HIPAA Management For AWS
Configure, Monitor, and Maintain HIPAA Security Controls In Amazon Web Services
Managing HIPAA Compliance In AWS
The Health Insurance Portability and Accountability Act (HIPAA) dictates data privacy and security requirements for managing medical information. Healthcare organizations have to manage many security concerns when building HIPAA complaint solutions and managing protected health information (PHI) in Amazon Web Services (AWS). While AWS has developed several cloud security programs, and provides a business associates agreement (BAA), security and compliance is ultimately a shared responsibility for AWS and the cloud customer.
Under the AWS cloud shared responsibility model, AWS is responsible for many of the HIPAA physical safeguards, but it is up to the cloud customer to manage all administrative and technical safeguards. Organizations must adopt HIPAA administrative policies and implement HIPAA technical controls including backup and disaster recovery, audit logging, and intrusion detection.
Custom Compliance Policies
HIPAA requires that organizations set administrative policies and address safeguards including creating compliance roles, performing risk assessments, and managing incident response. Dash enables teams to generate custom compliance policies based around on your organization’s needs, structure, and technologies. Policies are designed around Amazon Web Services and customized through easy to answer questions.
Learn More About Administrative Policies
Technical Security Controls
Dash establishes a set of HIPAA technical controls based around your organization’s established policies and procedures. Security controls are built around individual AWS cloud services, best security practices, and HIPAA/HITECH standards. Organization can utilize Dash “click-to-fix” remediations to solve compliance issues with one click and maintain technical security standards.
Learn More About Technical Controls
Continuous Compliance Monitoring
Dash continuously monitors your AWS accounts for HIPAA configuration and security issues. Dash detects compliance concerns in your cloud environment such as unencrypted EBS volumes, audit logging issues and S3 buckets that are open to the public, alerts your team, and provides steps for resolving issues before they become full-blown violations.
Learn More About Continuous Compliance Monitoring
Get Started With AWS HIPAA Automation.
Fulfill HIPAA Requirements In AWS
Dash enables teams to plan and implement compliance safeguards and security controls including the following
Compliance Roles
Designate Security and Privacy Officer roles and define HIPAA compliance responsibilities within the organization.
Employee Training & Policies
Create policies for managing HIPAA requirements related to employee training and system access. Dictate access to PHI and sensitive data.
Audit Logging
Configure an audit logging solution and determine how logs are collected, reviewed, and accessed to meet HIPAA requirements.
Intrusion Detection
Implement and perform intrusion detection. Find malicious behavior and compliance issues before they become violations.
Risk Assessment & Review
Address HIPAA risk assessment and risk analysis requirements. Set review periods for gathering compliance information, reviewing safeguards, and handling reports.
Incident Response & Breach Notification
Create a standard operating procedure for responding to security incidents. Set policies for notifying customers and vendors of potential HIPAA security breaches.
Disaster Recovery
Setup a Disaster Recovery team and set Recovery Time Objectives (RTOs) for responding to application and service availability issues within your organization.
Data Encryption & Decryption
Set standard policies and technical controls for encrypting PHI data in-transit and at-rest on AWS.
Download Our Guide To Managing HIPAA In AWS
Trusted By Healthcare Innovators
From healthcare providers to software services and medical devices. You’re in good company.
Address HIPAA Requirements
Dash compliance controls are built around cloud computing and HIPAA safeguards including
164.312(a)(2)(iv) Encryption and Decryption
Ensure that all cloud data volumes, cloud databases, and transmitted data is encrypted.
164.308(a)(7)(i) Protection from Malicious Software
Ensure that cloud network and security groups do not expose ports or access that may compromise PHI.
164.308(a)(4)(i) Information Access Management
Ensure that your company uses proper user roles and policies in AWS. Avoid HIPAA violations stemmed from access issues.
164.312(b) Audit Controls
Ensure that your organization’s logs are properly collected, aggregated, and analyzed.
164.308(a)(1)(ii)(A) Risk Analysis
Set procedures for conducting risk assessments. Receive alerts and notifications for remediating compliance issues.
164.310(a)(1) Facility Access Controls
Address physical security requirements utilizing Amazon Web Services safeguards provided under BAA.
Get Started With AWS HIPAA Automation.
AWS Focused Compliance Solution
Dash enables organizations to build a robust HIPAA security plan and security controls for Amazon Web Services
AMI Deployed
Dash is deployed into your AWS Cloud account and allows teams to manage cloud services.
Utilize 100+ Cloud Services
Dash can be used alongside the hundreds of AWS cloud services to rapidly build, manage and get-to-market.
Unlock The Cloud For Healthcare
Automate HIPAA Compliance Controls for Amazon Web Services