Sounds interesting, but I'm pretty sure we need to keep out ActiveMQ instance in local machines because of medical data. We're also pretty tied to GCS...
like almost everyone else, AWS adds services to it's list of PHI approved services that customers with a BAA can utilize for PHI. AWS has done a phenomenal job getting services added to the BAA Service List over the past 6 or 8 months; there is a lot of emphasis on it now.
Where in the CFR does it say you have to use physical servers or even dedicated cloud instances? AWS will sign a BAA for dedicated instances only (biz policy, not for any valid security reason), but dedicated servers are not required by HIPAA.
jdc0589|8 years ago
rficcaglia|8 years ago
Merrack|8 years ago