Menu
I'm going to implement client/server application - 1 server - [0-N] clients.
In order to organize communication between clients and server I plan to use Amazon SQS or something like that.
Right now I have a two questions:
Is Amazon SQS HIPAA compliant ?
How to organise multi tenancy support based on Amazon SQS queues ?
The data between clients must not be shared. Each client can only deal with a data that was sent only for this client.
Is it possible to implement on the single Amazon SQS queue or I need to create a separate queue for each client ?
529
Since there is no cost to create seperate queues, that is clearly the best option for you if you need to not comingle the data. Assuming that each 'client' is going to poll the queue, there would be no good way to segregate the access based on whats in the message, using multiple queues is the best solution. It will also be more performant in that you won't have the request messages from the queue and then thrown them away if they are not for the right client.
163
You should read this page which covers Amazon's HIPAA compliance: https://aws.amazon.com/compliance/hipaa-compliance/
Note that (at this time) SQS isn't in the list of services that are covered under the AWS HIPAA agreement. You can use AWS services that aren't in the HIPAA compliance list, but you can't store PHI data in them. So you would either have to make sure you don't ever store any PHI in your SQS messages, or use a different queue system, such as RabitMQ or ActiveMQ, that you can install on EC2.
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
