Description: 

164.310(d)(2)(iv) - Device and Media Controls - Create a retrievable, exact copy of electronic protected health information, when needed, before movement of equipment.


Audit

As part of the Shared Responsibility Model, AWS is responsible for hardware maintenance activities that involve movement of physical equipment within AWS's facilities, and maintains storage redundancy to ensure customer data is not impacted by any infrastructure maintenance/hardware moves. 

To address organizational requirements related to major regional disasters, AWS supports the ability to place data in multiple geographic regions, as well as AWS Availability Zones. The customer is responsible for modifying this architecture to employ additional AWS regions and Availability Zones, and for implementing cross-region data synchronization, load balancing, etc.

The customer is responsible for all backups of data to address any requirements related to the recovery of individual S3 objects, RDS database objects, or EBS files, filesystems that are destroyed, modified, overwritten by logical actions and to mitigate any residual risk of data loss caused by AWS hardware failures. If the customer downloads information from AWS to local devices, the customer is responsible for ensuring there is appropriate backup of the data before moving such devices. If the customer retains a copy of the ePHI on AWS, this may potentially serve as such a backup.


Rationale: 

In this architecture, ePHI storage is limited to the Amazon RDS database, Amazon S3 buckets, and potentially secondary EBS volumes attached to the application/web server EC2 instances, which employ AWS built-in hardware storage redundancy to maintain exact copies of ePHI at all times. In this virtual environment, there is no movement of equipment. 

AWS built-in features provide a full back up of RDS using a full daily snapshot as well as through transaction logging at approximately five-minute intervals. This architecture is configured to retain RDS backups for the default of 1 day, which can be increased to 35 days by the customer. AWS also employs live storage redundancy for Amazon S3, which provides 99.999999999% durability of objects over a given year. Amazon EBS is replicated across multiple volumes within a single Availability Zone.

This architecture employs multiple AWS Availability Zones (AZs), which provides alternate storage site capability for data stored in Amazon S3 and Amazon RDS databases. AZs consist of one or more discrete data centers, each with redundant power, networking and connectivity, housed in separate facilities. AZs offer the ability to operate production applications and databases which are more available, fault-tolerant, and scalable than would be possible from a single data center. S3 uses multiple AZs by default, and the RDS databases deployed within this architecture are configured to be replicated across multiple AZs, which instantiates a retrievable exact copy of ePHI.


Impact of Resource Type(s):

AWS::IAM::Group

AWS::IAM::Role

AWS::IAM::InstanceProfile

AWS::IAM::ManagedPolicy

AWS::S3::BucketPolicy

AWS::S3::Bucket


References: 

https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/nist80066.pdf