HIPAA and EU GDPR Whitepaper
The accelerated growth of the healthcare technology industry has resulted in an equivalent interest in the adoption of cloud computing in patient care. However, these innovations and creative programs are to be made or performed in a framework which is set out from the federal government. In the case of the United States, it’s called HIPAA compliance.
This whitepaper is written to provide information on how Aesthetic Record EMR system is architected according to HIPAA and how we encrypt and protect your data on the cloud. This whitepaper also addresses how we manage system security, how we perform backups and our disaster recovery plan.
Encryption and Protection of PHI in AR
The HIPAA Security Rule includes addressable implementation specifications for the encryption of PHI (protected health information) in transmission (“in transit”) and in storage (“at rest”). Aesthetic Record encrypts the PHI stored in or being transmitted in accordance with guidance from the Secretary of Health and Human Services (HHS).
When determining how to implement encryption, we evaluated and decide to take advantage of the encryption features native to the HIPAA-eligible services provided by Amazon Web Services – Cloud Computing (AWS).
Amazon EC2 - Cloud Computing
Amazon EC2 is a scalable, user-configurable service that supports multiple methods for encrypting data “at rest”. We use EC2 to run our Aesthetic Record platform. We encrypt our application framework using standard security libraries in CakePHP application framework and leverage the transparent data encryption features in MySQL databases.
For “In transit” (Network traffic containing PHI) is encrypted using industry-standard transport encryption mechanism Transport Layer Security (TLS).
Internally, for data traveling between Aesthetic Record Amazon EC2 instances, network traffic containing PHI is also encrypted using TLS.
Storage & Protection
We protect our data while in-transit (as it travels to and from Amazon EC2) and at rest (while it is stored on disks in Amazon EC2 data centres). We protect data in transit by using SSL. We use the following options for protecting data at rest in Amazon EC2.
- Use Server-Side Encryption – Amazon EC2 encrypts your object before saving it on disks in its data centres and decrypt it when you download the objects.
- Use Client-Side Encryption – Amazon EC2 encrypts the data client-side and upload the encrypted data to Amazon EC2. Aesthetic Record EMR manages the encryption process, the encryption keys, and related tools.
Multiple levels of security
Multiple Levels of Security Security within our Amazon EC2 is provided on multiple levels: the operating system (OS) of the host platform, the virtual instance OS or guest OS, a firewall, and signed API calls. The goal is to prevent data contained within our Amazon EC2 from being intercepted by unauthorized systems or users and to provide Amazon EC2 instances themselves that are as secure as possible without sacrificing the flexibility in configuration that customers demand.
Our Amazon EC2 currently utilizes a highly customized version of the Xen hypervisor, taking advantage of paravirtualization (in the case of Linux guests). Because para-virtualized guests rely on the hypervisor to provide support for operations that normally require privileged access, the guest OS has no elevated access to the CPU. The CPU provides four separate privilege modes: 0-3, called rings. Ring 0 is the most privileged and 3 the least. The host OS executes in Ring 0. However, rather than executing in Ring 0 as most operating systems do, guest OS runs in a lesser-privileged Ring 1 and applications in the least privileged Ring 3. This explicit virtualization of the physical resources leads to a clear separation between guest and hypervisor, resulting in additional security separation between the two.
Different instances running on the same physical machine are isolated from each other via the Xen hypervisor. Amazon is active in the Xen community, which provides awareness of the latest developments. In addition, the AWS firewall resides within the hypervisor layer, between the physical network interface and the instance’s virtual interface. All packets must pass through this layer, thus an instance’s neighbours have no more access to that instance than any other host on the Internet and can be treated as if they are on separate physical hosts. The physical RAM is separated using similar mechanisms. Customer instances have no access to raw disk devices, but instead, are presented with virtualized disks. The AWS proprietary disk virtualization layer automatically resets every block of storage used by the customer, so that one customer’s data is never unintentionally exposed to another. In addition, memory allocated to guests is scrubbed (set to zero) by the hypervisor when it is unallocated to a guest. The memory is not returned to the pool of free memory available for new allocations until the memory scrubbing is complete.
Customer instances have no access to raw disk devices but instead, are presented with virtualized disks. The AWS proprietary disk virtualization layer automatically resets every block of storage used by the customer, so that one customer’s data is never unintentionally exposed to another. In addition, memory allocated to guests is scrubbed (set to zero) by the hypervisor when it is unallocated to a guest. The memory is not returned to the pool of free memory available for new allocations until the memory scrubbing is complete.
Aesthetic Record API Access Security
All API (a method of protecting computer systems from failure, in which standby equipment automatically takes over when the main system fails) calls to launch and terminate instances, change firewall parameters, and perform other functions are all signed by your Amazon Secret Access Key, which is the AWS Accounts Secret Access Key of a user created with AWS IAM. Without access to this Secret Access Key, no calls can be made, this key is maintained by Aesthetic Record LLC. In addition, API calls are encrypted with SSL to maintain confidentiality. We use SSL-protected API endpoints.
Auditing, Backups, and Disaster Recovery
HIPAA’s Security Rule also requires that Aesthetic Record EMR has in-depth auditing capabilities, data backup procedures, and disaster recovery mechanisms.
Detailed Auditing logs
Aesthetic Record EMR has the ability to examine detailed activity logs or reports to see who had access, IP address entry, what data was accessed, etc. This data is tracked, logged, and stored at Cloudflare – The Web Performance & Security Company
Also, we can run activity log files and audits down to the packet layer on our Amazon EC2 instances, just as they do on traditional hardware.
Aesthetic Record has a contingency plan to protect data in case of an emergency and we have created and maintained retrievable exact copies of electronic PHI. We have a data back-up plan on AWS, We use Amazon EC2 for data storage and automated back-ups. By simply loading a file or image into Amazon EC2, multiple redundant copies are automatically created and stored in separate data centres. These files can be accessed at any time, from anywhere (based on permissions), and are stored until intentionally deleted.
Aesthetic Record disaster recovery plan, the process of protecting the organization’s data and IT infrastructure is rock solid. We maintain highly available systems, keeping both the data and system replicated off-site, and enabling continuous access to both.
With Amazon EC2, Aesthetic Record can start server instances very quickly and can use an Elastic IP address (a static IP address for the cloud computing environment) for graceful failover (a method of protecting computer systems from failure, in which standby equipment automatically takes over when the main system fails) from one machine to another.
Using Amazon S3, Our customer’s data is replicated and automatically stored in separate data centres to provide reliable data storage designed to provide 99.99% availability.
General Data Protection Regulation (EU-GDPR)
What is GDPR?
The General Data Protection Regulation (GDPR) is a new European privacy law due to become enforceable on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and is intended to harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state.
How does Aesthetic Record LLC comply with GDPR?
As Aesthetic Record collects, transmits, hosts and analyzes personal data of EU citizens, GDPR requires us to use a third-party data processors (AWS, in our case) who can guarantee our ability to implement the technical and organizational requirements of the GDPR.
Aesthetic Record has signed the AWS GDPR DATA PROCESSING ADDENDUM which makes it completely compatible with GDPR.
Frequently Asked Questions (FAQ)
Q- Do we ever delete data?
No. We never delete data, on an active account. However, on inactive accounts, we keep the data for 3 months from the last paid subscription.
Q- Do you take backups?
Yes, we have auto backups running at the end of each day. We can go back to time to any date using Amazon EC2 to fetch that instance.