Similarly, our life sciences customers have discovered that Turbot reduces the effort required to comply with HIPAA regulations and enforces policies to protect Protected Health Information (PHI). The enterprise can ensure that DevOps teams use only HIPAA-eligible AWS services, and that they securely process, transmit and store PHI data by utilizing the following guardrails:
1. Whitelist only HIPAA-eligible Services
Using Turbot, customers can whitelist only HIPAA-eligible AWS Services (including the recently-added API gateway and Direct Connect), AMIs, RDS Engine Types, etc. All other services can be disabled to ensure no non-HIPAA compliant services are used.
2. Enforce Encryption Standards
Turbot offers Encryption at Rest and Encryption in Transit guardrails that can be enforced across various HIPAA-eligible AWS services.
3. Enforce Dedicated Instances
To support tenancy compliance of HIPAA Privacy and Security Rules for protecting PHI, Turbot can ensure that only dedicated hardware is used for any applicable VPC services (e.g. EC2, RDS, etc.) when provisioned in a HIPAA applicable account / VPC.
4. Complete Audit Trail
Turbot provides full transparency to all AWS and Turbot configurations and events. Turbot’s Central Log Management capabilities aggregate AWS and Turbot activity logs to regional logging buckets per account. Users can view log details through raw logs located in S3. Using the Turbot console, they can also view current and prior event history per various levels of the resource hierarchy.
5. Backup / Snapshot Automation
Turbot provides operational guardrails to ensure appropriate backups / snapshots occur, and that those backups are retained for appropriate time periods.
Contact us for more information about compliance guardrails and a full demo of how Turbot can enhance and support your cloud team.