Page tree

Skip to end of metadata
Go to start of metadata

In order to meet the needs of large Healthcare / Life Sciences organizations which have a strong AWS ethos, we are approaching deploying compliance and security controls in a non-intrusive way by leveraging our proven Automated Safeguards.  ClearDATA Comply SaaS enables full and direct API and console access, while enabling sensitive healthcare data to be protected, leveraging our automation and additional Managed Services as needed.

Our automation takes the form of Automated Safeguards, which ensure Healthcare and Life Sciences organizations can use native AWS cloud services in a safe and compliant manner, as introduced in our CTO Matt Ferrari's blog post.  See also our definitions for clarification on the language we use.

Region Whitelist

To assist with data locality challenges, we have implemented a Region Whitelist that allows you to pick the regions into which your users will be able to deploy or manipulate resources.

The Root user will be able to deploy in any region in which AWS allows you to deploy resources

Unsupported regions

At this point in time, ClearDATA ComplyTM does not support the GovCloud and China regions


AWS Services Classification

From a healthcare compliance point of view, AWS services can be grouped into 3 categories:

Non-PHI Capable

These are services that AWS declares are not HIPAA eligible by not including them as part of the list of services published in their HIPAA Eligible Services Reference.  When used in a Self-service fashion, it is your responsibility to ensure that no PHI is stored, transmitted, or processed by such a service.

HIPAA Eligible

These are services that are HIPAA eligible but do not have Automated Safeguards for protection.  When used in a Self-service fashion, it is your responsibility to ensure that PHI is properly stored, transmitted or processed by the service per the AWS guidelines.

An Automated Safeguard is a set of code that enforces a control without human intervention. 

Protected

These are services that are HIPAA eligible and have ClearDATA Automated Safeguards for protection. When used in a Self-service fashion, it is your responsibility to ensure that PHI is properly stored, transmitted, or processed by the service per the ClearDATA guidelines leveraging the Automated Safeguards.

There is usually more than one ClearDATA Safeguard per Protected AWS Service.

ClearDATA Protected Services


  • No labels