HIPAA Environment Buildout

Project Summary

The challenge was multi-faceted: One of our clients in the healthcare industry, Aliera Healthcare needed to optimize, update, and re-engineer their existing AWS environment. They were already using AWS, but the performance, reliability, and scalability of the platform were lacking and application performance needed optimization.

There was a second significant challenge, too: HIPAA compliance. HIPAA, or the Health Insurance Portability and Accountability Act, has been U.S. law since 1996. The most important section of this act is Title II, which sets the standards for digital healthcare data access and transfers while remaining in compliance with privacy regulations set by the U.S. Department of Health and Human Services. Not just any public platform can hold, process, and transfer healthcare-specific data – only fully compliant cloud services can be used for this kind of migration.

The third significant challenge was cost containment. Aliera Healthcare needed additional reliability and scalability while addressing the legal regulations of the healthcare industry. To keep the cost of this project affordable, the right public platform and services would have to be selected and implemented correctly.

The Strategy

The first and most important step was migrating to a reliable, scalable, cost-effective, and HIPAA compliant application platform that allowed the client to develop code without having to deal with dev-ops overhead. Amazon Elastic Beanstalk combined with its use of Amazon EC2 Container Service (Amazon ECS) was our immediate choice for this scenario. This deployment solution, which is used by pharmaceutical company Novartis, who trusts that their cloud transfers – which contain highly sensitive data – will be HIPAA compliant. It’s also trusted by entertainment giant Netflix as well as NASA’s Jet Propulsion Laboratory, which used it for the Mars Curiosity Mission. Why do you ask? Because Amazon’s ECS isn’t just secure; it also boasts impressive reliability (99.95 percent for each ECS Region) and formidable auto-scaling capabilities, in addition to the low cost of operation that Aliera Healthcare needed. Amazon Elastic Beanstalk with Amazon ECS was the perfect place to start.

Also in order to meet the HIPAA compliance standards we needed to make sure all data was encrypted in transit and at rest along with a preferred Intrusion Detection System (IDS). Amazon EBS (Elastic Block Storage) with encryption enabled was the perfect fit to meet the encryption at rest. Then forcing SSL encryption for all internal and external communications between the applications and database, this would satisfy the encryption in-transit requirement.

AWS WAF, CloudWatch and CloudTrail

To monitor uptime and security requirements and prevent attacks and intrusions, we configured a combination of Amazon WAF, CloudWatch, GuardDuty, SecurityHub and CloudTrail. CloudWatch ensures that all functions of an application run quickly and smoothly. WAF security rules were put in place to provide control over which web application traffic to allow. If there’s ever a need to scale up, CloudWatch logs events and sends alerts so that additional resources can be dedicated to the application. CloudTrail, on the other hand, monitors the back end of the application, ensuring governance, compliance, and operational and risk auditing services are all being performed. While CloudWatch looks at application demands, CloudTrail notes AWS account activity, including changes to the Management Console, SDKs, and command-line tools. Together, these services ensure this client always has automated eyes on their application security and performance.

AWS Cost Optimization

Once all of the environments were deployed and tested we implemented cloud storage policies to leverage cost optimization best practices, continuous evaluation, and EC2 right sizing. We built rules for S3, Infrequent S3 and Glacier to lower costs driven by compliance and well-architected framework.

Proven Results

With eCloud Managed Solution’s guidance and direction, Aliera Healthcare was able to get the business and performance improvements they were looking for. Since launch, they’ve seen all the cost savings they expected as well as the future-proofing they hoped for. Thanks to our dedicated Architecture team that follows the AWS Well-Architected Framework and the flexibility of the AWS Platform, eCloud Managed Solutions was able to build a safe, cost-effective, and HIPAA compliant environment.