White Paper: Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services

I am really excited to release our white paper on how to create HIPAA-compliant information processing systems in the Cloud. The paper focuses on the HIPAA sections: The Privacy Rule and The Security Rule, and how to encrypt and protect your data in the AWS cloud.

White paper is now available on AWS website for download.

U.S. companies that are handling healthcare information, specifically personally identifiable information, are subject to the security and privacy regulations of Health Insurance Portability and Accountability Act (HIPAA). The White paper talks about applications that deal with Protected Health Information (PHI) and use Amazon S3 should encrypt their “in-flight” and “at-rest” data using traditional encryption mechanisms they have used in the past. For eg. TC3 Health used PGP Encryption for their implementation. The paper also makes several recommendations like creating a data backup plan, leveraging multiple EC2 Availability Zones for high availability and disaster recovery, creating point-in-time snapshots of EBS volumes etc. in order to comply with HIPAA’s Security standards.

Various developer tools/libraries (for Encryption)

• Duplicity
• jets3t 
• s3rync
• C# libraries

Solutions (with built-in Encryption Support):

• Zmanda Cloud Backup
• ElephantDrive
• Sonian Networks
• Vembu’s StoreGrid
• DataCastle Data Protection
• Moonwalk
• Microlite BackupEDGE
• SecoBackup SecoVault and S3SQL

Read about customers who have built HIPAA-compliant apps on AWS:

-Jinesh

Modified 3/16/2021 – In an effort to ensure a great experience, expired links in this post have been updated or removed from the original post.