HIPAA on Amazon Web Services

Electronic Protected Health Information (ePHI) that is accessible to business associates (BAs), such as cloud service providers and health IT organizations, must be protected per HIPAA regulations. The data can be transmitted beyond on-premise boundaries and become resident on non-organizational assets, and as such, due diligence becomes critical and complicated, hence challenging to demonstrate.

Amazon Web Services (AWS) provides a diverse array of services – storage, compute, application, etc. – for use by organizations that can also realize financial and operational efficiencies by moving to or managing data in the cloud. Managing ePHI in the cloud has challenges as organizations must share responsibility for data security beyond what AWS provides.

Healthcare organizations including business associates must ensure that the proper technical, operational, and administrative measures are implemented and maintained to protect PHI. This includes binding contractual agreements with BAs, and annual risk assessment and security compliance attestation.

Join Coalfire's Michael Williams, Senior Consultant on the Healthcare & Life Sciences team, Jeremy Gibbons, Principal Cyber Engineering and Chris Whalley, APN Compliance Lead with AWS as they discuss how organizations can best leverage AWS services into their operations, and effectively partner with AWS to demonstrate due diligence and security compliance.

We'll cover:

  • Core AWS service offerings in the healthcare space, service provision environment and operations
  • AWS services that can support or augment existing organizational compliance
  • Information security attestation in the cloud
  • The shared responsibility model for security compliance in the cloud
  • Developing a migration roadmap for deploying on-premise operations to the cloud
  • Best practices for security remediation in the cloud
  • Privacy and breach notification in the cloud
  • How to meet HIPAA compliance requirements when leveraging cloud services
  • Illustrative use cases

Leading Experience in Amazon Web Services, Cybersecurity, and healthcare data security.

Coalfire is a diverse professional services firm focused on cybersecurity assessment and advisory, risk management and compliance, technical testing and security engineering.  Coalfire is an industry leader in cloud security assessment and advisory, as well as an AWS Consulting Partner Network member (serving AWS as a preferred assessor and trusted advisor in FedRAMP, and PCI DSS).

This recorded webinar requires registration. Please fill out the form on this page to receive access.

HIPAA on Amazon Web Services