aws re:invent - securing hipaa compliant apps in aws
DESCRIPTION
Control Group's David Rocamora and Pronia's Brian Besterman presented a case study on migrating HIPAA compliant applications in AWS at the AWS Re:Invent Conference on Nov. 29, 2012TRANSCRIPT
![Page 1: AWS Re:Invent - Securing HIPAA Compliant Apps in AWS](https://reader033.vdocuments.site/reader033/viewer/2022050919/548156f95806b5ed108b464e/html5/thumbnails/1.jpg)
Solutions in Action - GlucoCare
Securing HIPAA compliant applications in AWS
![Page 2: AWS Re:Invent - Securing HIPAA Compliant Apps in AWS](https://reader033.vdocuments.site/reader033/viewer/2022050919/548156f95806b5ed108b464e/html5/thumbnails/2.jpg)
Introductions Who are these guys?
David Rocamora VP DevOps Control Group
Brian Besterman CIO & Co-Founder Pronia Medical Systems
![Page 3: AWS Re:Invent - Securing HIPAA Compliant Apps in AWS](https://reader033.vdocuments.site/reader033/viewer/2022050919/548156f95806b5ed108b464e/html5/thumbnails/3.jpg)
What is GlucoCare?
• The GlucoCare™ Intensive Glycemic Control System is an FDA approved software-based insulin dosing calculator indicated for the management of high blood glucose levels in the hospital setting.
• In use at seven U.S. hospitals, including Memorial Sloan-Kettering Cancer Center in NYC.
• Additionally used throughout the mid-west by Kentucky Organ Donor Affiliates (KODA) over the Internet, running on EC2.
• GlucoCare has processed over 56,000 glucose readings for more than 1,500 patients since 2009.
![Page 4: AWS Re:Invent - Securing HIPAA Compliant Apps in AWS](https://reader033.vdocuments.site/reader033/viewer/2022050919/548156f95806b5ed108b464e/html5/thumbnails/4.jpg)
Why AWS for GlucoCare?
• Deployment efficiency and control • Ability to rapidly demo and pilot solutions • Cut through IT bureaucracy and satisfy governance requirements • Ease and speed of provisioning realistic training and test
environments • Measurable and predictable usage-based costs
![Page 5: AWS Re:Invent - Securing HIPAA Compliant Apps in AWS](https://reader033.vdocuments.site/reader033/viewer/2022050919/548156f95806b5ed108b464e/html5/thumbnails/5.jpg)
HIPAA Title II - Administrative Simplification
This provision addresses the security and privacy of health data
![Page 6: AWS Re:Invent - Securing HIPAA Compliant Apps in AWS](https://reader033.vdocuments.site/reader033/viewer/2022050919/548156f95806b5ed108b464e/html5/thumbnails/6.jpg)
Why AWS for HIPAA? HIPAA Breaches by Type/Asset; Affected Individuals
84% of incidents due to physical theft
or loss
![Page 7: AWS Re:Invent - Securing HIPAA Compliant Apps in AWS](https://reader033.vdocuments.site/reader033/viewer/2022050919/548156f95806b5ed108b464e/html5/thumbnails/7.jpg)
secret @8d2
... ...
GlucoCare AWS Environment
Encryption, HIPAA, and AWS Secure delivery of keys
Pronia uses secret keys to encrypt data
![Page 8: AWS Re:Invent - Securing HIPAA Compliant Apps in AWS](https://reader033.vdocuments.site/reader033/viewer/2022050919/548156f95806b5ed108b464e/html5/thumbnails/8.jpg)
Encryption, HIPAA, and AWS Secure delivery of keys
CloudFormation
CloudFormation is used to deliver the keys
secret @8d2
... ...
GlucoCare AWS Environment
![Page 9: AWS Re:Invent - Securing HIPAA Compliant Apps in AWS](https://reader033.vdocuments.site/reader033/viewer/2022050919/548156f95806b5ed108b464e/html5/thumbnails/9.jpg)
Encryption, HIPAA, and AWS Secure delivery of keys
Access to EC2 is restricted
CloudFormation
secret @8d2
... ...
GlucoCare AWS Environment
![Page 10: AWS Re:Invent - Securing HIPAA Compliant Apps in AWS](https://reader033.vdocuments.site/reader033/viewer/2022050919/548156f95806b5ed108b464e/html5/thumbnails/10.jpg)
Encryption, HIPAA, and AWS Secure delivery of keys
CloudFormation secret @8d2
... ...
GlucoCare EC2 Instance
Instances ask for secret keys on boot
![Page 11: AWS Re:Invent - Securing HIPAA Compliant Apps in AWS](https://reader033.vdocuments.site/reader033/viewer/2022050919/548156f95806b5ed108b464e/html5/thumbnails/11.jpg)
Encryption, HIPAA, and AWS Secure delivery of keys
GlucoCare
GlucoCare EC2 Instance
GlucoCare starts and gets the key
![Page 12: AWS Re:Invent - Securing HIPAA Compliant Apps in AWS](https://reader033.vdocuments.site/reader033/viewer/2022050919/548156f95806b5ed108b464e/html5/thumbnails/12.jpg)
Encryption, HIPAA, and AWS Secure delivery of keys
GlucoCare
GlucoCare EC2 Instance
GlucoCare deletes the keys after starting
![Page 13: AWS Re:Invent - Securing HIPAA Compliant Apps in AWS](https://reader033.vdocuments.site/reader033/viewer/2022050919/548156f95806b5ed108b464e/html5/thumbnails/13.jpg)
Pronia and Control Group There’s more to this story
To learn more about GlucoCare and Pronia: www.proniamed.com For a closer look at the encryption solution: www.controlgroup.com
![Page 14: AWS Re:Invent - Securing HIPAA Compliant Apps in AWS](https://reader033.vdocuments.site/reader033/viewer/2022050919/548156f95806b5ed108b464e/html5/thumbnails/14.jpg)
We are sincerely eager to hear your feedback on this
presentation and on re:Invent.
Please fill out an evaluation form when you have a
chance.