Life Sciences

Architecting for HIPAA security and compliance on AWS

Issue link: https://read.uberflip.com/i/1182534

Contents of this Issue

Navigation

Page 47 of 50

Amazon Web Services – Architecting for HIPAA Security and Compliance Page 41 service, you must separately accept any such push notification platform provider's terms and conditions. If you plan to send push notifications that contain PHI, it's your responsibility to determine whether a HIPAA-compliant business associate agreement should be established between you and each push notification service provider. The SMS (text message) and Voice message capabilities of Amazon Pinpoint are not HIPAA eligible at this time. You should not use these channels to transmit PHI. Amazon Pinpoint is integrated with CloudTrail, a service that captures API calls made by or on behalf of Amazon Pinpoint in the customer's AWS account and delivers the log files to an Amazon S3 bucket. Amazon SES You must ensure that encryption is enforced on any emails that contain PHI. You can configure Amazon Simple Email Service (SES) to only send encrypted emails by configuring it to require TLS connections. For more information, see Amazon SES and Security Protocols at https://docs.aws.amazon.com/ses/latest/DeveloperGuide/security.html#securi ty-ses-to-receiver. Amazon SES is integrated with CloudTrail, a service that captures API calls made by or on behalf of Amazon SES in the customer's AWS account and delivers the log files to an Amazon S3 bucket. Auditing, Back-Ups, and Disaster Recovery HIPAA's Security Rule also requires in-depth auditing capabilities, data back-up procedures, and disaster recovery mechanisms. The services in AWS contain many features that help customers address these requirements. In designing an information system that is consistent with HIPAA and HITECH requirements, customers should put auditing capabilities in place to allow security analysts to examine detailed activity logs or reports to see who had access, IP address entry, what data was accessed, etc. This data should be tracked, logged, and stored in a central location for extended periods of time, in case of an audit. Using Amazon EC2, customers can run activity log files and

Articles in this issue

Links on this page

view archives of Life Sciences - Architecting for HIPAA security and compliance on AWS