One of Amazon Web Services’ (AWS) officially endorsed methods to achieving HIPAA (Health Insurance Portability and Affordability Act) compliance was to start with Dedicated Instances or Dedicated Hosts. That stipulation is no longer required, per a recent update to AWS’ HIPAA compliance whitepaper.
So why is this a big deal? First, Dedicated Instances, or Hosts, come with a price, which is understandable because they cost Amazon more to deliver. Instead of sharing underlying hardware with multiple AWS customers, dedicated platforms have their own hardware, exclusively for a particular AWS account. This model essentially provides a physical barrier to your data being shared with other users. While that arrangement might provide a warm, fuzzy level of comfort, Amazon is acknowledging that non-Dedicated Instances, i.e. Shared Instances, also have the isolation necessary for compliance. This means you don’t have to pay extra for Dedicated Instances or Hosts to meet the needs of HIPAA.
When you add the security overhead that comes with HIPAA compliance, it can become expensive to achieve compliance. After all, you may need to hire a security expert and you will probably want to use Security and Compliance solutions such as those offered by CloudCheckr. Given the daily news reports of cybersecurity problems, the last thing technology providers should be doing is putting up obstacles to security. Requiring organizations to pay more to be secure is the wrong way to go.
Now, with this change from AWS, companies do not have to choose between security and the flexibility offered by shared Instances. As always, CloudCheckr’s Cost Management module can help offset the cost of CloudCheckr Security module, resulting in increased security with a decrease in overall cloud spend.
Securing HIPAA in the Cloud
If you work in healthcare, you understand the challenges that come with keeping information safe. Download our white paper for the technical safeguards you need to operate within the AWS and Azure clouds.