AWS launches new healthcare-specific accelerator

Aimed at health organizations with complex compliance requirements, the Landing Zone Accelerator for Healthcare offers a no-code solution across dozens of AWS services and can help govern multi-account environments.
By Mike Miliard
10:27 AM

The architecture of the new AWS Landing Zone Accelerator for Healthcare

Photo: AWS

Amazon Web Services this past week announced its Landing Zone Accelerator for Healthcare.

WHY IT MATTERS
In an Amazon blog post, Donny Wilson, global security and compliance senior solutions architect at AWS, explained how the LZA for Healthcare is an industry-specific deployment of the company's existing Landing Zone Accelerator.

The LZA for Healthcare is a set of configuration files focused on further meeting the needs of healthcare-affiliated organizations. The LZA for Healthcare can help reduce the effort and complexity involved in supporting healthcare compliance efforts.

The aim is to provide a "comprehensive no-code solution across more than 35 AWS services and features to manage and govern a multi-account environment," said Wilson. "The LZA is built to support customers with highly-regulated workloads and complex compliance requirements."

The LZA for Healthcare can help healthcare organizations around the world align security controls with prominent international frameworks, he said, including HIPAA, Cloud Computing Compliance Controls Catalog, National Cyber Security Centre, Esquema Nacional de Seguridad, ISO 27001 and ISO 27002.

"The LZA helps establish platform readiness with security, compliance, and operational capabilities," said Wilson. "It is important to note that the LZA solution will not, by itself, make you compliant. It provides the foundational infrastructure from which additional complementary solutions can be integrated."

The goal is to help healthcare customers build readiness for a cloud compliance program, including default accounts; account structure; core networking infrastructure; security configurations for logging, monitoring and notification; and encryption.

Wilson notes, however, that it's important to "review, evaluate, assess, and approve the solution in compliance with your organization’s particular security features, tools, and configurations. It is the sole responsibility of you and your organization to determine which regulatory requirements are applicable and to make sure that you comply with all requirements. This solution does not help you comply with the non-technical administrative requirements."

THE LARGER TREND
While there's no one-size-fits-all approach to security compliance, there are some tried-and-true tips, as CIOs and CISOs explained in our feature on implementation best practices.

And, as Christopher Frenz, information security officer and AVP of IT Security at Mount Sinai South Nassau, explained in a guest article on Healthcare IT News, while compliance-based frameworks are not without merit, it is important to approach them as minimum acceptable standards, and not as end goals.

ON THE RECORD
"The LZA for Healthcare leverages AWS expertise enabling regulated customers to set up their AWS environments in days instead of weeks in an optimized and secure configuration," said Wislon. "By reducing the undifferentiated heavy lifting of establishing a regulated cloud environment, organizations have the opportunity to focus on innovative solutions that provide the greatest value to the customers they serve."

Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com

Healthcare IT News is a HIMSS publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.