The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a broad set of requirements that are designed to protect patient information from being shared without the patient’s permission. This has placed a significant burden on many businesses in the healthcare industry, especially as the industry transitions to electronic health records (EHR).
HIPAA Compliance and AWS
Fines for non-compliance with HIPAA can be steep, and the public relations impact of any serious breach could be catastrophic. As a result, some healthcare companies and IT service providers have been extra cautious when it comes to protecting protected patient information.
For healthcare businesses migrating to the cloud, understanding how to maintain HIPAA compliance on a shared infrastructure has been challenging. Amazon, for instance, required that any company wishing to achieve HIPAA compliance use a dedicated EC2 instance. The idea was to seal off all data from any possible sharing with other users. This physical isolation was thought to be a necessary layer of added security.
The problem with this requirement has been that it makes HIPAA compliance pretty expensive. Dedicated instances are more expensive than shared instances, so you end up paying more while losing the flexibility of sharing hardware with other AWS users. Is this really necessary, companies asked?
Shared AWS Instances Now HIPAA Compliant
Just this month, Amazon Web Services (AWS) announced that “APN Partners who have signed a BAA with AWS are no longer required to use Amazon EC2 Dedicated Instances and Dedicated Hosts to process PHI.” This means businesses that have signed AWS’ Business Associate Addendum (BAA), an agreement to appropriately safeguard patient information, is eligible to use shared instances.
With this announcement, AWS is recognizing that shared instances have the data protection needed to meet compliance requirements. So now you don’t have to pay more for less in the name of HIPAA.
AWS made the change, the company said, in response to customers. “Customer feedback drives 90+% of our roadmap, and when we heard many customers and APN Partners requesting this change, we listened.”
New HIPAA Compliance Town Hall Webinar
In response to this change, AWS, CorpInfo-Onica and Cloudcheckr teamed-up to produce a webinar, called “HIPAA Compliance Town Hall: Auditing in the AWS Cloud.” It was a live discussion that explored:
- What rules affect HIPAA compliance and governance in the cloud and who must comply
- Why HIPAA compliance requires continuous monitoring and logging of network and information assets
- How to achieve HIPAA compliance with AWS HIPAA Quick Start
- Why organizations need to know and understand AWS’ Shared Responsibility Model to remain compliant in the cloud
- How tools can help validate your security posture and support auditing requirements
Due to the popularity of the event, we’ve made the recording available to view. Watch and learn about HIPAA Compliance and how to achieve it, using the resources of CorpInfo-Onica and Cloudcheckr.
While companies no longer need to choose between shared and dedicated instances to achieve HIPAA compliance, there are still important best practices to be used when dealing with protected healthcare information (PHI), and it can still be expensive. Watch this webinar to learn from the experts at AWS, CorpInfo-Onica, and CloudCheckr’s Cost Management resources how to optimize the security and cost of a HIPAA-compliant cloud infrastructure.
