aws re:invent - securing hipaa compliant apps in aws
DESCRIPTION
Control Group's David Rocamora and Pronia's Brian Besterman presented a case study on migrating HIPAA compliant applications in AWS at the AWS Re:Invent Conference on Nov. 29, 2012TRANSCRIPT
Solutions in Action - GlucoCare
Securing HIPAA compliant applications in AWS
Introductions Who are these guys?
David Rocamora VP DevOps Control Group
Brian Besterman CIO & Co-Founder Pronia Medical Systems
What is GlucoCare?
• The GlucoCare™ Intensive Glycemic Control System is an FDA approved software-based insulin dosing calculator indicated for the management of high blood glucose levels in the hospital setting.
• In use at seven U.S. hospitals, including Memorial Sloan-Kettering Cancer Center in NYC.
• Additionally used throughout the mid-west by Kentucky Organ Donor Affiliates (KODA) over the Internet, running on EC2.
• GlucoCare has processed over 56,000 glucose readings for more than 1,500 patients since 2009.
Why AWS for GlucoCare?
• Deployment efficiency and control • Ability to rapidly demo and pilot solutions • Cut through IT bureaucracy and satisfy governance requirements • Ease and speed of provisioning realistic training and test
environments • Measurable and predictable usage-based costs
HIPAA Title II - Administrative Simplification
This provision addresses the security and privacy of health data
Why AWS for HIPAA? HIPAA Breaches by Type/Asset; Affected Individuals
84% of incidents due to physical theft
or loss
secret @8d2
... ...
GlucoCare AWS Environment
Encryption, HIPAA, and AWS Secure delivery of keys
Pronia uses secret keys to encrypt data
Encryption, HIPAA, and AWS Secure delivery of keys
CloudFormation
CloudFormation is used to deliver the keys
secret @8d2
... ...
GlucoCare AWS Environment
Encryption, HIPAA, and AWS Secure delivery of keys
Access to EC2 is restricted
CloudFormation
secret @8d2
... ...
GlucoCare AWS Environment
Encryption, HIPAA, and AWS Secure delivery of keys
CloudFormation secret @8d2
... ...
GlucoCare EC2 Instance
Instances ask for secret keys on boot
Encryption, HIPAA, and AWS Secure delivery of keys
GlucoCare
GlucoCare EC2 Instance
GlucoCare starts and gets the key
Encryption, HIPAA, and AWS Secure delivery of keys
GlucoCare
GlucoCare EC2 Instance
GlucoCare deletes the keys after starting
Pronia and Control Group There’s more to this story
To learn more about GlucoCare and Pronia: www.proniamed.com For a closer look at the encryption solution: www.controlgroup.com
We are sincerely eager to hear your feedback on this
presentation and on re:Invent.
Please fill out an evaluation form when you have a
chance.