{"id":24300,"date":"2023-08-09T12:47:33","date_gmt":"2023-08-09T07:17:33","guid":{"rendered":"https:\/\/techvariable.com\/?p=24300"},"modified":"2023-10-09T14:27:03","modified_gmt":"2023-10-09T08:57:03","slug":"understanding-hipaa-compliance-aws-architecture","status":"publish","type":"post","link":"https:\/\/techvariable.com\/blogs\/understanding-hipaa-compliance-aws-architecture","title":{"rendered":"Understanding HIPAA-Compliance AWS Architecture"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"24300\" class=\"elementor elementor-24300\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-8f30802 e-con-full e-flex e-con e-parent\" data-id=\"8f30802\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-fce003a e-con-full e-flex e-con e-child\" data-id=\"fce003a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c00f5f6 p-content elementor-widget elementor-widget-table-of-contents\" data-id=\"c00f5f6\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;exclude_headings_by_selector&quot;:[],&quot;sticky&quot;:&quot;top&quot;,&quot;sticky_offset&quot;:100,&quot;sticky_parent&quot;:&quot;yes&quot;,&quot;container&quot;:&quot;#p-content&quot;,&quot;sticky_effects_offset&quot;:100,&quot;collapse_subitems&quot;:&quot;yes&quot;,&quot;headings_by_tags&quot;:[&quot;h2&quot;,&quot;h3&quot;,&quot;h4&quot;,&quot;h5&quot;,&quot;h6&quot;],&quot;marker_view&quot;:&quot;numbers&quot;,&quot;no_headings_message&quot;:&quot;No headings were found on this page.&quot;,&quot;hierarchical_view&quot;:&quot;yes&quot;,&quot;min_height&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;sticky_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;,&quot;mobile&quot;],&quot;sticky_anchor_link_offset&quot;:0}\" data-widget_type=\"table-of-contents.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-toc__header\">\n\t\t\t\t\t\t<div class=\"elementor-toc__header-title\">\n\t\t\t\tSUMMARY\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div id=\"elementor-toc__c00f5f6\" class=\"elementor-toc__body elementor-toc__list-items--collapsible\">\n\t\t\t<div class=\"elementor-toc__spinner-container\">\n\t\t\t\t<svg class=\"elementor-toc__spinner eicon-animation-spin e-font-icon-svg e-eicon-loading\" aria-hidden=\"true\" viewBox=\"0 0 1000 1000\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M500 975V858C696 858 858 696 858 500S696 142 500 142 142 304 142 500H25C25 237 238 25 500 25S975 237 975 500 763 975 500 975Z\"><\/path><\/svg>\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-ac81472 e-con-full e-flex e-con e-child\" data-id=\"ac81472\" data-element_type=\"container\" data-e-type=\"container\" id=\"p-content\">\n\t\t\t\t<div class=\"elementor-element elementor-element-2e76ac8 elementor-widget elementor-widget-heading\" data-id=\"2e76ac8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Understanding HIPAA-Compliance AWS Architecture<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-08494d1 elementor-widget elementor-widget-text-editor\" data-id=\"08494d1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">People are becoming more and more aware of their rights and privacy as a result of the tremendous shift to digitizing personal information. Healthcare organizations are required by law to ensure that their systems and procedures for handling Protected Health Information (PHI) properly adhere to HIPAA rules. <\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-98afc4e elementor-widget elementor-widget-heading\" data-id=\"98afc4e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What is HIPAA Compliance?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1ef1ec5 elementor-widget elementor-widget-text-editor\" data-id=\"1ef1ec5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">We all have digital copies of our medical histories. We have records of all of our doctor visits, as well as records of every test we&#8217;ve had and every one of the outcomes. These documents are exceedingly confidential to a patient, and the information they contain is quite sensitive.\u00a0\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">HIPAA enters the picture to secure this data. <\/span><span style=\"font-weight: 400;\">The Health Insurance Portability and Accountability Act is referred to as HIPAA<\/span><span style=\"font-weight: 400;\">. <\/span><strong><span style=\"color: #6633f2;\">This law guarantees the privacy and protection of sensitive data, and when it comes to storing this kind of sensitive data on the cloud, AWS is one of the greatest options available<\/span>. <\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5ddc756 elementor-widget elementor-widget-heading\" data-id=\"5ddc756\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Understanding HIPAA Compliance - The Breakdown<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-aa7edd1 elementor-widget elementor-widget-text-editor\" data-id=\"aa7edd1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Our primary asset is an AWS account. The infrastructure of the healthcare organization can be built upon the highly secure and scalable AWS cloud. AWS offers a number of services to construct an application stack that is highly available, scalable, and secure and can support an infinite number of healthcare apps and use cases.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5f5e745 elementor-widget elementor-widget-text-editor\" data-id=\"5f5e745\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><b>The physical layer, the network layer, and the data layer are the three main layers that make up the AWS Cloud<\/b><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-272063e elementor-widget elementor-widget-text-editor\" data-id=\"272063e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">The real data centers where the servers and the entire infrastructure are housed are referred to as the physical layer. When we discuss something in the cloud, that thing should have a physical presence, and those physical presences are the data centers.\u00a0 AWS gives the security in these data centers the utmost consideration.\u00a0\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">For instance AWS limits access to data. They have stern access regulations and extensive surveillance to monitor who accesses the data centers.\u00a0 The network layer follows, where AWS employs cutting-edge security measures to safeguard data transfer.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">For illustration, suppose there are two sources, A and B. Between these two sources, the information this patient requires is transmitted.\u00a0 Therefore, the sent data is extremely vulnerable to attacks when it is traveling.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">AWS therefore employs a variety of procedures, including encryption, in which data is encrypted during transmission and can only be unencrypted at the source. AWS employs a variety of encryption methods, making it nearly impossible for someone, such as a hacker, to obtain and decrypt the data. That is the destination Source.<\/span><\/p><p><span style=\"font-weight: 400;\">The data layer comes after that. The real patient data is listed or kept in this location. Data encryption is one of the capabilities offered by AWS&#8217;s HIPAA-compliant architecture, which ensures data security even when it is being held on the service.\u00a0\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">Now that you are aware of everything in a theoretical sense, additional safeguards have been introduced to ensure that only authorized individuals can see or edit the date.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6c5bd33 elementor-widget elementor-widget-text-editor\" data-id=\"6c5bd33\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><em><strong>Read to get a quick overview of the checklist: <\/strong><a href=\"https:\/\/techvariable.com\/blogs\/hipaa-compliance-checklist-for-healthcare-software-developers\/\">The Ultimate HIPAA Compliance Checklist For Healthcare Software Developers \u2013 TechVariable<\/a><\/em><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bf59a00 elementor-widget elementor-widget-video\" data-id=\"bf59a00\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;youtube_url&quot;:&quot;https:\\\/\\\/www.youtube.com\\\/watch?v=cB7q7Q6Ox_s&amp;t=681s&quot;,&quot;video_type&quot;:&quot;youtube&quot;,&quot;controls&quot;:&quot;yes&quot;}\" data-widget_type=\"video.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-wrapper elementor-open-inline\">\n\t\t\t<div class=\"elementor-video\"><\/div>\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-85cb413 elementor-widget elementor-widget-heading\" data-id=\"85cb413\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Important procedures for creating an AWS infrastructure that complies with HIPAA<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4d8e3ba elementor-widget elementor-widget-heading\" data-id=\"4d8e3ba\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Making use of VPCs (Virtual Private Clouds)<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cc8384a elementor-widget elementor-widget-text-editor\" data-id=\"cc8384a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">VPCs can come in handy when creating a HIPAA-compliant infrastructure on AWS. A VPC enables the development of a logically separate region within the AWS cloud. By doing so, resources can be launched in any specified virtual network. Now, security groups and network ACLs that govern inbound and outbound traffic can be used to restrict access to PHI.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-81666d9 e-flex e-con-boxed e-con e-child\" data-id=\"81666d9\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e3ed8e3 elementor-widget elementor-widget-text-editor\" data-id=\"e3ed8e3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>VPCs are logically separate areas of the AWS Cloud that have their own networking configurations. Scoping networking, rights, and data governance for various parts of your application is made simple by this.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3e391fb elementor-widget elementor-widget-heading\" data-id=\"3e391fb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Using IAM ( Identity and Access Management)<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-097cdca elementor-widget elementor-widget-text-editor\" data-id=\"097cdca\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">This enables resource-level controlled access to PHI. IAM policies provide users and programmes access to particular actions and resources. IAM also makes it possible to employ &#8216;roles&#8217; to grant momentary access to resources, reducing the amount of long-term access keys in use.<\/span><\/p><p><span style=\"font-weight: 400;\">PHI is protected both in transit and at rest thanks to encryption. Encryption keys are generated and managed by the AWS Key Management Service (KMS). AWS also provides a variety of encryption solutions, including server-side, client-side, and hardware security models (HSMs).<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5268bbc elementor-widget elementor-widget-heading\" data-id=\"5268bbc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Using Multi-factor Authentication (MFA)<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0551bd7 elementor-widget elementor-widget-text-editor\" data-id=\"0551bd7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">MFAs are an essential security technique that protects PHI by giving privileged access an additional degree of security. MFA alternatives from AWS include virtual MFA apps and hardware MFA gadgets.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2ad9112 elementor-widget elementor-widget-heading\" data-id=\"2ad9112\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Data Recovering<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ef9612b elementor-widget elementor-widget-text-editor\" data-id=\"ef9612b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">To ensure that important data is not lost in the event of major calamities, you must regularly backup your data. Data backup can be accomplished using a number of AWS products, including Amazon S3, Amazon RDS, and AWS Storage Gateway.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c5008d4 elementor-widget elementor-widget-heading\" data-id=\"c5008d4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Monitoring, Reviewing, and Auditing<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3bfaaa7 elementor-widget elementor-widget-text-editor\" data-id=\"3bfaaa7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">To preserve compliance with HIPAA, routine review and monitoring are essential. AWS offers a number of tools that track infrastructure and spot compliance and security flaws, including <\/span><b>AWS CloudTrail, Amazon CloudWatch, AWS Config, and AWS Security Hub<\/b><span style=\"font-weight: 400;\">. <\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8e23ab7 elementor-widget elementor-widget-heading\" data-id=\"8e23ab7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Additional Security and Response Plan<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-200e73c elementor-widget elementor-widget-text-editor\" data-id=\"200e73c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">AWS collaborates with outside security companies like Trend Micro, McAfee, and Symantec to add further layers of security. In the event of a security breach, you must have a prepared reaction strategy. Any threat should be able to be found, contained, and reported to the appropriate authorities.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c8cb5e7 elementor-widget elementor-widget-heading\" data-id=\"c8cb5e7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Appropriate Training for Development Team<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-30047d8 elementor-widget elementor-widget-text-editor\" data-id=\"30047d8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Educating the project developers on the value of PHI protection and giving them the information and resources necessary to do so. They must be aware of the most recent laws and recommended procedures. <\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-e73d923 e-flex e-con-boxed e-con e-child\" data-id=\"e73d923\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-bfc2983 elementor-widget elementor-widget-text-editor\" data-id=\"bfc2983\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The AWS Compliance website, among other resources provided by AWS, can be utilized to keep up with the most recent legal developments.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3cb3360 elementor-widget elementor-widget-heading\" data-id=\"3cb3360\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Hiring Additional Hands<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7087c7a elementor-widget elementor-widget-text-editor\" data-id=\"7087c7a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Working with a seasoned compliance expert is essential because they can guide the development team through the HIPAA compliance difficulties and make sure that the infrastructure is configured and maintained in accordance with the most recent rules.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-809f563 e-flex e-con-boxed e-con e-child\" data-id=\"809f563\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-1559cd9 elementor-widget elementor-widget-text-editor\" data-id=\"1559cd9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>To make sure the infrastructure is HIPPA compliant, working with skilled security experts and carrying out frequent risk assessments are crucial.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-516e305 elementor-widget elementor-widget-text-editor\" data-id=\"516e305\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">By following these best practices and working with experienced security professionals, healthcare organizations can build a secure and compliant infrastructure on AWS.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-57165de elementor-widget elementor-widget-image\" data-id=\"57165de\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/techvariable.com\/wp-content\/uploads\/2023\/08\/Screenshot-35.png\" title=\"\" alt=\"Various resources to audit, backup, and monitor infrastructure to maintain HIPAA compliance\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-feaaa62 elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"feaaa62\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Various resources to audit, backup, and monitor infrastructure to maintain HIPAA compliance (Source:<\/span><a href=\"https:\/\/aws.amazon.com\/solutions\/implementations\/compliance-hipaa\/\"><span style=\"font-weight: 400;\"> AWS<\/span><\/a><span style=\"font-weight: 400;\">)<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c499127 elementor-widget elementor-widget-heading\" data-id=\"c499127\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Building the HIPAA Compliant AWS Architecture<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-01c3833 elementor-widget elementor-widget-image\" data-id=\"01c3833\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/techvariable.com\/wp-content\/uploads\/2023\/08\/Screenshot-36.png\" title=\"\" alt=\"HIPAA Reference Architecture on AWS\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-18ac4f1 elementor-widget elementor-widget-text-editor\" data-id=\"18ac4f1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><b>To assist businesses in designing AWS cloud services around best security and compliance practices, AWS offers a cloud reference architecture or an AWS HIPAA Quickstart.<\/b><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-20ce802 elementor-widget elementor-widget-text-editor\" data-id=\"20ce802\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Further the architecture can be understood by the following &#8211;<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b225a4c elementor-widget elementor-widget-heading\" data-id=\"b225a4c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">In the VPC for management:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a32714a elementor-widget elementor-widget-text-editor\" data-id=\"a32714a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">A gateway to the internet that acts as a highly accessible, central point of exit for internet traffic.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Private subnet resources can access the internet from public subnets thanks to controlled network address translation (NAT) gateways.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Private subnets to implement your infrastructure and security measures.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Auditing flow logging.<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b6c954c elementor-widget elementor-widget-heading\" data-id=\"b6c954c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">In the VPC:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-80cdef8 elementor-widget elementor-widget-text-editor\" data-id=\"80cdef8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li style=\"font-weight: 400;\" aria-level=\"1\"><b>In the development VPC<\/b><span style=\"font-weight: 400;\">, private subnets are used to deploy development workloads, and flow logs are used for auditing. This helps to ensure that development resources are isolated from production and management resources and that all network traffic is logged for auditing purposes.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><b>In the management VPC<\/b><span style=\"font-weight: 400;\">, a gateway serves as a central point for internet traffic. Public subnets manage network address translation (NAT) gateways to allow internet access for private subnets resources. This will enable resources in the private subnets to access the internet while maintaining a high-security level. Additionally, private subnets are used to deploy security and infrastructure controls, and flow logs are used for auditing, which helps one to have better network traffic visibility.<\/span><\/li><li><b>In the production VPC<\/b><span style=\"font-weight: 400;\">, private subnets are used to deploy production workloads, and flow logs are used for auditing. This helps to ensure that production workloads are isolated from development and management resources and that all network traffic is logged for auditing purposes.<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-1fcb818 e-flex e-con-boxed e-con e-child\" data-id=\"1fcb818\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-fbeb8ff elementor-widget elementor-widget-text-editor\" data-id=\"fbeb8ff\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>AWS Transit Gateway enables customer connectivity and VPC-to-VPC communication.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-aebab99 elementor-widget elementor-widget-heading\" data-id=\"aebab99\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">For audit and logging controls:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-26aae98 elementor-widget elementor-widget-text-editor\" data-id=\"26aae98\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">For metric monitoring and threshold alarms, use Amazon CloudWatch. Flow logs are delivered to an S3 bucket by this service.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">HIPAA compliance standards are mapped to specific AWS configuration items by AWS Config. Flow logs are delivered to an S3 bucket by this service.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">AWS CloudTrail for logging AWS access. Flow logs are delivered to an S3 bucket by this service.<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-79e7575 elementor-widget elementor-widget-heading\" data-id=\"79e7575\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">For connecting with customers:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9b9f0b4 elementor-widget elementor-widget-text-editor\" data-id=\"9b9f0b4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">To connect with AWS Transit Gateway, use AWS Site-to-Site VPN or AWS Direct Connect.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-563f3d8 elementor-widget elementor-widget-heading\" data-id=\"563f3d8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">For alerting and access control:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0827580 elementor-widget elementor-widget-text-editor\" data-id=\"0827580\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Email alerts from alarms can be sent using Amazon Simple Notification Service (Amazon SNS).<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Access authorization and control are provided by AWS Identity and Access Management (IAM).<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9064ab4 elementor-widget elementor-widget-image\" data-id=\"9064ab4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/techvariable.com\/wp-content\/uploads\/2023\/08\/hipaa-compliance-architecture-diagram.d1122a0fc551b742c46cf3ebd205fdae8bffe4a2.png\" title=\"\" alt=\"Basic Architectural Diagram\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c27cbc3 elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"c27cbc3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Basic Architectural Diagram (Source:<\/span><a href=\"https:\/\/aws.amazon.com\/solutions\/implementations\/compliance-hipaa\/\"><span style=\"font-weight: 400;\"> AWS<\/span><\/a><span style=\"font-weight: 400;\">)<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0f2fb7a elementor-widget elementor-widget-heading\" data-id=\"0f2fb7a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Way Forward<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6527ee9 elementor-widget elementor-widget-text-editor\" data-id=\"6527ee9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Every day, more healthcare providers choose AWS HIPAA-eligible services to ensure a high level of security for their services. AWS has shown that its services adhere to the HIPAA regulations and guarantees that ePHI can be processed and stored without any problems. Without a question, AWS makes it easier to create a reliable and consistent cloud environment. However, while developing a medical solution on AWS, healthcare organizations must have faith in their ability to appropriately configure AWS services to achieve all required security precautions. And you should use the aforementioned recommended practices in order to achieve AWS HIPAA compliance and a high level of security.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-58811ad e-con-full e-flex e-con e-child\" data-id=\"58811ad\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t<div class=\"elementor-element elementor-element-2fce2fe e-con-full animated-slow e-flex elementor-invisible e-con e-child\" data-id=\"2fce2fe\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;gradient&quot;,&quot;animation&quot;:&quot;fadeInUp&quot;}\">\n\t\t<div class=\"elementor-element elementor-element-a4eb35a e-con-full e-flex e-con e-child\" data-id=\"a4eb35a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-3707717 elementor-widget elementor-widget-heading\" data-id=\"3707717\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\">Are you seeking for a technology partner to develop an AWS solution that complies with HIPAA?<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-57553f8 e-flex e-con-boxed e-con e-child\" data-id=\"57553f8\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-555d366 elementor-align-center my-btn elementor-widget__width-initial elementor-mobile-align-center elementor-tablet-align-center elementor-invisible elementor-widget elementor-widget-button\" data-id=\"555d366\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;,&quot;_animation_delay&quot;:300}\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/techvariable.com\/contact-us\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Contact Us<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>People are becoming more and more aware of their rights and privacy as a result of the tremendous shift to digitizing personal information. Healthcare organizations are required by law to ensure that their systems and procedures for handling Protected Health Information (PHI) properly adhere to HIPAA rules. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"h5ap_radio_sources":[],"footnotes":""},"categories":[9],"tags":[],"class_list":["post-24300","post","type-post","status-publish","format-standard","hentry","category-healthcare"],"acf":[],"_links":{"self":[{"href":"https:\/\/techvariable.com\/index.php?rest_route=\/wp\/v2\/posts\/24300","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techvariable.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techvariable.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techvariable.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techvariable.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=24300"}],"version-history":[{"count":0,"href":"https:\/\/techvariable.com\/index.php?rest_route=\/wp\/v2\/posts\/24300\/revisions"}],"wp:attachment":[{"href":"https:\/\/techvariable.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=24300"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techvariable.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=24300"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techvariable.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=24300"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}