HIPAA compliant cloud infrastructure: Assessment and remediation for a payments processor
The company faced a challenge in managing its quickly growing infrastructure. They tried different approaches over time but needed a comprehensive review of security controls and policies. Also, the rapidly increasing domains and cloud networks led to complexities in compliance, making it challenging to manage identity consistently across all their domains.
To overcome these challenges, the company decided to conduct a Maturity Assessment to focus on closing gaps beyond HIPAA compliance requirements. We helped them build a remedial action plan that included the implementation of an enterprise firewall on the cloud, disaster recovery (DR) and backup redundancies, and a path to SSO (single sign-on) to improve identity management. Also, we used automation to build security into the CI/CD (continuous integration/continuous delivery) process.
With Neal’s help, the company could host clinical patient data in a HIPAA-compliant cloud domain, storage, and infrastructure. The solution helped them improve the quality and consistency of security in the new HIPAA-compliant domain. Additionally, it enabled sharing of best practices within their organization and reusing them to reduce redundancies. With this, the company was able to validate the existing security infrastructure and increase the overall security of its systems.