HIPAA Compliance Assessment

While AWS has its own baseline measures for HIPAA protection, it is each organization’s responsibility to configure the cloud environment correctly in full compliance with HIPAA. We determine what HIPAA requirements are mandatory for your particular organization and unfold a comprehensive assessment program covering technical, administrative, and physical security controls to ensure no security gaps on both AWS’s and the organization’s side.

Our assessment covers:

• AWS infrastructure review, including computing, networking, data storage and management, security services, and AWS-hosted apps.
• Penetration testing, vulnerability assessment, and automated and manual code review.
• Assessment of administrative safeguards, including internal policies regulating the processes of accessing and distributing PHI, security risk management and incident response, data backup and disaster recovery procedures.
• Assessment of technical safeguards, including access controls, audit logging, data encryption, and data integrity controls in the cloud.
• Assessment of physical safeguards, including the isolation of dedicated AWS cloud instances and access to physical devices and workstations connected to the cloud.
• Examination of employees’ knowledge on PHI handling and cyber hygiene.

After the assessment, we prepare a comprehensive report covering the scope of the audit, the found gaps in HIPAA compliance, and an actionable remediation plan. Our goal is to provide you with a clear checklist of corrective actions you need to implement to be confident in your organization’s HIPAA compliance.

If you need help implementing the improvements, ScienceSoft’s AWS-certified engineers, HIPAA consultants, and cybersecurity specialists can reconfigure your cloud environment or redesign the data governance framework in line with the HIPAA rule.