Hey Folks!, I am looking for some advice to secure...
# randomh
Haider Abbas
09/17/2021, 7:22 PMHey Folks!, I am looking for some advice to secure PHI Data (as per HIPPA Compliance) which is submitted in referral form through
Web_App(AWS S3)/Mobile_Apps(App/Play Store)App_Server(API Layer deployed on AWS EC2)DB_Server(AWS RDS)Encryption2FAMobile_Apps(App/Play store)AWS Infrastructuret
thdxr
09/17/2021, 11:56 PMYour setup right now is fine
thdxr
09/17/2021, 11:57 PMThe reality is HIPPA isn't a real security standard and you'll just need to answer a checklist customer by customer. They typically just vaguely ask about encryption at rest / in transit. The more managed services you use the easier this becomes to answer since they have to accept AWS's certifications
thdxr
09/17/2021, 11:59 PMIf you're managing your own EC2 instances you're going to get a bunch of questions around hardening and patching. Maybe can dodge them but I recommend using Fargate because then you can explain that you have no access to the host
thdxr
09/17/2021, 11:59 PMThe reason I found serverless in the first place is because I was looking for ways to reduce my compliance burden
h
Haider Abbas
09/18/2021, 7:41 PMThanks thdrx!, I agree with you. But i am facing difficulty how should i achieve this. Any Process flow diagram suggestions which i can follow.
Right now we have AWS S3, EC2, RDS in picture but facing challenge to convert above components in to HIPPA compliance. I mean to say if i use AWS Certifications then where, AWS Secrets Manager where, AWS Config Where etc.
Project stakeholder doesn't forcing me to use Encryption, 2FA but they simply want their PHI data secured and how i will achieve this it's a challenge for me to present in front of Project Stakeholders
Any help on this would mean a lot for me.. Great Thanks!