1 Reply Latest reply on Dec 4, 2014 9:19 AM by James Boyle

    Tableau in the Cloud and HIPAA

    Marco Di Cesare

      Hi everyone,


      Wondering if anyone has any experience with using Tableau with a Healthcare application deployed in a cloud environment like Amazon Web Services (AWS)?


      While there is nothing particularly interesting about installing and deploying a Tableau cluster in AWS itself using PHI/PII data as part of the visualizations does get us into challenges with HIPAA compliance. Amazon is willing to sign off on a BAA if you can guarantee any PHI/PII is encrypted while at rest or while in transit within the Amazon infrastructure.


      Encrypting the data in transit is the problem. We can easily set things up so the Tableau Gateways are SSL enabled and any user interaction with Tableau is using encrypted communication. However, if we setup the typical 3-node cluster deployment of Tableau the nodes themselves (EC2 instances) communicate to each other over non-secure HTTP communication. Since the Tableau nodes exchange information that could potentially include PHI/PII data this violates the BAA agreement.


      We've contacted our Tableau support person but so far it looks like there is no solution.


      Does anyone have any experience with this or have any advice (other than removing the PHI/PII which is not ideal since our users are permitted to see this PHI/PII to do their job properly)?