Control Group's David Rocamora and Pronia's Brian Besterman presented a case study on migrating HIPAA compliant applications in AWS at the AWS Re:Invent Conference on Nov. 29, 2012
2. Introductions
Who are these guys?
Brian Besterman David Rocamora
CIO & Co-Founder VP DevOps
Pronia Medical Systems Control Group
3. What is GlucoCare?
• The GlucoCare™ Intensive Glycemic Control System is an FDA
approved software-based insulin dosing calculator indicated for the
management of high blood glucose levels in the hospital setting.
• In use at seven U.S. hospitals, including Memorial Sloan-Kettering
Cancer Center in NYC.
• Additionally used throughout the mid-west by Kentucky Organ
Donor Affiliates (KODA) over the Internet, running on EC2.
• GlucoCare has processed over 56,000 glucose readings for more
than 1,500 patients since 2009.
4. Why AWS for GlucoCare?
• Deployment efficiency and control
• Ability to rapidly demo and pilot solutions
• Cut through IT bureaucracy and satisfy governance requirements
• Ease and speed of provisioning realistic training and test
environments
• Measurable and predictable usage-based costs
5. HIPAA
Title II - Administrative Simplification
This provision addresses the security and privacy of
health data
6. Why AWS for HIPAA?
HIPAA Breaches by Type/Asset; Affected Individuals
84%
of incidents due
to physical theft
or loss
7. Encryption, HIPAA, and AWS
Secure delivery of keys
secret @8d2
... ...
GlucoCare AWS Environment
Pronia uses secret keys to encrypt data
8. Encryption, HIPAA, and AWS
Secure delivery of keys
secret @8d2
... ...
CloudFormation
GlucoCare AWS Environment
CloudFormation is used to deliver the keys
9. Encryption, HIPAA, and AWS
Secure delivery of keys
secret @8d2
... ...
CloudFormation
GlucoCare AWS Environment
Access to EC2 is restricted
10. Encryption, HIPAA, and AWS
Secure delivery of keys
CloudFormation
secret @8d2
... ...
GlucoCare EC2 Instance
Instances ask for secret keys on boot
11. Encryption, HIPAA, and AWS
Secure delivery of keys
GlucoCare
GlucoCare EC2 Instance
GlucoCare starts and gets the key
12. Encryption, HIPAA, and AWS
Secure delivery of keys
GlucoCare
GlucoCare EC2 Instance
GlucoCare deletes the keys after starting
13. Pronia and Control Group
There s more to this story
To learn more about GlucoCare and Pronia:
www.proniamed.com
For a closer look at the encryption solution:
www.controlgroup.com
14. We are sincerely eager to
hear your feedback on this
presentation and on re:Invent.
Please fill out an evaluation
form when you have a
chance.