December 5, 2019
Moving Your SaaS Platforms to AWS: Four Reasons Why it’s a Good Idea
For any healthcare provider preparing to embark on a major migration from an on-premise data center to the Cloud, data security is a key concern. Achieving compliance with HIPAA regulations for processing and managing Protected Health Information (PHI) requires careful planning and execution. Healthcare providers face the additional pressure of knowing that they are one of the most targeted industries for data breaches. According to the Data Security Incident Response Report from the law firm Baker & Hostetler, healthcare systems account for around one-fourth of all U.S. cyber attacks.
While achieving HIPAA compliance can be challenging, three key resources are available to help healthcare providers reach their goal.
No single data security standard addresses the diversity of industry, government, and technical requirements. However, widely accepted standards defined by ISO, NIST, PCI, HIPAA, PDPA, and GDPR provide a well-reasoned foundation for defining enterprise security architectures.
The HITRUST CSF (health information trust alliance common security framework) builds on these standards to create a single overarching information privacy and security framework. The HITRUST CSF is commonly adopted by healthcare providers. By normalizing widely accepted security standards, HITRUST CSF allows an organization to modify the security control baselines to support a healthcare provider’s unique industry, size, systems, and regulatory requirements.
AWS Cloud is used by an ever-growing number of healthcare providers to achieve compliance with HITRUST CSF. AWS supports HITRUST Common Security Framework (CSF) via a shared responsibility model where AWS manages the security of the cloud environment and infrastructure and the client is responsible for security infrastructure. In other words, AWS provides and manages the compliance-ready cloud infrastructure and a wide range of services, tools, and controls that clients can use to secure workloads, deploy critical applications, and meet their compliance requirements in the AWS Cloud. AWS capabilities include:
The HITRUST CSF and AWS services and tools provide a powerful combination of capabilities to help healthcare providers migrate to the cloud. However, one additional resource is required to ensure a successful migration—an AWS Competency Partner.
An AWS Healthcare Competency Partner provides proven technical expertise in building secure, scalable, innovative healthcare solutions in the AWS cloud. By applying their knowledge of the HITRUST CSF and deep experience in implementing AWS capabilities, an AWS Competency Partner uses the HITRUST CSF assessment tool to identify the required security and privacy controls. Based on this assessment, they then implement the corresponding AWS services, tools, and controls. The partner can also coordinate additional activities such as working with third-party auditors to test and verify the solution and submit the results to HITRUST for review and certification.
A cloud migration initiative is a major undertaking, but the complexity can be significantly diminished with the help of the right resources. The HITRUST CSF provides a well-developed framework to guide healthcare providers’ privacy and security strategies. AWS offers proven capabilities in securely supporting healthcare providers’ data and workload needs in a cloud environment. An AWS Healthcare Competency Partner provides the knowledge and experience to apply the HITRUST CSF to the unique needs of a healthcare provider and implement AWS services, tools, and controls to achieve HIPAA-compliant solutions.