Tim O'Guin

Title: Building a HIPAA compliant analytics platform in AWS


This is a case study of the tooling we are using to build out a HIPAA-compliant analytics infrastructure on AWS (at Juice). We'll cover some gotchas we've discovered where automation gets tricky. AWS roles are awesome. IAM is deep and vast, and some services have particular ways that policies need to be written. KMS integrates with a lot of things but not always in the same ways. Our goals:

  • Manage all infrastructure as code with appropriate review processes
  • Allow quickly bootstrapping new infrastructure for enterprise clients
  • Allow projects to define their own infrastructure as much as possible
  • Encrypt everything
  • Deal with chickens and eggs