Architecting HIPAA Compliant Cloud On AWS

A nonprofit healthcare organization in the USA sought to address challenges stemming from rapid growth and scalability issues. To meet HIPAA compliance requirements while ensuring security, reliability, and agility, they turned to Amazon Web Services (AWS) for a HIPAA-compliant cloud hosting solution. The project, ongoing since April 2017, aimed to build a secure and robust high-load system for automation, leveraging AWS services such as Virtual Private Cloud, Elastic Load Balancer, Route 53, CloudFront CDN, S3, DynamoDB, among others.

The implementation process involved utilizing AWS Key Management Service (KMS) for security, AWS WAF for web application firewall, and Amazon CloudWatch for system monitoring. Migration to the cloud included CRM applications, using Amazon EC2 instances and load balancers for data management. The architecture incorporated serverless elements like Lambda for code execution without server management and RDS for distributed relational databases. Moreover, features such as Multi-AZ for database availability and CloudFront CDN for fast content delivery enhanced performance.

The adoption of AWS resulted in numerous benefits for the client, including improved online security, elimination of downtime, and reduced maintenance efforts. Achieving 99.99% uptime in the cloud, the organization experienced enhanced security compared to on-premises solutions, easier HIPAA compliance, and increased satisfaction rates. DevCom's cloud computing and software development services enabled the client to focus on strategic activities, ultimately contributing to growth goals. For businesses seeking similar improvements in cloud infrastructure, DevCom offers tailored solutions and invites inquiries for further collaboration.

Technology Stack

• Android and iOS
• Flutter
• Background Services, Google Maps API, REST APIs

Objectives

AMAZON WEB SERVICES:

• Virtual Private Cloud
• Elastic Load Balancer
• Route 53
• Cloudfront CDN
• S3
• DynamoDB
• Multi-AZ
• Glacier
• EC2
• RDS
• Lambda

Business challenge: HIPAA compliant cloud

Rapid growth challenged the organization regarding its infrastructure and scalability. It was essential to have a fully reliable application and secure HIPAA-compliant cloud hosting environment available 24/7.

The challenge was to build a secure and robust high-load system for automation.

HIPAA compliant cloud hosting solution

Meeting healthcare-specific needs, we realize that with HIPAA compliance, secure cloud-based infrastructure in AWS is a great asset. 

AWS provides a secure environment that meets HIPAA compliance requirements, and a complete set of easy-to-use, flexible tools to manage growing amounts of data using solutions for high-performance computing, archiving, and storage. 

When the capabilities of AWS are combined with DevCom’s software architects and certified DevOps engineers, it results in a personalized solution that enables healthcare organizations to store securely, process, transmit, and analyze information. It helps to lower costs, become more agile, and innovate faster.

AWS implementation process & insights

AWS WAF – Web Application Firewall is used to protect its new and existing web applications. Amazon CloudWatch is used to monitor the system. The business migrated all CRM applications to the cloud, utilizing Amazon Elastic Compute Cloud (EC2) computing power with load balancers to manage users’ data. 

Elastic Load Balancer with auto-scaling configuration and Multi-AZ support both for web and database service that allows high-availability and scalability based on-demand level. Encrypted S3 storage with data-at-rest encryption provides a HIPAA-compliant mechanism for storing sensitive data. CloudFront CDN allows fast static content delivery to end-users. S3 and Glacier fulfill long-term and cost-effective backup capabilities.

HIPAA compliant serverless architecture with AWS

• Elastic Load Balancer – distributes the incoming application or network traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses, in multiple Availability Zones.
• Multi-AZ – provide enhanced availability and durability for Database (DB) Instances.
• Glacier – is a storage service optimized for infrequently used data, or “cold data.
• RDS – is a distributed relational database service by AWS.
• S3 – object storage built to store and retrieve data from anywhere.
• DynamoDB – fast and flexible NoSQL database service for any scale.
• Lambda – run code without thinking about servers. Pay only for the compute time you consume.
• CloudWatch – Complete visibility of your cloud resources and applications.
• Virtual Private Cloud (VPC) – Provides a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a defined virtual network.
• CloudFront – fast, highly secure, and programmable content delivery network (CDN).
• WAF & Shield – protect your web applications from common web exploits. Managed DDoS protection.
• Route 53 – a reliable and cost-effective way to route end users to Internet applications.
• CloudTrail – track user activity and API usage.
• Secrets Manager – easily rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle.
• Cloud​Formation – model and provision all your cloud infrastructure resources.

Value delivered

By using Amazon Web Services, HIPAA compliant cloud hosting, the client has improved online security, eliminated downtime, and reduced the time and effort required to maintain company systems. The client was able to eliminate waste and enable the application to make full use of the available infrastructure.

• 99.99% uptime in the cloud.
• Better security than on-premises.
• Easier to achieve HIPAA compliance.
• Flexible to setup a high-load configuration.
• 13% higher satisfaction.
• AWS business support.

View other projects