How to Leverage Amazon Bedrock With Your Healthcare Cloud

Menu navigation of Amazon Bedrock CRA, including executive summary, overview, common risks, CyberHealth Platform controls, compliance requirements, configurable controls, and references.
A glimpse of our AWS Bedrock CRA table of contents.

As a leader in healthcare, keeping up with changing regulations and evolving tech, like generative AI, is daunting. That’s where Cloud Reference Architectures (CRAs) come in.

Much like the technical CRAs developed by the Cybersecurity and Infrastructure Security Agency (CISA), CRAs developed by cloud providers offer guidance on handling digital health privacy challenges in the wake of evolving healthcare rules and advancements in technology. You may have browsed some publicly-available CRAs from the three major public clouds, Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).  

At ClearDATA, we create and offer customers healthcare cloud-specific CRAs with detailed guidance on maintaining healthcare security and compliance across cloud platforms and tools. Our CRAs provide in-depth knowledge and resources for CIOs, CISOs, compliance managers, DevOps and ITOps engineers, and other risk and security leaders.

Each CRA includes critical information on relevant use cases, risk management, regulatory adherence, and implementation of security controls. To make it easy for busy teams to use ClearDATA CRAs, we put them in a digital format with scannable navigation menus in the CyberHealth™ Platform document center.

When new tools and innovations go to market that can benefit or impact your healthcare cloud security and compliance, we’re at the ready with a new CRA to give you the practical guidance your team needs. Amazon Bedrock, first announced in April 2023, is now generally available, so we’ve created a new Amazon Bedrock CRA to help you navigate it, specifically AWS Backup. The CRA gives guidance for leveraging Amazon Bedrock with your healthcare cloud that ensures PHI security and compliance.

What is Amazon Bedrock?

Amazon Bedrock is a managed service that helps you build AI applications easily and securely. It offers different models and features to simplify development and ensure privacy and responsible AI.

Amazon Bedrock is similar to a marketplace. It allows businesses to select AI models for their generative AI apps. They can also customize these models with their own data. (Source: BuiltIn.) Amazon Bedrock has achieved both HIPAA eligibility and GDPR compliance.

Since Amazon Bedrock is serverless, you don’t have to manage any infrastructure, and you can securely integrate and deploy generative AI capabilities into your applications using the AWS services you are already familiar with. Amazon Bedrock is the first to offer Llama 2, Meta’s large language models (LLMs), in fine-tuned 13B and 70B parameter versions as a fully managed API. Llama models are ideal for dialogue use cases. 

Amazon Bedrock: Innovate While Staying Compliant

Our CRA helps with maximizing the benefits of Amazon Bedrock while you maintain your healthcare cloud security and compliance with our CyberHealth Platform. It provides detailed information on using various foundational models for generative AI applications and helps ensure compliance with HIPAA regulations. The CRA dives deeper into compliant service interaction, service dependencies, vulnerabilities, threats, and risk mitigation to ensure PHI and healthcare data protection and maintain compliance.

Here are some of the ways ClearDATA customers receive valuable insights and guidance on healthcare cloud compliance and security through our Amazon Bedrock CRA:

Key Features and Benefits of Amazon Bedrock: Get a full scope of Amazon Bedrock and how you can use it. Its key features include access to a wide range of foundation models, ease of use with a simple API and web console, scalability, and security, including data encryption with AWS Key Management Service (KMS)​​.

Amazon Bedrock simplifies the process by providing a single API for testing and building on different Foundational Models. Additionally, it offers a cost-effective token price. It could lead to a faster speed to market and increased innovation by reducing the time it takes you to build and deploy generative AI applications, as well as improved customer experiences with personalization.

Best Practice Compliance Guidelines for AWS Backup: The CRA offers detailed guidance on provisioning, instantiating, and adhering to best practice compliance guidelines specifically for AWS Backup​​. Risk and compliance leaders can use this CRA to determine how various frameworks and regulations map to the technical and procedural controls ClearDATA implements to secure an AWS Backup resource.

Use Case Guidance: See examples of use cases like personalized patient education, clinical decision support, automated medical coding, medical research, patient engagement through AI chatbots, medical image analysis, and precision medicine​​.

Compliant Service Interaction and Interdependencies: Our CRA details how Amazon Bedrock integrates with AWS services like AWS PrivateLink, Amazon S3, Amazon CloudWatch, AWS Lambda, Amazon API Gateway, and Amazon VPC. This integration supports a secure platform for building AI applications while ensuring compliance with HIPAA and HITRUST requirements​​.

Risk Management: Our Amazon Bedrock CRA addresses common risks associated with cloud services, like misconfiguration, unauthorized access, and sensitive data exfiltration. It provides strategies for risk mitigation such as access control, encryption, secure configuration, data classification, logging, and compliance auditing​​. A risk expert will assess the chances and effects of risks linked to the cloud service using this as a reference guide, which also helps identify vulnerabilities and threats. 

Amazon Bedrock CyberHealth Platform Controls: ClearDATA applies a range of controls and safeguards to Amazon Bedrock. They include audit controls, log monitoring, IAM restrictions, data backup, network accessibility and encryption, and storage encryption. These controls help meet strict rules like HIPAA and GDPR, keeping data in Amazon Bedrock secure and private. They also reduce risks of data exposure, unauthorized access, and other security threats. They ensure that operations continue smoothly and help organizations recover quickly from disruptions or data loss incidents.

Want to read the full Amazon Bedrock CRA? Our healthcare cloud CRAs are exclusively available to ClearDATA customers. Speak to a cloud expert today and let’s discuss what CRAs can do for you.

Thank you for subscribing!