Postgres Meets HIPAA in the Cloud

March 31, 2015

It wasn’t long ago that complying with the Health Insurance Portability and Accountability Act (HIPAA) required healthcare applications to be run on-premises. To ensure health information was truly safe, it was necessary to identify the location of the specific disks that held it, and generally ensure the physical security and processes that protected it. Virtualization and the cloud have changed computing, and compliance has caught up.

Of course, the cloud offers significant advantages for all kinds of applications. Compared to physical deployments, application deployments to the cloud are quick, easy, and less expensive. You can scale your application’s environment to match the needed level of performance – even as that changes moment to moment – and deliver service to customers wherever they might be. And now HIPAA regulations allow healthcare applications to run in the cloud, as long as you pick a cloud provider that is HIPAA compliant, and offers the secure services that your application requires.

Amazon Web Services (AWS) meets those requirements, and EnterpriseDB’s Postgres Plus Cloud Database Advanced is the ideal database for managing healthcare information.

The Fine Print 

The US Department of Health and Human Services considers any healthcare provider that electronically transmits health information in connection with transactions as a “covered entity”. A "business associate" is a person or entity who performs functions or activities on behalf of, or provides certain services to, a covered entity and isn’t employed by the covered entity.

AWS enables covered entities and their business associates subject to HIPAA to leverage the secure AWS environment to process, maintain and store protected health information.

AWS is a HIPAA compliant platform by virtue of complying with FedRamp and NIST 800-53 standards, both of which meet a higher security standard than what’s required for HIPAA compliance. NIST has issued Special Publication 800-66, "An Introductory Resource Guide for Implementing the HIPAA Security Rule," which documents how NIST 800-53 aligns with the HIPAA Security rule.

HIPAA rules generally require that covered entities and business associates enter into contracts to ensure that the business associates will appropriately safeguard protected health information. AWS will sign a Business Associate Agreement (BAA) as described in the HIPAA rules and regulations to satisfy this requirement. This should reassure you that the AWS platform represents a HIPAA compliant context for your application.

Postgres Plus Cloud Database (PPCD) Advanced not only provides a world-class relational database suitable for mission-critical applications, but it includes the security and auditing features that are required for enabling an application’s HIPAA compliance. The underlying technology of EDB’s Postgres Plus in the cloud supports HIPAA in multiple ways. Its architecture guarantees that your database instances and data are running in completely private and secure compute instances. The database further provides encrypted communications for data in transit and encrypted private storage for data at rest, and advanced auditing capabilities suitable for use in developing HIPAA reporting.  

Attend our webinar at 11 am EDT on Wednesday April 1st to learn more about enabling HIPAA compliance with AWS and Postgres Plus Cloud Database Advanced for your healthcare application. 

Go here for information and to register for our webinar: Achieving HIPAA Compliance with Postgres Plus Cloud Database Advanced

Fred Dalrymple is Product Manager, Postgres Plus Cloud Database at EnterpriseDB.

Share this