One of Amazon Web Services’ (AWS) officially endorsed methods to achieving HIPAA (Health Insurance Portability and Affordability Act) compliance was to start with Dedicated Instances or Dedicated Hosts. That stipulation is no longer required, per a recent update to AWS’ HIPPA compliance whitepaper.
So why is this a big deal? First, Dedicated Instances, or Hosts, come with a price, which is understandable because they cost Amazon more to deliver. Instead of sharing underlying hardware with multiple AWS customers, dedicated platforms have their own hardware, exclusively for a particular AWS account. This model essentially provides a physical barrier to your data being shared with other users. While that arrangement might provide a warm, fuzzy level of comfort, Amazon is acknowledging that non-Dedicated Instances, i.e. Shared Instances, also have the isolation necessary for compliance. This means you don’t have to pay extra for Dedicated Instances or Hosts to meet the needs of HIPAA.
When you add the security overhead that comes with HIPAA compliance, it can become expensive to achieve compliance. After all, you may need to hire a security expert and you will probably want to use Security and Compliance solutions such as those offered by CloudCheckr. Given the daily news reports of cybersecurity problems, the last thing technology providers should be doing is putting up obstacles to security. Requiring organizations to pay more to be secure is the wrong way to go.
Now, with this change from AWS, companies do not have to choose between security and the flexibility offered by shared Instances. As always, CloudCheckr’s Cost Management module can help offset the cost of CloudCheckr Security module, resulting in increased security with a decrease in overall cloud spend.
CloudChecker and CorpInfo recently conducted a webinar on this very topic. Watch and learn about HIPAA Compliance and how to achieve it, using the resources of CloudCheckr and CorpInfo.