This prominent US-based medical records retrieval and management company, sought to overhaul its Health Insurance Portability and Accountability Act (HIPAA) compliance and security landscape. Leveraging Leonardo's expertise in Amazon Web Services (AWS) cloud solutions, a groundbreaking transformation was initiated.

Leonardo’s client operated a critical suite of cloud infrastructure within a single AWS account, limiting their capability to meet stringent HIPAA and Health Information Trust Alliance (HITRUST) compliance requirements. The company needed to modernize its cloud-native application environment to support business growth, maintaining a secure and compliant posture.

The organisation aimed to transition to a new AWS Cloud platform that adhered to HIPAA and HITRUST standards. Challenges included:

• Developing an AWS Organizational Units structure that segregated security, data, and workload environments while fostering developer agility.
• Automating security standards for consistent security maintenance.
• Creating a centralized network design for seamless integration across accounts, fulfilling security requirements.
• Ensuring minimal disruption to business operations during application transition.

In collaboration with this client, Leonardo developed a solution that utilised the AWS Multi-Account strategy, enhanced by central controls via AWS Control Tower. The strategy encompassed:

• Implementing a multi-account setup for workload segregation, streamlined security with Single Sign-On (SSO), and Multi-Factor Authentication (MFA), allowing for comprehensive security measures beyond traditional passwords.
• Auditing re-architected applications for HIPAA compliance with AWS Audit Manager, ensuring all components met the required standards.
• Employing Infrastructure as Code and CI/CD pipelines for automated, controlled changes, reducing human error risks.

This initiative markedly improved this client's compliance and security framework:

• Enhanced patient data protection through effective isolation strategies, mitigating risks associated with application issues or malicious threats.
• Innovation was spurred by the multi-account strategy, segregating sandbox accounts from core enterprise services.
• Infrastructure scalability improvements, with AWS managing resource consumption limits at the account level to safeguard against unexpected cost impacts due to malicious activities.

The project harnessed several key technologies and frameworks:

• AWS Cloud Platform: Leveraged for its robust, scalable cloud services, enabling a secure, compliant infrastructure for healthcare data management.
• AWS Control Tower: Utilised for centralized control and governance across multiple AWS accounts, ensuring consistent policy application and streamlined operations.
• SSO and MFA: Key security measures ensuring that access to sensitive information is securely managed and authenticated across various services.