HIPAA Compliant AWS Envoirnemnt for Medical Research

Zentalis Pharmaceuticals is a biotechnology company developing differentiated small molecule therapeutics designed to improve the lives of cancer patients. Zentalis, in partnership with Xpertech Solutions, rolled out an AWS environment. Using the framework and automation of XperLock, the AWS environment is now geared for the Company’s research work.

Our xperLock service used best practices defined in the 6 Pillars of AWS Well-Architected Framework, and NIST security frameworks to build out a secured AWS environment that is compliant to HIPAA requirements. We used the following services for this rollout: AWS organizations, AWS control tower, AWS SSO to setup the overall organization and centralized logging. We used AWS Transit gateway, VPN gateways, security groups to establish network security like centralized network ingress/egress and connectivity to the on premise network. Security controls were enabled and monitored using the AWS HIPAA conformance pack and instance level scanning using AWS Inspector. Data storage in S3 was secured using access control policies and customer managed KMS.