Description: 

164.308(a)(7)(ii)(A) - Contingency Plan – Data Backup Plan - Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.


Audit

The customer is responsible for all backups of data to address any requirements related to the recovery of individual S3 objects, RDS database objects, or EBS files, file systems that are destroyed, modified, or overwritten by logical actions, and to mitigate any residual risk of data loss caused by AWS hardware failures.

To address organizational requirements related to major regional disasters, AWS supports the ability to place data in multiple geographic regions, and multiple AWS Availability Zones (AZs) within each region. AZs consist of one or more discrete data centers, each with redundant power, networking and connectivity, housed in separate facilities. These AZs offer the ability to operate production applications and databases which are more highly available, fault tolerant and scalable than would be possible from a single data center.

The customer is responsible for modifying this architecture to employ additional AWS regions and AZs, and to implement cross-region data synchronization, load balancing, etc.


Rationale: 

In this architecture, ePHI storage is limited to the Amazon RDS database, Amazon S3 buckets, and potentially secondary EBS volumes attached to the application/web server EC2 instances.

AWS built-in features provide a full backup of RDS using a full daily snapshot as well as through transaction logging at approximately five-minute intervals. This architecture is configured to retain RDS backups for the default of 1 day, which can be increased to 35 days by the customer. AWS also employs live storage redundancy for Amazon S3, which provides 99.999999999% durability of objects over a given year. Amazon EBS is replicated across multiple volumes within a single availability zone.

This architecture employs multiple AWS Availability Zones (AZs), which provide alternate storage site capability for data stored in Amazon S3 and Amazon RDS databases. S3 uses multiple availability zones by default, and the RDS databases deployed within this architecture are configured to be replicated across multiple availability zones, which instantiates a retrievable exact copy of ePHI.


Impact of Resource Type(s):

AWS::EC2::AvailabilityZone

AWS::AutoScaling::AutoScalingGroup

AWS::RDS::DBSubnetGroup

AWS::RDS::DBInstance

AWS::S3::Bucket


References: 

https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/nist80066.pdf