Build A HIPAA Security Program

Learn how healthcare organizations use Dash ComplyOps to build a robust cloud security program 

Creating An AWS HIPAA Compliance Program

Amazon Web Services (AWS) provides healthcare organizations and software vendors with a public cloud platform for building HIPAA compliant applications and workloads. Under the AWS cloud shared responsibility model, AWS provides a business associates’ addendum (BAA) and physical security controls. It is up to AWS cloud customers to implement administrative and technical standards.

Dash ComplyOps provides healthcare teams with a solution for building and maintaining a robust HIPAA security program in AWS. Dash makes it easy for your organization to create administrative policies, security controls and manage HIPAA regulatory standards for your AWS cloud environment.

aws hipaa compliance

Planning and Architecting for HIPAA Compliance in AWS

Create HIPAA Administrative Policies

Dash provides healthcare organizations with 17 administrative policies that can be customized and adopted to meet your team’s needs. Organizations simply answer plain-English questions about their organization and their technologies to create AWS specific, highly relevant policies, procedures and connected security controls.

Dash policy creation enables teams to quickly develop a HIPAA security program and save thousands on consulting hours. Dash compliance calendar enables your team to manage all HIPAA administrative tasks. 

Dash administrative policies include:

  • Employee Training Policy
  • Facility Management Policy
  • Breach Policy
  • Configuration Management Policy
  • Roles Policy
  • Auditing Policy
  • System Access Policy

Enforce Policies With Continuous Compliance Monitoring

Dash provides continuous compliance monitoring to enforce your established administrative policies and maintain your cloud security and compliance postures.

Dash compliance monitoring scans your AWS cloud environment for security and configuration issues that may cause your organizations to fall out of compliance with HIPAA regulations. All security findings are mapped to compliance standards including, HIPAA, SOC 2, and NIST 800-53.

Teams can view compliance findings for AWS cloud services and easily resolve security issues using Dash remediation actions.

continuous compliance monitoring
Detect and Resolve Compliance Issues
  • Encryption Settings
  • Backup Settings
  • Audit Logging
  • Network Configuration
  • Privilege Escalation
  • Service Availability
Example Security Findings

Dash continuous compliance monitoring enables your team to identify and resolve security configuration issues related to specific AWS cloud services and resources, in order to maintain HIPAA compliance. Teams can resolve compliance concerns such as:

  • EC2 Security Group ports open to the world
  • S3 buckets open to the world or world-writable/readable
  • RDS instances with backup not enabled
  • AWS account logging not enabled with CloudTrail
Learn More About Automating Your HIPAA Compliance Program

Build Compliance Reports & Prepare For Audits

Dash provides security teams with advanced compliance reporting functionality. Organizations can view the status of policies, compliance scans, and AWS as related to regulatory standards and compliance frameworks.

Teams can use Dash compliance mappings to validate security and compliance efforts, answer security risk assessments (SRAs), and prepare for security audits

dash cloud compliance
Streamline Security Risk Assessments (SRAs)

Organizations can access Dash compliance reports to easily pull security information and answer hospital security risk assessments (SRA) and share information about security and compliance protections.

See Compliance Standards/Mappings

Dash provides an inventory of all administrative, technical, and physical safeguards related to HIPAA and SOC 2. Your team can see the status of policies, compliance scans, and AWS provided safeguards, as related to compliance controls.

Achieve HIPAA Compliance In AWS With Dash

Dash ComplyOps provides teams with a compliance management solution for building custom administrative policies, setting cloud security controls, and enforcing policies via continuous compliance monitoring. Dash can be easy deployed to your cloud environment via the AWS Marketplace and utilized to build a robust AWS HIPAA security program.

Dash is comprised of cloud and healthcare compliance experts an AWS Advanced Technology Partner and Healthcare Competency Partner. Learn how your team can leverage Dash ComplyOps can rapidly achieve HIPAA compliance in AWS.

AWS Healthcare Competency Partner

Steps to HIPAA Compliance

Install Dash ComplyOps

Deploy Dash ComplyOps into your Amazon Web Services (AWS) account via the AWS Marketplace.

Configure Security Controls

Establish custom administrative policies, set technical controls across cloud services, and customize your security plan.

Monitor Compliance

ComplyOps scans and monitors your cloud services, detects HIPAA compliance issues, and helps resolve compliance concerns.

Build HIPAA Compliant Applications In AWS

Build Your AWS Cloud Security Program