How to Meet HIPAA Compliance Requirements in the AWS Cloud

May 02 2019

Machine learning-enabled medical image analysis. Prosthetics customized for individual patient comfort and performance courtesy of 3D printing. Context-aware, real-time communication platforms. Virtual Reality (VR) tools that enable medical students to experience and learn from life-and-death scenarios in low-stakes environments.

They’re among the numerous examples of technology pushing healthcare to new levels of efficiency and sophistication. In many cases, the technologies driving these innovations are cloud-based. That’s good and, in the minds of some healthcare organizations, not so good.

On the “good” side, healthcare organizations are eager to take advantage of the well-documented benefits of the cloud. On the “not-so-good” side are Health Insurance Portability and Accountability Act (HIPAA) compliance requirements.

HIPAA and Cloud Services

By itself, regulatory compliance can be complex and confusing. Add in cloud services, and the complexity multiplies — particularly with HIPAA.

HIPAA pertains to organizations that deal with personal health information (PHI). Few, if any, healthcare organizations are exempt from it, including healthcare systems, insurance providers, and Big Data companies that aggregate and analyze healthcare data.

It’s not just the technical requirements of HIPAA that makes compliance complicated. Many of the elements are more “recommendations” than “well-defined directives” and are open to interpretation. Rapidly changing technologies and frequent updates further muddy their clarity. But meeting the requirements isn’t something that can be ignored or continually delayed. Noncompliance can result in large fines, as well as lost business, damage to the organization’s reputation, and other business-wrecking consequences.

The Case for AWS Cloud Services

Many healthcare organizations seek out AWS Cloud services as AWS supports HIPAA compliance. It also provides an extensive array of resources to help use AWS in a HIPAA-compliant way. But as the company notes on its website, no software or cloud service is truly HIPAA compliant. HIPAA compliance is not about the platform. It’s about how the platform is used.

ClearScale’s HIPAA and AWS Expertise

That’s why working with an organization such as ClearScale can be invaluable. ClearScale understands HIPAA compliance and has extensive experience as it relates to cloud environments — including AWS Cloud environments.

We’re an AWS Premier Consulting partner. That means we’re among the top AWS consulting partners globally that have extensive experience in deploying customer solutions on AWS, a strong bench of certified technical consultants, at least one AWS competency (we have multiple), expertise in project management, and a healthy revenue-generating consulting business on AWS. 

Those multiple competencies referenced? Healthcare is one of them. As an AWS Healthcare Competency Partner, we’ve demonstrated success in building solutions for healthcare payers and providers that securely store, process, transmit, and analyze clinical information.

Compliance, Security, and Technical Assessments

So how can ClearScale help your organization meet its HIPAA requirements, especially if you’re using or want to use AWS Cloud services? That depends on your specific project needs, but it may entail:

• A review of applicable HIPAA requirements, particularly those that can be addressed through the AWS environment and with AWS tools and services

• An audit of your current IT environment and the use of AWS best practices, if you have an AWS environment, and cloud security and data privacy best practices

• Vulnerability assessments and penetration tests at both the application and infrastructure levels

• Remediation and risk mitigation plan including recommendations and “must dos”

• Reconfiguration and hardening of your current environment or development and deployment of new environment architecture to help meet HIPAA and other security and data privacy requirements

If you need web application development or infrastructure automation, we can also do those in ways that help meet HIPAA or other regulatory requirements.

Healthcare Industry Case Studies

The proof lies in our client engagements. Among them:

University of California, San Francisco

Influence Health





SF Match

Discover X

For many clients, like a current one that developed an AI-enabled platform for real-time monitoring of surgical blood loss, ClearScale’s services are being used to prepare for an upcoming HIPAA audit. With ClearScale helping to ensure the client’s environment meets all applicable HIPAA requirements, the client will be better positioned to pass the audit and avoid non-compliance penalties and potential audit-related delays.

Is Your Environment Audit-Ready?

Learn how ClearScale can help your organization comply with the technical and security requirements of HIPAA or other regulations. Contact us for a free security assessment or speak to one of our solution architects about a specific project need you have.

Get in touch today to speak with a cloud expert and discuss how we can help:

Call us at 1-800-591-0442
Send us an email at
Fill out a Contact Form
Read our Customer Case Studies