Life Sciences Partners architect compliant workloads on AWS (and these were just a couple of highlights from our Healthcare and Life Sciences Competency Partner base!). I’m continuously impressed at the innovative ways our Healthcare & Life Sciences Partners are raising the bar to deliver meaningful solutions across the healthcare and life sciences spectrum to their customers.

As we commonly say here at AWS, it is still Day One. I have found that this saying is extremely applicable to our APN Partners. Just as we are rapidly innovating to meet the needs of AWS Customers and APN Partners, so too are our APN Partners innovating with a goal to deliver the best possible experience to their customers on AWS. This week, we had the pleasure of profiling a number of APN Partners in the healthcare and life sciences space to learn exactly how they take advantage of AWS to drive customer success. Let’s take a look back at these posts now.

As we begin to close out this week, I’d like to tell you about a few more of our Healthcare and Life Sciences Partners and their Day One outlook for 2017. It should be a great year to be a Healthcare and Life Sciences Partner with AWS!


For the last 17 years, Medidata Solutions has been collecting, storing, managing and analyzing clinical trial data. Working with approximately 800 life sciences customers, the cloud-based company has amassed one of the largest sets of clinical data assets in the world. “As Medidata has grown, our relationship with AWS has become increasingly important,” says Pramod Somashekar, Senior Manager, Data Science at Medidata. “Instead of focusing staff time and energy on infrastructure support, AWS allows us to put our efforts into deploying new apps—ultimately meeting and exceeding the needs of our customers.”

A key focus area for Medidata, an AWS Life Sciences Competency Partner, in 2017 will be expanding its Clinical Trial Genomics solution, which links patients’ genomic data to their clinical trial records. This solution holds real promise for the life sciences industry, as genomic data can be mined for biomarkers that improve clinical trial inclusion and exclusion criteria, patient randomization, adaptive prevention, and the identification of new precision therapies. Launched at re:Invent 2016, AWS Step Functions has helped Medidata coordinate large-scale distributed genomics applications. “For true real-time clinical trial genomics analyses, we are required to take a single genomic sample and run that through a maze of complex processing pipelines and workflows to get an end result. With Step Functions, our main project focus and planning has shifted from ‘how do we chain and coordinate these processes together’ to ‘what do we want this thing to do’. That is a really powerful shift,” says Pramod. “Using AWS has given us a lot of flexibility, helping us tune products and conduct pilots faster.”

We featured Medidata on the APN Blog this past August. Check it out here.

Sturdy Networks

Sturdy Networks is a APN Consulting Partner who holds both the AWS Healthcare and IoT Competencies. Naturally, the team at Sturdy is very excited to continue the convergence of these two disciplines. “Sturdy is most excited about the intersection of healthcare and IoT,” says Tolga Tarhan, CTO. “We’re working with medical device manufactures to connect devices to the cloud and enable entirely new classes of devices that can leverage the computing power of the AWS Cloud. We believe this will help to deliver better experiences to medical professionals, and better outcomes to patients.”

In 2017, Sturdy is most excited to see where the intersection of IoT, medical devices, and big data meet in the cloud. From what Sturdy has seen, for the last few years, an increasing number of medical devices have been connecting to the cloud. Initially this connectivity was used for what Sturdy refers to as “ecosystem” apps: things that weren’t core to the medical device, but formed an ecosystem around it, such as mobile apps.

Recently, Sturdy has started to see more and more instances in which a core part of a medical device was cloud-powered. Sturdy Networks believes that the Internet of Medical Things has the potential to disrupt how we practice medicine by providing high-resolution longitudinal quantification of our health. Take for example the ability to add cloud-based intelligence to a device that diagnoses a particular condition. In what ways could cloud-powered Big Data solutions lead to more accuracy and improve diagnostic results?

With device connectivity becoming ubiquitous, Sturdy is very excited to help customers leverage AWS IoT and big data offerings deliver new healthcare solutions to the market.


Syapse’s goal is to transform healthcare with precision medicine. Having developed its precision medicine platform on AWS, Syapse, an AWS Healthcare Technology Competency Partner, is able to focus on scaling the company’s differentiated precision medicine platform and provide additional value to its healthcare customers. “In order to scale our infrastructure to meet the needs of our business, we have focused heavily on templatizing all of our infrastructure-as-code,” says Nick Steel, Syapse’s Director of Cloud Operations. “In 2017, one of our key focuses is on continuing to optimize our continuous integration and continuous delivery approach for both our software as well as the environment in which it runs. Not only does this help us from a compliance standpoint, but we are able to quickly deploy our platform for new customers, which helps us ensure that our technology can scale with our business, both domestically and internationally.”

One of the additional benefits of infrastructure-as-code is an increased pace of innovation. After AWS announced HIPAA-eligibility for Amazon RDS for PostgreSQL at re:Invent 2016, Syapse was able to quickly integrate this managed database service into its platform. By testing each component independently and then making the appropriate updates to their Terraform configurations, the Syapse team tells us they are able to quickly adopt new HIPAA-eligible services and further enhance the platform. “We’re excited every time AWS adds new HIPAA-eligible services to their program,” says Nick. “Each time a new service is added we find that we can further accelerate our pace of innovation.”

Syapse was featured on the AWS Blog last February in a post entitled, “How The Healthcare of Tomorrow is Being Delivered Today” – read it here.

Connect with Healthcare and Life Sciences Competency Partners on AWS


AWS Healthcare Competency Partners have demonstrated success in building solutions for healthcare payers and providers that securely store, process, transmit, and analyze clinical information. Working with these Competency Partners gives you access to innovative, cloud-based solutions that have a proven track record handling clinical data.

Consulting Partners:

  • 8KMiles
  • ClearDATA
  • Cloudticity
  • Cognizant
  • Connectria Hosting
  • CorpInfo
  • Flux7
  • G2 Technology Group
  • Logicworks
  • Mobiquity
  • Sturdy Networks

Technology Partners:


Clinical Information Systems

  • Calgary Scientific
  • Practice Fusion
  • Syapse

Population Health & Analytics

  • QuintilesIMS
  • Philips

Health Administration

  • Appian
  • Captricity
  • Infor
  • Pegasystems

Compliance Services

  • Aptible

Life Science Competency Partners help you conduct drug discovery, manage clinical trials, engage in manufacturing and distribution activities, conduct research and development of novel genetic-based treatments and companion diagnostics.

Consulting Partners:

  • 2nd Watch
  • 8KMiles
  • BioTeam Inc.
  • Booz Allen Hamilton
  • Cognizant
  • Flux7
  • G2 Technology Group
  • HCL
  • Infosys
  • Mobiquity
  • REAN Cloud
  • Wipro

Technology Partners:

  • Appian
  • DNAnexus
  • Core Informatics
  • Cycle Computing
  • Medidata
  • Seven Bridges Genomics
  • Syapse
  • Turbot


Healthcare and Life Sciences Partners are constantly developing innovative solutions for healthcare and life sciences on AWS. And as you can see, we highlight companies with proven expertise and customer success in these areas through our AWS Competency program. I also want to highlight that today marked the launch of the Healthcare & Life Sciences Category on AWS Marketplace. Through this category, you can find solutions from clinical information systems for healthcare organizations to molecular modeling tools for life science companies that you can procure through AWS Marketplace. Learn more here.

Will you be at HIMSS? Comment below, and please be sure to stop by booth #6969 and chat with us and some of our Healthcare Partners next week. I hope to see you there!

The content and opinions in this blog are those of the author and is not an endorsement of the third-party products discussed. AWS is not responsible for the content or accuracy of this post. This blog is intended for informational purposes and not for the purpose of providing legal advice.

How Cloudticity Uses Automation to Scale Healthcare Solutions

by Aaron Friedman | on | in APN Competency Partner, DevOps on AWS, Healthcare, Life Sciences | | Comments

Aaron Friedman is a Healthcare and Life Sciences Partner Solutions Architect with Amazon Web Services

“Don’t automate what you don’t yet understand” is one of the best pieces of software development advice anyone has ever given me. When tackling a new problem, you will often follow the same general process. First, you dive deep into the problem and understand the requirements. Next, you identify what tools can help you solve it and build out a proof-of-concept. Lastly, you fully automate your solution.

In my opinion, achieving automation is a strong demonstration that you’ve developed expertise in how to build a solution, and AWS Healthcare Competency Partner Cloudticity is an expert in building healthcare solutions. Cloudticity builds, migrates, and manages HIPAA workloads exclusively on AWS. In addition to its Healthcare Competency, Cloudticity has also demonstrated proficiency in DevOps and Managed Services on AWS, achieving the AWS DevOps Competency and becoming an AWS Managed Service Provider as well. By focusing heavily on automation, Cloudticity has been able to scale their customer base at a much faster rate than their team size, while continuing to remain laser-focused on the customer experience.

When building healthcare solutions, you must remain compliant with governmental regulations and protecting health information is always of utmost importance. Cloudticity dove deep with each of their customers, and they realized that the solutions they implemented for each of their customers all followed the same best practices in security, reliability, performance efficiency, cost optimization, and operational excellence (please see our Well Architected Framework for more information). As Cloudticity’s founder, Gerry Miller, put it, “Since all our customers are stewards of HIPAA Protected Health Information (PHI), they all share the need to encrypt these data both at rest and in transit, and to follow federal standards for information protection. By automating the implementation and monitoring of these solutions, we help play a crucial role in enabling continuous compliance.”

Using ISVs + AWS to deliver a fully automated end-to-end managed services platform

“Our core perspective changed from ‘How do I solve this customer problem?’ to ‘How do I create a tool to solve this customer problem?’”, says Gerry. From this, the company’s managed services platform, Cloudticity Oxygen™, was born. In diving deep with them, I was particularly struck by how they weave together solutions from many of our ISVs such as New Relic APM, Trend Micro Deep Security, and CloudCheckr, with native AWS services like AWS CloudFormation, Amazon API Gateway, and AWS Config to deliver a fully automated end-to-end managed services platform for healthcare. Cloudticity says that they have a rigorous vendor selection process to ensure that only technologies that raise the bar on the customer experience are a part of their Oxygen platform.


By automating the principles of DevSecOps in the AWS Cloud, Cloudticity has built in traceability and auditability into every part of their solution. Treating everything (both software and infrastructure) as code, Cloudticity has been able to move towards a goal of continuous compliance. Cloudticity’s solution is designed so that every code check-in is automatically logged, tested, and traced, so they are able to consistently monitor whether they are meeting the guidelines set forth in HIPAA regulations.

Automation improves the customer experience

One of the byproducts of this deep level of automation is more predictable and reliable performance of the platform for Cloudticity’s development team. The same is seen for their customers as well. According to Gerry, “Once we automated everything, we saw support tickets that required manual intervention drop drastically. We began delivering resilient systems that didn’t fail, even if, at times, individual components did.” By embracing high-availability principles, such as self-healing architecture and disposable infrastructure, Cloudticity’s customers are not affected by component failures. The team does this by leveraging tools such as:

  • Multi-AZ (Availability Zone) infrastructure deployments
  • Self-healing systems managed by Auto Scaling Groups
  • Bootstrapped Amazon EC2 instances that configure themselves upon creation
  • Multi-AZ Amazon RDS deployments that fail over seamlessly
  • CloudFormation and Chef to manage infrastructure using code that can be checked into source control

One of the company’s customers, Valant, partnered with Cloudticity to build a fully automated deployment system. Separating builds from deployments is fundamental to software best practices, and this segregation of duties is required when managing healthcare information. Cloudticity leveraged AWS services such as Amazon S3, AWS Lambda, Amazon Kinesis, Amazon DynamoDB, and Amazon EC2 Systems Manager, coupled with third party tools like Chef and Jenkins, to fully automate the deployment process while enforcing the principle that developers who write the code do not also deploy to production.

Looking Forward

The healthcare market is incredibly diverse, dynamic, and full of opportunity. “Cloudticity has never been more excited to keep driving our vision of making every human on Earth healthier via our work,” says Gerry. By constantly integrating with new AWS services, Cloudticity can continue to focus on providing the best possible customer experience with Cloudticity Oxygen on AWS. Some of their focuses in 2017 include:

Orchestration: The launch of AWS Step Functions to orchestrate complex Lambda-based workflows will enable further automation of complex requirements such as flexible maintenance windows.

Business Intelligence and Decision Support: The addition of Amazon Athena coupled with Amazon QuickSight will allow Cloudticity’s customers to visualize their log data and derive additional insight from their data sources. Integrating Machine Learning capabilities into Cloudticity Oxygen will allow for smarter decision making for their customers.

Customer Service and Communication: Cloudticity plans to use Amazon Lex to enhance integration with tools like Slack by adding natural language processing to Cloudticity Oxygen. By no longer needing to memorize complex commands and parameters, both customers and Cloudticity employees can more easily interact with the Oxygen platform.


Automation is the key to remaining both agile and compliant in regulated industries like healthcare. Cloudticity’s understanding of the technology and processes required to securely manage HIPAA workloads on AWS is reflected in their customer satisfaction in the payer and provider spaces. Their culture of responsibility helps ensure customers like Spectrum Health are able to build agile customer solutions while protecting patients’ health information. The Cloudticity team feels its relationship with AWS is helping change patients’ lives for the better.

Just last week we published a case study on Cloudticity and the company’s journey as an APN Partner. Check it out here.

If you’re interested in learning more about how AWS can add agility and innovation to your healthcare and life sciences solutions be sure to check out our Cloud Computing in Healthcare page. Also, don’t forget to learn more about both our Healthcare and Life Sciences Competency Partners and how they can help differentiate your business.

Will you be at HIMSS? Be sure to stop by our booth #6969! We’d love to meet with you.

Please leave any questions and comments below.

The content and opinions in this blog are those of the author and is not an endorsement of the third-party product.  AWS is not responsible for the content or accuracy of this post.  This blog is intended for informational purposes and not for the purpose of providing legal advice.

AWS Marketplace Adds Healthcare & Life Sciences Category

by Kate Miller | on | in AWS Marketplace, Healthcare, Life Sciences | | Comments

Enabling organizations on AWS with best-of-breed healthcare and life sciences solutions that accelerate scientific discovery, drive insights from clinical data, and improve operational efficiency.

This is a guest post from the Wilson To, Sr. Category Leader – HCLS, AWS Marketplace. 

Healthcare and life sciences companies deal with huge amounts of data, and many of their data sets are some of the most complex in the world. From physicians and nurses to researchers and analysts, these users are typically hampered by their existing systems. Their legacy software cannot let them efficiently store or effectively make use of the immense amounts of data they work with. Additionally, protracted and complex software purchasing cycles keep them from innovating at speed to stay ahead of market and industry demands.  Together, we can change this.

AWS Marketplace helps software vendors reach healthcare and life science organizations by listing their best-of-breed software solutions in a curated software catalog that allows customers to easily discover, evaluate, procure, immediately deploy and manage 3rd party software, enabling customers to innovate faster and reduce costs throughout their organizations. We continue to create new opportunities for AWS Marketplace sellers by adding new industry-specific verticals to AWS Marketplace, such as the addition of the Healthcare & Life Sciences category.

We understand that no single company can solve all of the challenges across healthcare and life sciences – that’s why we want to continue to work with AWS Marketplace Sellers to drive impact across the industry. If you offer a software solution that was specially designed to serve the healthcare and life sciences industry or have a business practice or vertical that creates value for these customers, please let us know so that you can get on board. We have divided our solutions for healthcare and life sciences companies into these sub-categories. Which category does your solution fit into?

Clinical Information Systems

Transactional systems that are used in the provider setting. These solutions capture and document clinical encounters, as well as provide direct patient care.

Population Health & Analytics

Organizational and enterprise solutions that analyze and manage patient, population, quality, and operational data in order to improve cost and quality objectives.

Health Administration

Solutions that address operational requirements of the healthcare enterprise — including revenue cycle management, and ERP.

Healthcare Compliance Services

Consulting services and solutions that assist healthcare organizations with compliance and regulatory support, including system architecture.

Genomics and Research Computing

Solutions designed for high-performance compute and workflow management for scientific workloads, like genomics sequencing, computational chemistry and preclinical development.

Commercial Enablement

Solutions designed to enable coordinated sales and marketing activities, like sales automation, marketing automation, multichannel marketing, etc.

Clinical Trial Management and Product Development

Solutions that assist life sciences customers with managing products through clinical development and commercial launch, including collaboration with contract research organizations (CROs), and patient recruitment.

Manufacturing and Supply Chain Management

Solutions that support manufacturing and supply chain workflows for life sciences and medical technology product manufacturers, including  collaboration platforms for customers, suppliers, and contract manufacturing organizations (CMOs).

Business Intelligence / Analytics

Organizational and enterprise solutions that provide data analysis and visualization technology for business operations, from R&D to manufacturing and alignment.

Life Sciences Compliance Services

Solutions that assist healthcare organizations with compliance and regulatory support, like GxP and pharmacovigilance solutions.


AWS Marketplace also supports Consulting Partners that specialize in healthcare & life sciences. If you fit this profile and want to become an AWS Marketplace Channel Partner, contact Channel programs are also available to support you as you grow your business.

Click here to learn more information about becoming an APN Partner and seller on AWS Marketplace.


More about AWS Marketplace

AWS Marketplace contains more than 5,000 listings across more than 35 categories. It simplifies vendor software solution distribution by providing a platform to manage software licensing and procurement that enables customers to accept user agreements, choose pricing options, and automate the deployment of software and associated AWS resources with just a few clicks. AWS Marketplace also simplifies billing for customers by delivering a single invoice detailing business software and AWS resource usage on a monthly basis.

Achieving Compliance Through DevOps with REAN Cloud

by Aaron Friedman | on | in APN Consulting Partners, AWS Partner Solutions Architect (SA) Guest Post, DevOps on AWS, Healthcare, Life Sciences, Premier Partners | | Comments

Aaron Friedman is a Healthcare & Life Sciences Partner Solutions Architect with Amazon Web Services

When I survey our Healthcare and Life Sciences Partners, one of the common competencies I see is a great foundation in DevOps best practices. By building software in an automated and traceable manner, you are able to more easily determine the “Who, What, Where, and When” of any activity performed in the environment. This determination is a cornerstone for any compliant (HIPAA, GxP, etc.) environment.

REAN Cloud (“REAN”), an AWS Partner Network (APN) Premier Consulting and AWS MSP Partner who is also an AWS Public Sector Partner. The company holds a number of AWS Competencies, including DevOps, Healthcare, Financial Services, Migration, and Government. REAN is a cloud-native firm with deep experience in supporting enterprise IT infrastructures and implementing continuous integration, continuous delivery pipelines. The team routinely implements complex and highly scalable architectures for workloads in highly regulated industries such as Healthcare and Life Sciences, Financial Services, and Government. DevOps principles are core to REAN’s philosophy, and the solutions they develop are bundled with advanced security features to help address clients’ compliance needs ranging from HIPAA and HITRUST through FedRAMP and PCI.

Every solution that REAN builds on top of the AWS Cloud has security and compliance as its top priority. Healthcare and Life Sciences are highly regulated industries and many of its workloads are subject to regulatory requirements such as HIPAA and GxP. There are several common themes that must be addressed in every regulated workload including:

  • Logging, Monitoring, and Continuous Compliance
  • Documentation and Non-Technical Controls
  • Administrative Environment Access and Separation of Duties

In this blog post, I’ll discuss these concepts and discuss how REAN approaches each of these focus areas on the AWS Cloud. Let’s dive a little deeper.

Logging, Monitoring and Continuous Compliance

Tracking how your environment changes over time, and who accesses it, is central to meeting many different regulatory requirements. In order to paint the full picture of what is occurring in your environment, you store application logs, operating system logs and other environment specific logs and performance data. AWS services such as AWS CloudTrail, Amazon CloudWatch, and AWS Config produce and store critical information about your environment that should be organized and retained for potential use during troubleshooting activities or compliance audits. With the AWS Cloud, you can use these services to capture, organize and verify the logs and information that describes the cloud environment itself.

REAN Cloud addresses the challenge of managing all of this log information by leveraging a DevOps Accelerator that they have created called REAN Radar.

Radar ingests logs from many different sources, configures meaningful dashboards of information relevant to the environment being managed, and evaluates that information in the context of well-respected security and compliance frameworks such as Center for Internet Security (CIS) benchmarks. REAN Managed Services uses Radar dashboards to monitor for configuration drift, changes to sensitive data access, misconfigured infrastructure, broken ingest pipes, and numerous other environment specific metrics and measures.


Radar adapts as the environment grows and shrinks – new systems are automatically added to scope as the pipelines are grown, and old components are removed when no longer needed. Radar dashboards can be configured to suit a wide variety of customer requests and are well suited for providing “at-a-glance” visibility for management or governance committees. For example, a dashboard can be created to monitor in real time who has access to a particular set of data – this is very useful for HIPAA environments where monitoring access to protected health information (PHI) is critical.

Documentation and Non-Technical Controls

Documentation and Non-Technical Controls are an important part of the overall compliance story for a system. AWS provides a variety of compliance resources that our HCLS partners can use while addressing regulated workloads. With our Shared Responsibility Model, AWS manages the security of the cloud while customers and APN Partners, such as REAN, manage security in the cloud. For example, REAN, as an APN Partner, and REAN customers might decide to refer to AWS controls (such as for hardware management and physical environment security) and other audits and attestations that AWS has achieved for different services (such as SOC 2 (Type 2) or FedRAMP). AWS Artifact provides on-demand access to many of these audit artifacts, which APN Partners can use in their own system documentation.

REAN Cloud helps customers achieve system compliance by supporting a wide range of activities including the creation of a Cloud Security and Compliance strategy for an entire organization to manual document creation to meet specific compliance needs. In addition, REAN has helped their customers navigate HITRUST audits.

One of REAN’s goals is to apply the same automation principles to the (often manual) documentation creation process by applying a Pipeline-based approach to system and data center deployments. REAN leadership believes that system documentation packages can be automated alongside the environment itself. REAN accelerators are being used to improve speed of delivery and consistency for these important artifacts that demonstrate control of an environment.

As an example, REAN Managed Services uses REAN AssessIT and document accelerators every month to produce security assessment reports for every managed environment. These reports examine over 40 important security best practices and are generated automatically and tailored for each customer to focus on areas that are relevant to their business.


For customers requiring extensive environment documentation packages (such as GxP compliance) REAN is developing a pipeline to tie an entirely automated documentation generation to the automated creation of the environments. Again, REAN continues to develop new technology to maximize the value of documentation and applies a consistent disciplined approach to environment management while striving to minimize the human cycles required to produce such outcomes.

Administrative Environment Access and Separation of Duties

A major piece of any compliance story is the ability to demonstrate control of an environment. Authentication and authorization are central to this process, allowing a user to access the specific data they need. An area of concern for auditors is administrative access in an environment due to the broad permissions generally associated with this role. By using AWS native services such as Amazon VPC, AWS Identity and Access Management (IAM), and Amazon WorkSpaces, REAN helps customers build segregated and secure application environments of any size and scale required while still allowing REAN Managed Services or other Application Support Personnel to keep the environment running and provide support for any incidents that may occur.

REAN embraces the concept of “Control Accounts” when designing healthcare and life sciences application environments. A Control Account is used as a common area for hosting shared services and administrative tools that run against the “Managed Accounts”. Here is a simple example:REAN 4

In this diagram, the Control Account is used to manage:

  • Jenkins and all pipeline deployments into the Dev and Prod accounts
  • Nessus vulnerability scans into the other accounts
  • REAN Radar
  • WorkSpaces for administrative access into the other environments. As REAN manages environments with PHI, WorkSpaces (which is not listed as HIPAA-eligible) is not used to remediate specific situations that involve PHI.


AWS features such as VPC Peering and IAM Cross-Account Roles make this approach possible and allow REAN to focus on hardening the application hosting environments (such as Dev and Prod) to allow only the absolute minimum required permissions and network communication. Governance and oversight can then focus on the Control account to ensure that the applications and services there that are used to support the other environments are locked down and only granted to the required team members.

Benefit to Customers

Ultimately, the benefits that REAN provides with their DevOps principles only apply if there is tangible benefit to their customers. REAN has helped customers across a wide range of regulated industries including Financial Services, Healthcare & Life Sciences, and Government & Education achieve their desired regulatory and technology transformation outcomes on the AWS Cloud.

One such example is how REAN helped Aledade meet their HIPAA goals for their platform. In addition to architecting a solution on the AWS Cloud in accordance with best practices, REAN served as Aledade’s compliance guide. According to Chris Cope, previously the DevOps Lead at Aledade, “REAN Cloud’s staff was a huge help navigating HIPAA/HITECH compliance best practices on approved cloud services. They also had extraordinary attention to detail on security matters and are leaders at defining best practices on AWS.”

In November of 2016, The American Heart Association and AWS announced the launch of the “AHA Precision Medicine Platform”, “a global, secure cloud-based data marketplace that will help revolutionize how researchers and clinicians come together as one community to access and analyze rich and diverse data to accelerate solutions for cardiovascular diseases — the No. 1 cause of death worldwide.”

REAN Cloud, in partnership with AWS Professional Services, worked with AHA leadership to develop and implement the platform on AWS. REAN Engineers have implemented pipeline-driven automated deployments of the entire AHA Precision Medicine Platform and continue to show how security and compliance can move as fast as the development team.

The AHA Precision Medicine Platform leverages REAN Radar dashboards to monitor the environment, the Control Account approach to shared services and administrative access, and the team has established an effective weekly communication plan with AHA leadership to drive priorities. AHA and REAN work jointly to establish proofs of concept, minimal viable solutions, and test these solutions with a series of beta-testers. REAN recently published a case study on AHA that you can read here.


Data sensitivity is central to regulated workloads, and we often focus on how we process, store, and transmit that data. Yet the surrounding components, such as logging and access control, are just as important when building a compliant solution. REAN Cloud and their healthcare and life sciences customers achieve an end to end solution with REAN Cloud’s top of the line in-cloud security and management tools combined with the power of the multi-dimensional strengths of AWS.

If you are interested in learning about how REAN Cloud can support your healthcare and life sciences related workloads to meet your security and compliance requirements, please email them at


If you’re interested in learning more about how AWS can add agility and innovation to your healthcare and life sciences solutions be sure to check out our Cloud Computing in Healthcare page. Also, don’t forget to learn more about both our Healthcare and Life Sciences Competency Partners and how they can help differentiate your business.

Will you be at HIMSS? Be sure to stop by our booth #6969! We’d love to meet with you.

Please leave any questions and comments below.

The content and opinions in this blog are those of the author and is not an endorsement of the third-party product.  AWS is not responsible for the content or accuracy of this post.  This blog is intended for informational purposes and not for the purpose of providing legal advice.

How Architects for HIPAA Compliance in the Cloud

by Aaron Friedman | on | in APN Technology Partners, AWS Partner Solutions Architect (SA) Guest Post, Healthcare, Life Sciences | | Comments

Aaron Friedman is a Healthcare & Life Sciences Partner Solutions Architect with Amazon Web Services

An individual’s relationship with his or her doctor and caregivers is of utmost importance – especially when serious health problems arise. Yet patients can easily end up feeling like they are just a number, rather than an important customer, as they traverse the many siloes that make up a patient’s journey.

The hc1® Healthcare Relationship Cloud® was designed from the ground up to enable healthcare organizations to deliver the unified, personalized, superior service that all patients deserve. While healthcare entities store an abundance of data at both the provider and patient level, the challenge lies in quickly transforming massive volumes of disconnected clinical, diagnostic, billing, and preference data into holistic profiles that span providers and patients to foster a five-star service experience.

High quality health outcomes delivered at the lowest possible cost are central to the patient-provider relationship. It is critical for today’s healthcare organizations to establish a flexible and secure healthcare IT solution that brings the important issues requiring attention into focus in real-time. realized very early on that in order to deliver the best customer experience possible, they needed to put the patient at the center and enable visibility across the healthcare spectrum. “The decision to build our solution on the cloud was deliberate,” according to’s SVP of Technology, Laura Breedlove. “We did not want to be in the data-center business. Instead, we wanted to focus on delivering differentiating business value to healthcare. AWS made it easy for us to build a secure, highly available platform, while also providing agility to adapt to the evolving needs of our customers. We do all of this on AWS while maintaining the appropriate compliance standards.”

Securing protected health information (PHI) is paramount for The U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes protocols for working with PHI for both covered entities and their business associates. has the flexibility to use the HIPAA-eligible services on the AWS Cloud under the AWS Business Associate Addendum (BAA) and in accordance with our guidance.

The hc1 platform

Per the AWS BAA, only HIPAA-eligible AWS services may touch PHI in’s platform. One of the things that I love about how has built their platform on AWS is how they have taken care to understand which portions of their application store, process, and transmit PHI, and are therefore subject to the BAA. For the remaining portions of their platform, they leverage the full suite of AWS services to deliver the best possible experience to their customers. Here is a diagram of the services utilized by their platform:

Through the array of AWS’ HIPAA-eligible services, is able to address many of the core needs for their platform, which I understand was designed as follows:

Storage and Archival: uses a tiered storage strategy to reduce costs while securing their data. All of the data in their Amazon S3 buckets is encrypted and over time archived to Amazon Glacier.

High Availability and Resiliency: Elastic Load Balancing securely distributes web traffic to encrypted Amazon EC2 instances over multiple Availability Zones within an AWS Region. Also, many of our partners are moving to a microservices-based architecture to allow for better resiliency in their applications. uses Amazon ECS to orchestrate Docker containers on Amazon EC2 that run these microservices. All PHI is processed on Amazon EC2 to remain compliant with the BAA.

Rapid Data Retrieval: Realizing the value of not configuring and managing a database themselves, is actively converting to Amazon RDS services for their database tiers. As the stored data often contains PHI, these databases are all encrypted at rest.

Data Warehousing and Analytics: Amazon Redshift is a fully-managed data warehouse that is a HIPAA-eligible service under our BAA. encrypts their Amazon Redshift clusters and can quickly and cost-effectively analyze all of their data.

Security: In addition to the services shown above, leverages AWS’ full suite of DevSecOps services including Amazon CloudWatch and AWS CloudTrail for logging, AWS Identity and Access Management for authorization, and AWS Key Management Service for key management. None of these services touch PHI on their platform.

In areas where PHI is not involved in the application, uses additional AWS services to deliver the best possible value to their customers. Amazon CloudSearch is used to enable customers to search non-PHI data quickly and easily and Amazon CloudFront to distribute non-PHI images to their customers. They have built in custom logic designed to prevent these services from touching PHI, and they contract annually with a third-party to perform a HIPAA risk assessment to ensure appropriate control mechanisms are in place.

Remaining agile in a compliant world

As additional services are added to the AWS BAA and can then be used to store, process, and transmit PHI, evaluates each service to determine how they can leverage these new capabilities. removes all PHI for its development and test cycles which allows for rapid innovation on AWS services to allow for faster time-to-market when AWS announces new HIPAA-eligible services.

Speed and cost of our services are always important design principles for Healthcare Partners as they look to enhance the customer experience. Amazon Aurora is a MySQL-compatible database that delivers increased performance at a fraction of the cost. At re:Invent 2016, we announced Amazon Aurora (MySQL-compatible) is now HIPAA-eligible. Without having to make any updates/sign new paperwork, can take advantage of this new capability under our BAA and is actively evaluating a switch from their MySQL instances to Aurora.

Deriving insights without sacrificing security

One of the byproducts of focusing on the customer experience and delivering real-time, unified healthcare data to their users is that has built a high-fidelity, aggregated data set that they can mine for new insights.  Through live processing performed in a proprietary data refinery, hc1 Insight™ delivers actionable information through the aggregation, connection and modeling of healthcare data, while the hc1 Healthcare Relationship Management (HRM) platform facilitates effective healthcare consumer engagement, coordination and education across the continuum of care.

hc1 Insight™ connects and organizes vast volumes of data as an on-demand data information service platform to create rich patient and provider profiles, uncover hidden relationships, produce actionable intelligence, and positively influence behavior by automating the process of tracking behavior patterns and communicating the behavior patterns across providers, patients, consumers, payers, healthcare organizations, and employers. hc1 Insight, also natively built on AWS, provides elastic, scalable compute resources to meet constantly growing data volume requirements, all while adhering to the appropriate regulatory requirements. Through this elasticity, hc1 Insight utilizes proprietary master data management to drive additional enhanced data relationships between patients, providers and other unique data elements. These combined platform capabilities enable hc1 Insight to deliver a value that is differentiated and powerful for all healthcare entities.

By using AWS, has been able to easily integrate the appropriate analytics tools to their existing platform. While their data currently resides in a data warehouse on HIPAA-eligible Amazon Redshift, they can also analyze with Amazon EMR (also HIPAA-eligible), or our newly launched managed interactive query service, Amazon Athena for non-PHI data.


Security and compliance should always be at the forefront of your mind when developing applications that incorporate patient data. While this means that you will have to take certain extra steps to confirm compliance under the appropriate regulatory entities, you do not have to do so at the expense of the patient-provider relationship. As an APN Healthcare Competency Partner, has demonstrated that they understand both the security and compliance requirements for HIPAA workloads while still providing excellent value to their customers.  By leveraging AWS services, laboratories, hospitals, and post-acute care networks running their business have a cloud platform optimized for performance, scalability, and security, all essential elements in a value-based care delivery model.


If you’re interested in learning more about how AWS can add agility and innovation to your healthcare and life sciences solutions be sure to check out our Cloud Computing in Healthcare page. Also, don’t forget to learn more about both our Healthcare and Life Sciences Competency Partners and how they can help differentiate your business.

Will you be at HIMSS? Be sure to stop by our booth #6969! will also be at HIMSS at booths 6179-23, 6493, and 6779-02. We’d both love to meet with you.Please leave any questions and comments below.

The content and opinions in this blog are those of the author and is not an endorsement of the third-party product.  AWS is not responsible for the content or accuracy of this post.  This blog is intended for informational purposes and not for the purpose of providing legal advice.

How ClearDATA Utilizes Automation to Support Healthcare & Life Sciences Customers on AWS

by Aaron Friedman | on | in APN Partner Highlight, AWS Partner Solutions Architect (SA) Guest Post, Healthcare, Life Sciences | | Comments

Aaron Friedman is a Healthcare and Life Sciences Partner Solutions Architect at Amazon Web Services

At AWS re:Invent 2016, we hosted our first healthcare pre-day and heard from many of our healthcare-focused APN Partners doing outstanding work on the AWS Cloud. Workloads that are subject to stringent HIPAA and HITRUST regulations are regularly running on AWS and enhancing the patient experience. Our healthcare partners have realized the myriad benefits of moving to the cloud, and in many cases in our industry, cloud adoption is now at a point of “when” and not “if”. Several factors are motivating this movement, including:

Compliance and Security: AWS provides a Business Associate Addendum (BAA) to APN Partners who want to store, process, and transmit protected health information using eligible AWS servicesPer our Shared Responsibility Model, while AWS manages security of the cloud, security in the cloud is the responsibility of the customer. Customers retain control of what security they choose to implement to protect their own content, platform, applications, systems and networks, no differently than they would for applications in an on-site datacenter.  Many APN Consulting Partners have expertise in the Shared Responsibility Model and can help to streamline these processes for AWS customers so that they can focus on their core business.

Data Storage and Analysis: Due to the elastic nature of storage and compute that AWS offers, healthcare organizations no longer have the on-premises worry about running out of storage space and compute power to handle the ever-growing big data deluge. This is vital due to the demands of delivering effective patient care through integrating electronic health records (EHRs), PACS imaging systems, clinical trials data, and other datasets.

Cost: With AWS, you can choose to either pay-as-you-go, or reserve capacity upfront. This allows organizations to move from a CAPEX financial model (buying more high maintenance servers and storage upfront) to an OPEX model (pay-as-you-go on the cloud) to gain the flexibility to use IT resources on an as-needed basis and focus on their core workloads rather than “keeping the lights on.”

In this post, I want to tell you about ClearDATA, an APN Advanced Consulting Partner and Healthcare Competency Partner. In their presentation at our re:Invent 2016 healthcare pre-day, ClearDATA demonstrated expertise in applying DevSecOps principles to help secure PHI for their customers to help customers meet their compliance requirements on the AWS Cloud. As they both work exclusively with healthcare and life sciences organizations and are HITRUST-certified, their customers know that the security of sensitive data is and always will be ClearDATA’s number one priority.

Blending DevOps and Security for Healthcare

The ClearDATA Healthcare Managed Cloud on AWS takes a three-pronged approach to protecting health information: it protects sensitive healthcare data using purpose-built DevOps automation, provides compliance and security safeguards, and offers deep healthcare expertise.

ClearDATA’s compliance and security safeguards are vast. Its Compliance Dashboard monitors security across all EC2 instances and provides real-time visual alerts if something changes that may pose a risk to PHI.


Here’s an example of how that might work. Perhaps someone at your organization inadvertently turns off encryption within an Amazon EC2 instance. The Compliance Scorecard in the Dashboard would turn that asset from green to red and automatically alert both ClearDATA engineers and your team so everyone can take the appropriate remediation measures, whether automated or manual.

ClearDATA_2ClearDATA’s security standards, built into the Dashboard, are aligned with the controls set forth in the HITRUST Cybersecurity Framework and are designed to go above and beyond minimum HIPAA requirements. For instance, backups and snapshots of your data are automatically encrypted and stored in Amazon S3 and archived in Amazon Glacier for as long as required by a customer to meet their regulatory requirements – whether it’s a PACS image of a child or an individual’s EHR record, for instance. ClearDATA also stores a seven-year raw log of any changes, patches, encryption, or vulnerabilities in the customer environment within Amazon Glacier to assist healthcare organizations during any audits.

ClearDATA offers secure and direct access to the AWS API to let customers gain full control of their environments, as needed, while mitigating risk through ClearDATA’s Compliance Dashboard.

AWS and ClearDATA in action

Several customers are making impressive strides by using AWS technologies in combination with ClearDATA’s unique intellectual property and healthcare security expertise. A large hospital network reliant on an on-premises data center was struggling to maintain the data in its electronic health record (EHR) across multiple sites. The hospital network was experiencing latency and inconsistent performance, as well as difficulty scaling up and down and controlling costs. All of these challenges led them to consider a move to AWS and ClearDATA technologies and expertise.

ClearDATA managed the migration effort to bring the hospital’s EHR, Revenue Cycle Management and Patient Engagement Portal onto AWS using its Managed Cloud and healthcare knowledge. Today, the hospital network is using the full array of ClearDATA’s offerings, alongside EC2, Amazon Glacier, Amazon Elastic Block Store (EBS), Elastic Load Balancing (ELB), and Amazon S3. Since moving to AWS with ClearDATA, the hospital network has experienced better flexibility and security; more control over IT and security expenditures; and perhaps most importantly, far better performance, leading to faster, more responsive patient care.

As is the case for many ClearDATA customers, ClearDATA completed their cloud migration using AWS Snowball (HIPAA-eligible) to transfer petabytes of stored data securely to the AWS Cloud. The advantage of using Snowball is that ClearDATA can securely migrate petabytes of data on the customer’s behalf on encrypted devices, solving problems for healthcare customers that may have limited Internet connectivity and decade’s worth of data.

Another company that provides a mobile Electronic Medical Record application for urgent care services in rural hospitals was looking for guidance to maintain a healthcare-compliant environment and was strapped for funding and resources. The company was tapping the talents of in-house developers to code for HIPAA compliance, but security was not their core competency, so they were having to spend a lot of time and effort concerned about security rather than providing differentiated value with their application.

This Healthcare organization partnered with ClearDATA to move to AWS and switched from using virtual machines to Docker containers, a solution for operating system (OS) virtualization, orchestrated by Amazon ECS on dedicated-tenancy Amazon EC2 instances. The combined solution has enabled them to reduce costs significantly, and by using containers, the development team can focus on optimizing their app rather than patching the operating system.

Looking to 2017

When I asked Matt Ferrari, ClearDATA CTO, what he was excited about coming out of the fall and re: Invent 2016, he was enthusiastic and offered a long list. A few highlights included:

New HIPAA-eligible services. According to Matt, “We always love seeing new services that become HIPAA-eligible under the AWS BAA. These updates give us increased flexibility to architect solutions for our customers, delivering an even better customer experience.” In particular, they have used AWS Snowball for large migrations, and are particularly excited to migrate Amazon RDS MySQL databases to Amazon Aurora for increasing query performance while concurrently optimizing their costs.

VMware Cloud on AWS. A couple of months ago, we announced a new initiative with VMware to make it easy to run VMware workloads on AWS. Many of our customers and APN Partners run hybrid architectures, and many of them use VMware. ClearDATA is very excited about the opportunities they feel this may open up for their customers, says Matt: “VMware workloads have been the predominant virtualization option within Healthcare Life Sciences organizations for many years. With the introduction of the VMware to AWS capability, we can securely migrate these workloads to AWS, so that Healthcare organizations can continue to use toolsets that they are competent in (vSphere) without having to worry about future capital expenditures. This will allow Healthcare organizations to focus on their core competency, which is usually their patients, and not the data center.”

Healthcare and Life Sciences presence at re:Invent. We saw an enormous presence of healthcare and life sciences customers at re:Invent 2016. Many firms connected with ClearDATA during and after the conference. According to the ClearDATA team, this has translated into tangible business opportunities for ClearDATA in 2017.

Look for us at HIMSS

Hopefully you can see why I’m so enthusiastic about our relationship with ClearDATA. Healthcare organizations can come to ClearDATA and expect security and compliance expertise as well as an excellent customer experience.

If you’re interested in learning more about how AWS can add agility and innovation to your healthcare and life sciences solutions be sure to check out our Cloud Computing in Healthcare page. Also, don’t miss your opportunity to more about both our Healthcare and Life Sciences Competency Partners and how they can help differentiate your business.

Will you be at HIMSS? Be sure to stop by our booth #6969! ClearDATA will also be at booth #3222. We’d both love to meet with you.

The content and opinions in this blog are those of the author and is not an endorsement of the third-party product.  AWS is not responsible for the content or accuracy of this post.  This blog is intended for informational purposes and not for the purpose of providing legal advice.


by Chris Whalley | on | in Healthcare, Life Sciences, Security | | Comments

The reasons customers continue choosing the AWS Cloud are many: agility, security, control, and cost are just some we hear from customers large and small. The reasons healthcare organizations are choosing the AWS Cloud are no different and, since launching our Business Associate Addendum in 2013, security and control have been at the top of the list for our healthcare customers when managing their HIPAA and HITRUST compliance requirements.

What is HIPAA?

Passed in 1996, the U.S. Health Insurance Portability and Accountability Act (HIPAA) was designed to make it easier for workers to retain health insurance coverage when they change or lose their jobs while also driving the adoption of electronic health records to improve the efficiency and quality of the American healthcare system through information sharing. Additionally, HIPAA includes provisions to protect the security and privacy of Protected Health Information (PHI) across a wide range of personally identifiable health and health-related data. Learn more about HIPAA on AWS here.

What is HITRUST?

The Health Information Trust Alliance (HITRUST) is a standards development organization that develops and maintains a healthcare compliance framework called the HITRUST Common Security Framework (CSF). In HITRUST’s own words, the CSF is “a certifiable framework that provides organizations with a comprehensive, flexible and efficient approach to regulatory compliance and risk management. Developed in collaboration with healthcare and information security professionals, the HITRUST CSF rationalizes healthcare-relevant regulations and standards into a single overarching security framework.” The HITRUST CSF is designed to unify security controls from federal law, such as HIPAA, state law, and non-governmental frameworks, like PCI-DSS, into a single framework tailored towards use in the healthcare industry. Due to the nature of HITRUST, including protection of Personally Identifiable Information (PII) and cardholder information, an increasing number of AWS customers, especially those that are healthcare payers, are achieving compliance with HITRUST CSF while using the AWS Cloud.

To become HITRUST certified, organizations typically follow a 5-step process similar to the following:

  1. Leverage the HITRUST CSF assessment tool to identify applicable HITRUST Controls
  2. Determine controls related to AWS services per the AWS Shared Responsibility Model and compliance policies
  3. Complete HITRUST CSF assessment and engage a third-party HITRUST auditor to test controls
  4. Organization and auditor both submit their assessment to HITRUST for review via the MyCSF Portal
  5. Achieve HITRUST certification

How does AWS help?

AWS employs a Shared Responsibility Model for security and compliance. This means that AWS manages security of the Cloud and its underlying infrastructure, while security in the Cloud is the responsibility of the customer. Customers have a broad range of controls they can implement to protect their own content, platform, applications, systems and networks, no differently than they would for applications in an on-site datacenter. In the context of compliance, this means AWS offers customers compliance-ready infrastructure and provides tools and services customers can use to be compliant on the AWS Cloud.

To help customers with their HIPAA and/or HITRUST compliance, AWS provides access to a suite of both AWS-native tools and services designed for use by customers to secure their workloads and encrypt and obfuscate PHI. Customers can also connect with APN Partners, in particular AWS Healthcare and Life Sciences Competency Partners, with tools and services that can help them manage their compliance requirements. AWS offers customers who need a business associate agreement under HIPAA a standard Business Associate Addendum (BAA) to the AWS Customer Agreement, which takes into account the unique services AWS provides and accommodates the AWS Shared Responsibility Model.  The BAA provides a clear list of HIPAA-eligible services, examples including Amazon Elastic Compute Cloud (Amazon EC2), Amazon Redshift, and Amazon Elastic MapReduce (Amazon EMR), that customers can use to process, store, and transmit PHI under the BAA. You can learn more about how to architect for HIPAA compliance on the AWS Cloud here.

APN Partners offering services on AWS, such as those who’ve achieved the AWS Healthcare and Life Sciences Competencies, may also be able to assist with customers’ HIPAA and/or HITRUST compliance needs. For example, APN Partner ClearDATA, an Advanced Consulting Partner with the Healthcare Competency, is HITRUST-certified and offers a BAA for customers using its services.

More information on HIPAA and HITRUST on AWS

This past week, we published our newest Quick Start Reference Deployment AWS Enterprise Accelerator: HIPAA Compliance on AWS.

This new Quick Start deploys a standardized environment that supports compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA). The Quick Start was built by AWS solutions architects and compliance experts who have migrated and deployed workloads that are within scope for HIPAA compliance. It supports the technical controls within the 52 statutes of HIPAA Phase 1 and the 180 statutes of HIPAA Phase 2. Download the deployment guide and learn more here.

To provide additional information on HIPAA, HITRUST, and PHI and some of the work from our HCLS Partners today we will feature posts that discuss Life Sciences Competency Partner REAN and Healthcare Competency Partners ClearDATA and

For more information regarding HIPAA on AWS, click here.

Coming up in AWS Healthcare and Life Sciences Week…

Today, 02/15:

  • Profile of Healthcare Competency Partner ClearDATA focusing on HITRUST and discussing the company’s expertise in applying DevSecOps principles on AWS
  • Profile of Healthcare Competency Partner detailing the hc1 Platform and the team’s approach to HIPAA compliance on AWS
  • Profile of Life Sciences Competency Partner and Premier Consulting Partner REAN Cloud detailing REAN’s approach to logging, monitoring, and continuous compliance, and the importance of automation in this space


  • A guest post from AWS Marketplace
  • A profile of AWS Healthcare Competency Partner Cloudticity and how the firm drives automation and cross-segment innovation
  • A technical recap from Partner SA Aaron Friedman, highlighting additional HCLS-focused Partners and solutions


  • Recap of HCLS week and what to look forward to heading towards HIMSS

The content and opinions in this blog are those of the author. This blog is intended for informational purposes and not for the purpose of providing legal advice.

How Cognizant Approaches GxP Workloads on AWS

by Kate Miller | on | in APN Competency Partner, APN Consulting Partners, APN Partner Highlight, Life Sciences, Premier Partners | | Comments

By Vandana Viswanathan, Associate Director, Process & Quality Consulting, Cognizant Technology Solutions, and Joseph Stellin, Associate Director, Cognizant Cloud Services. 

Cognizant is a Premier APN Consulting Partner, an AWS MSP Partner, an AWS Public Sector Partner, and holds a number of AWS Competencies, including Healthcare, Life Sciences, Migration, Big Data, Financial Services, and Microsoft SharePoint. 

Life sciences firms are rapidly accelerating their adoption of AWS to not only advance research in the space, but to optimize the development of software and the environment it runs on. We’ve found that questions around regulatory quality, security and privacy have been addressed to the point where many senior executives actively pursue using AWS as an extension of or replacement for their on-premises environments.

Most companies manufacturing medical products or developing drugs are required by regulations to follow Good Manufacturing, Clinical, and Laboratory Practices (GxP). IT systems running “GxP Applications” are subject to FDA audit and failure to comply with the appropriate guidelines could result in fines and potential work stoppage. Due to this impact, GxP regulations are often at the forefront of our customers’ minds when considering a move to the cloud.

In January 2016, AWS released a white paper on Considerations for Using AWS Products in GxP Systems. With this guidance, it has become easier to develop these regulated workloads on AWS. We have found that life sciences firms are able to achieve the same benefits of scale, cost reduction, and resiliency for their GxP applications that they’ve come to expect from non-regulated workloads on AWS. This was exemplified at re:Invent 2016 where Merck spoke publicly about how they have built GxP solutions on AWS.

At Cognizant, we’ve developed a transformation framework based on our experience working with many large organizations within the life sciences and healthcare verticals. This framework consists of many steps including analyzing cloud providers, developing and executing validation plans, and creation of governance and support procedures to ensure compliance to FDA regulations. This framework enables successful qualification of the cloud infrastructure (IQ) execution and operations and ensures compliance of the application/software being hosted on the cloud. We’ve applied our approach to live migrations of multiple GxP workloads, including Trackwise and Maximo, as well as to building out of new GxP environments natively on AWS.

Design principles for GxP

When developing GxP applications for our customers, we’ve found there are key design and operation principles that each workload requires. It is important to note that in a cloud environment, infrastructure is continuously improvable with new features and capabilities added regularly. The need to stay compliant shouldn’t stifle innovation, but proper controls need to be enforced to ensure that FDA requirements are continuously met. We like to think about compliance not as a fixed goal, but a continuous operational and design requirement.

The following key principles relate to the Cognizant proprietary transformation framework as well as key AWS and third-party services we use to address these principles.

Cloud Provider Assessment: This enables us to evaluate all cloud providers based on their viability of hosting a GxP application and also the ability to support the specific environment being migrated. The evaluation parameters include regulatory compliance, information security, data privacy, infrastructure application dependencies, and business criticality amongst other key parameters.

Data Security: All sensitive data should be encrypted both at-rest and in-transit. For example, we use AES256 encryption for data at rest. We always engage our enterprise security team to evaluate all current customer security solutions to determine if there a need for additional security solutions to meet customer compliance and security requirements.

Authentication and Authorization: As the data flowing through a GxP application can be sensitive, we need to ensure that only the appropriate authorized Individuals can access the data and control the access limitaions. We utilize AWS Identity and Access Management and/or extend out current on-premises domain controller resources to the cloud in a secure way.

Traceability and Auditability: We need to have a time-stamped, secure audit trail that documents how and when users access the environment and application and any changes to the core infrastructure or applications. The benefit of infrastructure as code is that we can validate and log changes to our infrastructure in the same way we do software. We use AWS CloudTrail for all logs and leverage Amazon CloudWatch for any alerts and notifications. We have also integrated a proprietary tool called Cloud360 for all tracking, monitoring, management and audit information.

How our GxP approach leads to customer success

Our Transformation Framework has helped simplify the process of creating and maintaining validated environments in a continuously advancing technology. This innovation has helped these organizations to take advantage of key benefits of the cloud including: reduction in cost, agility, time to market, scalability, and more importantly reliability through redundancy.

For several of our top 10 pharmaceutical clients, implementation of the transformation framework has enabled successful movement of regulated applications to the cloud. A framework for validating GxP workloads was established and precedence has been set to move ongoing applications to the cloud.

Looking ahead

As this quest to move validated workloads to the cloud continues in the Life Sciences and Healthcare verticals, processes and technologies will evolve and be adopted to expedite the validation process, ensure compliance, and achieve larger cost savings. We look forward to our strong continuous relationship with AWS to assist many organizations with building confidence in moving GxP workloads to the cloud, advancing technology and streamlining validation processes.

Please leave any questions and comments below.


If you’re interested in learning more about how AWS can add agility and innovation to your healthcare and life sciences solutions be sure to check out our Cloud Computing in Healthcare page. Also, don’t forget to learn more about both our Healthcare and Life Sciences Competency Partners and how they can help differentiate your business.

Will you be at HIMSS? Stop by the Cognizant booth #3214. And be sure to stop by our booth #6969! We’d love to meet with you.

The content and opinions in this blog are those of the third party author and AWS is not responsible for the content or accuracy of this post.