Using AWS for Health Information Data Storage

Digital Security and Trust | October 11, 2022

In efforts to keep both RHI and Protected Health Information (PHI) secured, the university has signed a Business Associate Agreement (BAA) with Amazon to enable researchers at the university who work with S4 data (PHI and RHI)  to use Amazon Web Services (AWS). 

  • Under Ohio State's Patient Information and HIPAA Policy, the vast majority of medical data used in research (and outside the electronic medical record) is classified as Research Health Information (RHI), which is not regulated under the Health Insurance Portability and Accountability Act (HIPAA).
  • The Office of Technology and Digital Innovation's (OTDI) Digital Security and Trust (DST) team has set up a webpage of RHI-related resources, which can help you properly identify and secure your RHI data. 

Researchers who are planning to use AWS for PHI data storage, which is regulated under HIPAA, should review the university’s PHI and HIPAA policy and the policies of the applicable covered component prior to starting the process in order to implement additional security measures. 

Any researcher that has questions about how to handle PHI or RHI data, or needs help identifying which group their data falls under, can reach out to securemyresearch@osu.edu or their department’s security coordinator for assistance.
 

Setting up an AWS Account

AWS is a powerful tool that enables researchers and others requiring data-based decision making through its impressive portfolio of scalable, on-demand computing, as well as database, storage and application services to store and process a wider variety of data than ever before.

If you do not already have a university AWS account and are interested in signing up for one, follow the instructions in the Ohio State AWS Readiness Checklist. Note: Talk with your local IT staff to share your use case before making a request. Your college or department may have additional requirements concerning your use of AWS and/or offer alternative options for meeting your technology needs.

Ohio State AWS enables research and administrative users to:

  • Access scalable, on-demand computing, database, storage, and application services
  • Simplify your AWS invoices/billing
  • Identify strategies to reduce costs
  • Protect your account from hackers by using your university name.# with BuckeyePass authentication
  • Access to AWS expert resources
  • Align with Ohio law, intellectual property protections and university policy

For more information about the Ohio State AWS service, visit the university's AWS service page.
 

Tags: 
AWS, Ohio State AWS, Amazon Web Services, Research Compliance