Announcement

Turbot supports compliance with HIPAA and PHI security

Using Turbot enterprise guardrails, DevOps teams can ensure they use only HIPAA-eligible AWS services and that they securely process, store, and transmit PHI data.

Turbot Team
5 min. read - Feb 28, 2017
Using Turbot enterprise guardrails, DevOps teams can ensure they use only HIPAA-eligible AWS services and that they securely process, store, and transmit PHI data.

turbot-hipaa

Many of our enterprise customers use Turbot Guardrails to ensure continuous compliance of their cloud infrastructure with specific industry standards such as NIST 800-53 and CIS.

Similarly, our life sciences customers have discovered that Turbot Guardrails reduces the effort required to comply with HIPAA regulations and enforces policies to protect Protected Health Information (PHI). The enterprise can ensure that DevOps teams use only HIPAA-eligible AWS services, and that they securely process, transmit and store PHI data by utilizing the following guardrails:

1. Whitelist only HIPAA-eligible Services

Using Turbot Guardrails, customers can whitelist only HIPAA-eligible AWS Services (including the recently-added API gateway and Direct Connect), AMIs, RDS Engine Types, etc. All other services can be disabled to ensure no non-HIPAA compliant services are used.

2. Enforce Encryption Standards

Turbot Guardrails offers Encryption at Rest and Encryption in Transit guardrails that can be enforced across various HIPAA-eligible AWS services.

turbot-hipaa-encryption

3. Enforce Dedicated Instances

To support tenancy compliance of HIPAA Privacy and Security Rules for protecting PHI, Turbot Guardrails can ensure that only dedicated hardware is used for any applicable VPC services (e.g. EC2, RDS, etc.) when provisioned in a HIPAA applicable account / VPC.

4. Complete Audit Trail

Turbot Guardrails provides full transparency to all AWS and Turbot Guardrails configurations and events. Turbot Guardrails Central Log Management capabilities aggregate AWS and Turbot activity logs to regional logging buckets per account. Users can view log details through raw logs located in S3. Using the Turbot Guardrails console, they can also view current and prior event history per various levels of the resource hierarchy.

turbot-hipaa-audit-logging

5. Backup / Snapshot Automation

Turbot Guardrails provides operational guardrails to ensure appropriate backups / snapshots occur, and that those backups are retained for appropriate time periods.

Contact us for more information about compliance guardrails and a full demo of how Turbot Guardrails can enhance and support your cloud team.