High-level Diagram of our HIPAA Compliant Architecture.
Send an e-mail to firstname.lastname@example.org to schedule a compliance tour. Only available for Enterprise Users.
© 2023 by DeepCura Inc.
Engineered by DeepCura in San Francisco.
A Well-equipped Samurai beats 10 traditionally trained warriors.
HIPAA Compliant Infrastructure for DeepCura Users.
High-level view of our HIPAA Compliant Infrastructure powered by AWS.
AWS offers a commercial-off-the-shelf infrastructure platform with industry recognized certifications and audits such as ISO 27001, FedRAMP, and the Service Organization Control Reports (SOC1, SOC2, and SOC3). AWS services and data centers have multiple layers of operational and physical security to help ensure the integrity and safety of customer data. With no minimum fees, no term-based contracts required, and pay-as-you-use pricing, AWS is a reliable and effective solution for growing healthcare industry applications.
Amazon Elastic Compute Cloud Amazon EC2
As a HIPAA compliant service provider, we utilize Amazon Elastic Compute Cloud (EC2) to offer a scalable and user-configurable compute service that supports multiple methods for encrypting data at rest and in transit, as required by the HIPAA regulations.
We ensure that PHI is encrypted at rest. Additionally, we integrate our applications with AWS KMS for key management , storage, and implement encryption using full disk encryption tools.
For data in transit, we require that network traffic containing PHI must be encrypted. We use open standard transport encryption mechanisms such as Transport Layer Security (TLS) and IPsec virtual private networks (VPNs) for traffic between external sources and Amazon EC2, consistent with the HIPAA Guidance.
By implementing these encryption methods provided by Amazon EC2, we ensure that PHI is secured and protected in accordance with HIPAA regulations.
We utilize Amazon CloudFront to deliver our application globally, while ensuring that PHI is encrypted at all times while in transit.
To achieve this, we configured CloudFront to use HTTPS end-to-end from the origin to the viewer. By configuring HTTPS, we ensure that data in transit is encrypted and secure.
By implementing these measures, we ensure that PHI is encrypted at all times while in transit with CloudFront, in accordance with HIPAA regulations.
Amazon Web Services (AWS) Web Application Firewall (WAF)
Amazon Web Services (AWS) Web Application Firewall (WAF) is a security service that helps protect web applications from common web exploits that could compromise the security of PHI.
By deploying AWS WAF, we can configure rules to inspect incoming traffic and block requests that do not meet specified conditions, such as those containing malicious payloads or unauthorized access attempts. AWS WAF also provides pre-configured rule sets designed to detect and block common web exploits, including cross-site scripting (XSS), SQL injection, and others.
To ensure HIPAA compliance, we configured AWS WAF to enforce secure communications channels using HTTPS. AWS WAF also blocks requests from known malicious IP addresses or countries, and to monitor and log web traffic for further analysis and auditing purposes.
By implementing AWS WAF as part of our security strategy, we can help protect PHI from unauthorized access and comply with HIPAA guidelines for safeguarding electronic protected health information (ePHI) in our web application.
Lastly, it is very important to mention that we do not store any kind of patient information for any purpose.