Deploying Philter in a HIPAA Environment

Before Philter can be used in a HIPAA-controlled environment there are configuration changes that must be performed. This is not intended to be a comprehensive HIPAA guide so please refer to your HIPAA compliance or security officer for any additional required steps prior to utilizing Philter in a PHI environment.

Products launched via the AWS Marketplace are not launched in a HIPAA-compatible state. There are configuration changes that need performed prior to utilizing Philter on PHI data. Launching Philter from the AWS Marketplace is suitable for development or testing Philter in your environments on non-PHI text. The steps below outline how to configure Philter to encrypt data at rest and in motion.

Encryption of data at rest in Amazon Web Services

  1. Stop the Philter EC2 instance.
  2. Make an AMI of the instance.
  3. Make an encrypted AMI of the AMI in step 2.

The resulting AMI is encrypted meaning any instances launched from it will utilize an encrypted EBS volume.

Encryption of data at rest in Microsoft Azure

Coming soon.

Encryption of data in motion

These steps apply to both Amazon Web Services and Microsoft Azure deployments.

If using Philter via its REST API:

  1. Log in to the Philter EC2 instance via SSH. (The username is ec2-user and use the private key file from AWS.)
  2. Stop the Philter service (sudo service philter stop).
  3. Edit Philter’s configuration to utilize an SSL certificate.
  4. Restart the Philter service (sudo service philter start).
  5. Connect to Philter’s API and verify the connection succeeds (curl https://instance-dns/api/status).
  6. Remove port 8080 from Philter’s EC2 security group.

If using Philter via it’s Apache Kafka consumer:

  1. Your Apache Kafka broker(s) must be configured to accept secure connections from clients.
  2. Log in to the Philter EC2 instance via SSH. (The username is ec2-user and use the private key file from AWS.)
  3. Stop the Philter service (sudo service philter stop).
  4. Edit Philter’s configuration to specify the certificate to use to communicate with Apache Kafka.
  5. Restart the Philter service (sudo service philter start).
  6. Verify Philter is successfully consuming messages from Apache Kafka.
(Visited 1 times, 1 visits today)