Prove PHI protection with your Terraform configurations. Map IaC to HIPAA Security Rule requirements automatically. No more compliance spreadsheets.
We map your cloud infrastructure to all three categories of HIPAA Security Rule safeguards.
Policies, procedures, and organizational requirements
Physical access to systems and facilities
Technology controls protecting ePHI
Your Terraform configurations already implement HIPAA requirements. We extract and present them as audit evidence.
# RDS database with PHI
resource "aws_db_instance" "phi_db" {
storage_encrypted = true
kms_key_id = aws_kms_key.phi.arn
# HIPAA: ePHI encrypted with
# customer-managed KMS key
}
# ALB with TLS 1.2+
resource "aws_lb_listener" "https" {
port = 443
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06"
# HIPAA: TLS 1.2 minimum for PHI transit
}
# CloudTrail for PHI access logging
resource "aws_cloudtrail" "hipaa" {
name = "hipaa-audit-trail"
is_multi_region_trail = true
enable_log_file_validation = true
kms_key_id = aws_kms_key.logs.arn
}
# IAM policy with least privilege
resource "aws_iam_policy" "phi_access" {
policy = jsonencode({
Statement = [{
Effect = "Allow"
Action = ["s3:GetObject"]
Resource = "arn:aws:s3:::phi-bucket/*"
Condition = { Bool = { "aws:SecureTransport": "true" }}
}]
})
}
Stop manually documenting security controls. Let your Terraform speak for itself.