Skip to content

HIPAA Compliance in HSLynk

Eric Jahn edited this page May 13, 2020 · 7 revisions
Clone this wiki locally

Architecture of our HIPAA-driven security-related components:

  • separate VPCs for production and development with with separate subnets
  • Bastion host
  • Encryption at rest of S3, Big Data, and relational data stores
  • Encryption of data in motion - SSH, TLS, tokenized APIs, Trusted Apps
  • Identity and access control by role
  • We have a BAA with Amazon Web Services

Other steps: