HIPAA Compliance 164.312(b) - Audit Controls

Posted by Thomas Zinn on Oct 11, 2018 11:01:29 AM

Within the HIPAA Security Rule are Administrative, Physical, and Technical Safeguards. These safeguards are as important to understand as they are to implement, so let’s dive into one:

Read More

Topics: Compliance

Best Practices Purchasing Reserved Instances

Posted by Nicole Chaika on Oct 2, 2018 6:51:27 AM

Reserved Instances (RIs) provide substantial savings compared to On-Demand pricing, and provide immediate savings opportunities for most companies. This blog post explores the fundamentals of RIs, and provides advice on how to get the most out of reservations. Managing RIs is complex considering the many types, levels of pricing, and rules around usage. Therefore, understanding the RI mix is essential to optimizing AWS usage costs. We asked Parquantix to help outline some important considerations when purchasing RIs. Parquantix manages more than $40 million in AWS reservations worldwide.

Read More

Topics: Technical Articles

The Importance (and Difficulty) of Compliance

Posted by Gerry Miller on Sep 17, 2018 11:00:00 AM

I had the privilege of being asked to speak at the HITRUST Annual Conference this week. In addition to being amazed at the quality of leadership this conference attracts, I noticed a few recurring themes:

Read More

Topics: Healthcare Industry

Oxygen Release Notes for September 2018

Posted by Rob Williams on Sep 12, 2018 5:25:56 AM

New Features

  • Oxygen Dashboard Improvements
    • Dashboards are now organized into folders, instead of having everything in a single folder called “general.” The folders are more specific and include:
      • Compliance
      • Server Metrics
      • AWS
      • Security
    • The HIPAA Assessment dashboard has been revised to include a separate metric for unauthorized access attempts. We have also increased the assessment cycle to every 12 hours versus every 24 hours.
    • We have added a System Compliance dashboard to display results from our real-time HIPAA compliance checks. These metrics are based on the AWS config rules created in your account. We have a small set of real-time checks deployed and will be expanding these in the coming months.
    • The server metrics dashboards have been revised to use CloudWatch metric data. Server metrics are now displayed in two dashboards; Windows and Linux
  • Server Performance Monitoring Improvements
    • We have deprecated Metricbeats as our server monitoring platform and now use the AWS-Native SSM Cloudwatch agent. The Cloudwatch agent is a more robust solution providing direct integration with Cloudwatch custom metrics and alarms. Our metrics alarms have also been revised to give the customer much more control on what instances are included in alarms and what thresholds should trigger a response. For more information on configuring alarms you can view the article in our knowledge base.
  • Hardened Linux images
    • We can now provide hardened images for CentOS, Amazon Linux, Ubuntu, and RHEL. The images are hardened using the DevSec Hardening Framework Linux Baseline and are verified using CIS base profiles. We will continue to update our images as new versions become available in the AWS marketplace. If you are interested in using the hardened images please contact Cloudticity Support.
  • Automated Health Dashboard Event Detection and Workflow
    • On occasion, AWS will detect an issue with underlying EC2 instance hardware and will send a notification to the technical account contact informing them of an upcoming maintenance event to start and stop the instance. We have traditionally handled these communications manually, but moving forward we will be polling the AWS Personal Health dashboard and proactively creating a support ticket to notify you of upcoming maintenance events.

Coming Soon

  • AWS GuardDuty Integration
    • The release of AWS GuardDuty has provided an opportunity for us to move from our custom flowlog anomaly detection product to an AWS-native service. GuardDuty not only will reduce the cost of providing anomaly detection, but will also add features such as Cloudtrail and DNS anomaly detection.
  • OS-level Compliance Checks
    • During our development for providing hardened images, we developed an automated process for running server-level compliance checks using Chef Inspec. We will be releasing this feature to all of our customers in the coming weeks. The compliance checks can be configured to run on a subset of servers using tagging. The results of the compliance check will be made available in the Oxygen dashboards.
  • Improved AWS Limit Detection
    • We are improving our AWS limit detection service to include direct customer feedback for increasing service limits. In addition to the current process of approving Cloudticity support to increase limits on your behalf, you will now be able to increase limits with a click of your mouse.
Read More

Topics: Oxygen™ Release Notes

HIPAA Compliance 164.312(a)(1) - Access control

Posted by Thomas Zinn on Sep 12, 2018 5:23:00 AM

Within the HIPAA Security Rule are Administrative, Physical, and Technical Safeguards. These safeguards are as important to understand as they are to implement, so let’s dive into one:

Read More

Topics: Compliance

Cloudticity Founder Gerry Miller Presents at AWS re:Invent 2017

Posted by Gerry Miller on Nov 28, 2017 12:44:36 PM

How Verge Health leverages automation to provide a mission critical, HIPAA-compliant, 24x7x365 health solution on AWS.

Read More

Topics: Case Studies, Technical Articles

Cloudticity Releases Free, Fully Automated HIPAA Technical Assessment

Posted by Gerry Miller on Nov 27, 2017 6:56:11 AM

For A Limited Time, Healthcare Organizations Can Automatically Check Their AWS Environments’ HIPAA Compliance At No Charge

SEATTLE -- Cloudticity, a leading provider of HIPAA-compliant managed services for AWS, announced today that it has released an automated tool for healthcare organizations to execute a HIPAA technical assessment on their Amazon Web Services accounts for HIPAA compliance. In doing so, Cloudticity is continuing their mission to improve healthcare by providing a growing list of security, compliance, and management tools to the industry. Executing the automated compliance check takes five minutes, and is complete within five hours.

Read More

Topics: News

Cloudticity Recognized on 2017 CRN Next-Gen 250 List

Posted by Gerry Miller on Nov 6, 2017 7:52:55 PM

Annual List Features Trailblazing Solution Providers Transforming Business with Emerging Technologies.

Read More

Topics: News

Cloudticity Achieves HITRUST CSF Certification

Posted by Gerry Miller on Sep 12, 2017 9:00:00 AM


HITRUST Certification validates Cloudticity is committed to meeting key healthcare regulations and protecting sensitive private healthcare information.

Read More

HIPAA Security: Patching with AWS Step Functions

Posted by Gerry Miller on Aug 2, 2017 5:40:00 AM

We're proud of our Cloudticity team members Uri Katsir and Thomas Zinn for their guest-post on the AWS Management Tools blog, "How Cloudticity Automates Security Patches for Linux and Windows using Amazon EC2 Systems Manager and AWS Step Functions."

Read More

Subscribe to Email Updates

Unleash the Cloud

HIPAA Compliance on AWS

Advance healthcare's possibilities with Cloudticity Oxygen™, letting your team focus on creating a healthier world while we ensure your system's security, availability, performance, and cost-optimization. Contact Cloudticity today for more information.

Our HITRUST certified solutions include:

Learn More

Recent Posts