As organizations are forced to transform to a remote workforce, a question of security and capacity remains at the forefront of many employees’ minds, and not just within the IT organization. The pandemic and the rise in remote work have made a compelling case for the value and security of cloud more than ever before. The cloud can help organizations:
- Scale to meet demand
- Eliminate the need to manage servers on-prem
- Focus on their application rather than managing and building infrastructure
- Access the latest technologies for advanced analytics, collaboration, machine learning, and AI to name a few
AWS provides numerous services that empower organizations to work remotely in a secure and efficient way; however, there are nuances in regard to how certain types of data must be protected, and that nuance typically falls on the user to understand and enforce. As a highly regulated industry, healthcare, of course, is no exception. HIPAA was enacted over 20 years ago in an effort to protect the privacy of the patient, long before the advancements of cloud. For an IT organization within a healthcare company, interpreting a 20-year-old piece of legislation and understanding how that applies to today’s cloud technology can be both time consuming and challenging. That’s where ClearDATA can help.
ClearDATA gives customers direct access to the AWS console while we enforce compliance throughout the lifecycle of your application. Based upon our opinionated stance of different standards and regulations, ClearDATA enforces the appropriate technical controls through automation so organizations can focus on using AWS services to address business objectives, rather than worrying about how to use a service compliant to HIPAA.
Let’s look at two examples of Amazon Web Services tools that can support your new remote workforce, in a secure and compliant manner.
Amazon Connect
AWS calls Connect a “cloud-based contact center solution.” It allows you to create a cloud-based phone system for your workforce quickly, so they can work from anywhere with an internet connection. Customers can quickly create and configure a reliable platform to engage with customers, using a reliable and scalable solution from AWS.
ClearDATA customers are using Amazon Connect to engage with their patients and members, while ClearDATA Comply™, ClearDATA’s compliance management SaaS product, ensures the compliance of the AWS environment. For example, calls are typically recorded in real time and those conversations may contain sensitive information, such as Protected Health Information (PHI). By default, Connect creates an S3 bucket during the configuration process with encryption enabled but encryption itself may not be sufficient to store PHI, according to HIPAA. ClearDATA Comply’s Automated Safeguards for S3 include 12 additional technical controls that map directly to healthcare standards such as HIPAA and GDPR.
Figure 1: ClearDATA Comply provides our interpretation of different standards and how they map to the appropriate technical control over numerous AWS services, such as S3.
ClearDATA Comply ensures sensitive data that may be outputted from Connect is secure and compliant while organizations continue to build applications with Connect.
To learn more about Connect please visit https://aws.amazon.com/connect/
Amazon WorkDocs
Amazon WorkDocs is a fully managed and secure content creation, storage, and collaboration service. Users can create, edit, share, and collaborate on content from anywhere because it is all stored in the cloud and easily accessible. Customers use WorkDocs to access their critical content on any device, including PC, Mac, tablets and mobile, ensuring their content is always available to their remote workforce.
ClearDATA helps ensure our healthcare customers maintain compliance for their WorkDocs content. Amazon has built many technical controls into WorkDocs, including encryption at rest and encryption in transit. However, ClearDATA helps our customers go further by ensuring the services that connect to WorkDocs, such as the AWS Directory Service, are configured in a compliant manner so the entire WorkDocs infrastructure is following the guidance needed for healthcare companies. Our Reference Architectures help guide customers on using WorkDocs for sensitive healthcare data so they can ensure ongoing security and compliance.
To learn more about WorkDocs please visit https://aws.amazon.com/workdocs/
