Compliance in the Cloud – HIPAA

compliance word cloud: Ad Victoriam Solutions Cloud Strategy blog

Today many companies are looking to move their applications and workflows to the Cloud in order to realize benefits such as minimizing cost, reducing IT overhead, and enterprise scalability.

Some of these solutions are required to maintain compliance with HIPAA, which creates concern when hosting in a public cloud platform such as AWS or Microsoft Azure. The good news is that both of these major public cloud providers have solutions for applications that require this sort of compliance.

Solutions that handle Protected Health Information (PHI) must maintain HIPAA compliance and are required to manage a number of safeguards at the administrative, technical, and physical levels. Some examples of these safeguards include:

  • Administrative
    • Privacy Officer Assignment
    • Annual Risk Assessments
    • Policies and Procedures
    • Employee Training
    • Establish a Business Associate Agreement (BAA) with all partners involved
  •  Technical
    • Transmission Security
    • Access Control
    • Auditing
  • Physical
    • Facility Access Controls
    • Workstation compliance
    • Device and Media handling

Typically, administrative safeguards are handled when a company accesses the PHI, technical controls are handled by the applications that manage this data, and physical safeguards are handled by parties that have physical access to the infrastructure.

Next, we will look at how AWS and Azure provide a platform to host HIPAA compliant applications as each provider meets HIPAA compliance at the Physical level.

AWS is a large player in the public cloud platform sector, and it provides the mechanisms to host a HIPAA compliant solution. AWS does provide a Business Associate Agreement (BAA) by request, but requires that you host your application in dedicated instances. Dedicated instances are costlier than shared instances, but guarantee that your VM is isolated and does not share resources with other VMs. Also, AWS requires that a VPC must be employed, and that their S3 and EBS services should be used to process and store PHI. Applications are required to handle encryption of the data in transit, auditing, and access controls.

Azure is another large public cloud platform, and also provides the ability to host a HIPAA compliant solution. Azure provides a BAA to all customers that are part of their Microsoft Online Subscription program, which is essentially any customer that is part of their Pay-as-you-go or Volume License agreements. Azure also provides HIPAA compliance for most of their Platform-as-a-Service (PaaS) offerings, such as Azure SQL Database, Azure Service Bus, and Azure Cloud Services. This creates an advantage when hosting HIPAA compliant solutions in Azure, as their BAA covers most of their IaaS, PaaS, and SaaS offerings. As with AWS, Azure requires that the applications handle certain measures such as encryption, auditing, and access controls.

AWS and Azure, the top two public cloud platforms, each provide a solution to host a HIPAA compliant solution. Each certify their solutions at the physical level, and require the customer to handle compliance at the administrative and technical levels. As such, certain architectures and security measures should be used to ensure that the application meets HIPAA compliance.

For more information on how you can host your HIPAA application in the cloud, please reach out to Ad Victoriam solutions.

The Commoditization of the Data Warehouse

These are exciting times in the data and analytics world! The last couple of years have seen a surge in technologies and offerings that bring big-time data and analytics into reach for most companies. No longer isolated to Fortune-500 data powerhouses with multi-million dollar project budgets, “Big Data” and Data Warehousing are becoming a commodity thanks to the cloud and innovators such as AWS and Microsoft.

PaaS: In the Beginning…

It all started with Platform-as-a-Service (PaaS) solutions such as Redshift from AWS, Microsoft’s Azure SQL Data Warehouse as well as IBM’s DashDB Enterprise, among others. These solutions promise Petabyte scale capability and pricing that makes them a viable solution for many startups and mid-market companies needing advanced data capabilities with a minimum of IT infrastructure and cost.

We continue to recommend these solutions to our customers that are RDBMS-savvy and have SQL skills in-house that they want to leverage.

SaaS: The Next Evolution

The next evolution was to Software-as-a-Services (SaaS) solutions such as Snowflake Computing’s Elastic Data Warehouse and Cazena. These solutions further lower the IT infrastructure and skillset cost required to achieve big-time analytics capabilities.

Additionally, they drive a more seamless analytics experience by bringing non- and-semi-structured data and traditional structured data together in a cohesive solution. These solutions also drive a more elastic model, allowing businesses to scale and shrink their solution on-demand as their business and analytics needs change over time. They manage the resources behind the solution with a minimum of IT resources required, while consolidating an array of best-in-breed technologies to simplify the “data ecosystem.”

As Hadoop offerings continue to progress, they are also figuring heavily into the data ecosystems. Many providers, such as AWS and Microsoft, offer cloud-based solutions that can be near-seamlessly integrated into more structured data warehouses and ecosystems. On-premise solutions from Cloudera, Hortonworks and others give companies that require non-cloud solutions options as well. The performance and tools such as Spark and Yarn are broadening the use-cases for Hadoop and improving the performance of processing and querying against non-structured data.

Integration: Greater Accessibility

Finally, integration solutions for the data warehouse are becoming even more accessible and easy to use. A great example is Microsoft Azure’s Logic Apps. These solutions allow simple integrations and control-flow to be developed in a cost-effective model with lower technical expertise requirements. Typical infrastructure considerations for connectivity to systems still apply, but the ability to deliver batch and near real-time integrations between common applications and/or data sources using pre-built integration connectors is growing rapidly.

Conclusion

All this means more options for companies and solution providers, at the right scale, skill-set and price. These are exciting times indeed, as we can now deliver data and analytics solutions with greater fit and value than ever before. Contact us and we'll connect you with a data solutions specialist. 

How IoT is Revolutionizing Healthcare

innovation technologies

The recent rise in the popularity of fitness technology (i.e. smart watches and Fitbits) is beginning to show the impact that the “internet of things” (IoT) is having on the healthcare industry. However, these devices are only the beginning of how technology is revolutionizing healthcare.

As it stands, any medical device that allows for the transfer of data – including data hubs, communication networks, microprocessors, etc. – is a driving force behind the intersection of IoT and the healthcare system. Given that confidential patient data is the connecting piece of the puzzle, privacy concerns and constraints remain a hot topic; however, the healthcare industry is still interested in exploring any opportunities to make the IoT work for them.

The ultimate goals of IoT integration in healthcare are to cut costs, ensure the ill/injured are cared for properly, and make healthcare professionals more efficient.

While those inside the healthcare industry seek to find ways to incorporate the IoT, patients are taking their health into their own hands. A rising tide of people are using wearable fitness products, apps and sensors to collect and analyze their medical information. Many industry experts feel that this is an essential first step in the direction of integrating this patient data seamlessly into the healthcare system.

As the rates of IoT-Healthcare technology use continue to climb, these types of IoT projects are only beginning. There is no shortage of ideas on how to incorporate IoT into the medical field and what’s better is that several leading enterprise technology companies stand ready to help.

With the backing of Ad Victoriam Solutions, an Atlanta-based IT strategy consulting firm, the healthcare facilities that wish to participate in IoT will be able to make themselves much more efficient and competitive. Additionally, they’ll have the option to easily share information, which will help increase patient quality of care, improve both internal and external communications, and more efficiently track medical supplies.

These ideas are just the tip of the iceberg when it comes to the many ways IoT can be used to improve the daily operations of those in the medical field. Only time will tell what else will be dreamed up.

For more information about leveraging IoT technology for your business or practice, contact the big data consultants at Ad Victoriam Solutions. You can read up on the 3 Major Players in the IoT Space: Salesforce®Microsoft and AWS.

Major Players in the IoT Space, Pt. 3: Amazon Web Services (AWS)

In Part 1 of this blog series exploring the big players in the Internet of Things (IoT) revolution, we talked about how the “internet of things” refers to a network of objects that have been embedded with software, network connectivity, electronics and sensors, and how Salesforce® is able to integrate with IoT infrastructures to exchange and collect data. Then in Part 2, we discussed the role Microsoft plays in the IoT sphere.

In this blog, we’ll now take a look at how Amazon Web Services (AWS) has joined the ranks of IoT solutions. AWS has created an IoT cloud platform that allows devices to connect and interact easily amongst each other, with applications in the cloud and on other devices.

Below are 3 ways that AWS is working to make their IoT features a lot stronger:

1. Device Connectivity and Management

AWS’ IoT setup has massive support capability —“billions of devices and trillions of messages”— as well as the ability to make sure those messages get to where they need to go securely and easily. What’s better is that with AWS, you have the apps at your disposal to communicate with and track each device available, whether they’re connected or not.

Moreover, AWS works with both MQTT (a lightweight protocol for communication designed to communicate intermittently) and HTTP, among other protocols, which allow for even greater communication possibilities.

2. Device Security

Amazon has worked to ensure device security through SigV4 authentication and traditional X.509 certification. Harnessing the internet of things through AWS offers users encryption power across numerous connection points. This means that data is not shared across devices without identity being proven.

Additionally, secure access can be gained using granular permission. To begin a connection, users must have a certificate generated and deployed by a device. This policy eliminates “toy development boards and IoT prototyping platforms.”

3. Device Data

Finally, AWS gives IoT users the power to act upon, filter and transform all of their data whenever and wherever based on the specific rules they define. What’s more, at any time users can update rules whenever a new device needs to be added. AWS customers don’t even need to use the physical device to update the rules.

Cloud computing services, like AWS, are becoming increasingly important for businesses. If your enterprise would like to expand your company’s use of cloud computing and the internet of things, contact Ad Victoriam Solutions.

For an overview on the various IoT solutions offered by Salesforce®, Microsoft and Amazon, bookmark our blog and stay tuned for Part 4 of our ongoing blog series.

3 Reasons Why Netflix, Condé Nast, and Comcast All Employ AWS to Meet Their Cloud Computing Needs

Amazon Web Services (AWS) provides a wide array of solutions for business cloud computing needs. Comcast, Condé Nast and Netflix (among many others) all leverage AWS for many of their business needs.

“Our success with the AWS infrastructure can be attributed to the elasticity, scalability, global availability of the service, as well as the key focus on velocity from the AWS development team,” says Eva Tse, Director of Big Data Platform at Netflix.

Is AWS right for your business? To help you with your decision, here are the highlights of why businesses of all sizes and types choose AWS.

Security

Amazon has worked hard to provide cloud-computing services that are safe and secure for their users. The long list of security certifications AWS has includes HIPAA, ISO 27001, SAS 70 Type II, FISMA Moderate and PCI DSS Level 1. Moreover, Amazon works to keep these securities strong by using multiple layers of security (both physically and operationally), as well as routinely auditing their security.

Affordability

When you choose AWS, many of the solutions do not require contracts or up-front costs. AWS supports a “pay as you go” approach. This approach allows customers to use only the amount of storage and/or power they need—there’s no requirement to pay for storage or power that your company won’t use. Furthermore, Amazon has continued to lower pricing for many of its key solutions, even as features within them expand.

Additionally, this approach with AWS allows you to terminate service whenever you desire, make size changes and have access to expert customer service.

If your solution requires a more strategic, long-term budgeting approach, AWS allows for tiered commitment pricing that is often at a significant discount over the “pay as you go” pricing model. Additionally, many of those can be scaled up over time so you don’t have to commit and pay now for planned future needs.

Flexibility

AWS supports machine images and solutions for most operating systems and computing languages. For instance, when you are creating a virtual machine, you’re given the opportunity to select an image with the platform and/or programming language support that best fits your needs and capabilities.

This flexibility means that your company can continue to leverage existing computing resources and skillsets (i.e. languages and systems) rather than investing in purchasing and training for new computing software. This can keep the need for additional resources to a minimum.

While these top companies leverage AWS, it does not guarantee it as the best option for every organization. However, AWS should be evaluated as an option for your cloud computing business strategy. The cloud strategy consultants at Ad Victoriam can help you do this and more. We’ll work closely with your team to find and integrate a cloud technology solution that feels like it was made especially for you!

Contact us today to find out how the right technology can help push your company forward. Also, browse our blog for cloud computing tips from our experts, enterprise technology news and much more.