Although it has not been widely discussed in the industry, the Centers for Disease Control and Prevention's (CDC) Biosense 2.0 initiative has done ground breaking work to solve these issues, using Amazon's AWS GovCloud to create a national repository of syndromic surveillance data that includes all the protections needed to protect privacy including independent security testing at the FISMA-Moderate Level.
CDC is the first government agency to complete all the rigorous certification needed to host sensitive data in the public cloud.
CDC has also built gateways that make it easy for public health departments to submit data to the cloud - a Direct Project adapter, an NwHIN Exchange adapter, and others. Meaningful Use Stage 1 requires the testing of health information exchange with public health and Beth Israel Deaconess did its transactions with the Boston Public Health Commission (BPHC), which stored them in CDC's public cloud. BPHC was the first public health department in the nation to provide data feeds to the Amazon infrastructure.
Finally, CDC has enabled queries of the cloud data using multiple platforms including open source analytical tools such as R.
A secure, HIPAA-compliant public cloud that includes healthcare information exchange gateways and analytical tools. That's cool!
In the near-future the GSA's FedRAMP program should make it easier to establish FISMA-moderate level cloud services.
ReplyDeletehttp://www.gsa.gov/portal/category/102371
Very cool! Always reminds me of the Judy Collins song:
ReplyDelete"I've looked at clouds from both sides now
From up and down and still somehow
It's cloud's illusions I recall
I really don't know clouds at all"
Hi John,
ReplyDeleteIt was nice meeting you in Baltimore, MD and pleasure talking to you. Thanks for providing information on Amazon's AWS GovCloud and how it is being used. This is the first time i am reading your blog and it is very informative.
Regards,
Abraham
Correction to Anonymous - that song was penned and performed/recorded by Joni Mitchell. Judy Collins also performed it.
ReplyDeleteGreat reference to the song though...just want to make sure the credit goes to the right artist.
Be careful...there is a difference between FISMA Moderate and FISMA High.
ReplyDeleteGovCloud is AWS in a different building with FISMA-Moderate security controls.
Why not run hybrid to keep sensitive data in FISMA High protection instead of FISMA Moderate?
There is only one cloud vendor that can give customers a hybrid cloud, and therefore, achieve FISMA Moderate and FISMA High: VMware
Be careful...FISMA Moderate and FISMA High are very different.
ReplyDeleteGovCloud is AWS in a different building with FISMA-Moderate security controls.
Why not run hybrid cloud to keep sensitive data in FISMA High protection instead of FISMA Moderate?
There is only one cloud vendor that can provide hybrid cloud that gives cusotmers FISMA High: VMware