HIPAA compliant ElasticSearch application


(Charitha Sathkumara) #1

I am trying to implement a logging solution as part of an application that
handles sensitive medical data. I intend on using Elasticsearch + Searchbox.io
Jest https://github.com/searchbox-io/Jest for storage and retrieval of
this data.

HIPAA rules state that I must ensure that communications between my
application server and elasticsearch server are encrypted.

How would I go about protecting an Elasticsearch server and communications
between the server and the Jest client?
Any resources/tutorials/ideas would be much appreciated.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(Mohit Anchlia) #2

You might find this helpful:

I haven't used it yet but planning to

On Fri, Aug 30, 2013 at 4:31 PM, Charitha Sathkumara <
srilankanchurro@gmail.com> wrote:

I am trying to implement a logging solution as part of an application that
handles sensitive medical data. I intend on using Elasticsearch + Searchbox.io
Jest https://github.com/searchbox-io/Jest for storage and retrieval of
this data.

HIPAA rules state that I must ensure that communications between my
application server and elasticsearch server are encrypted.

How would I go about protecting an Elasticsearch server and communications
between the server and the Jest client?
Any resources/tutorials/ideas would be much appreciated.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(ferhatsb) #3

You can also use Nginx proxy and terminate SSL with it.

On Saturday, August 31, 2013 2:31:26 AM UTC+3, Charitha Sathkumara wrote:

I am trying to implement a logging solution as part of an application that
handles sensitive medical data. I intend on using Elasticsearch + Searchbox.io
Jest https://github.com/searchbox-io/Jest for storage and retrieval of
this data.

HIPAA rules state that I must ensure that communications between my
application server and elasticsearch server are encrypted.

How would I go about protecting an Elasticsearch server and communications
between the server and the Jest client?
Any resources/tutorials/ideas would be much appreciated.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(Paul Brown) #4

Hi, Charitha --

You'll need to secure both the transport to the cluster (e.g., with HTTPS as some other posters suggested) and the internal transport within the cluster; see, e.g., https://github.com/elasticsearch/elasticsearch/pull/2105.


prb@mult.ifario.us | Multifarious, Inc. | http://mult.ifario.us/

On August 30, 2013 at 4:31:30 PM, Charitha Sathkumara (srilankanchurro@gmail.com) wrote:

I am trying to implement a logging solution as part of an application that handles sensitive medical data. I intend on using Elasticsearch + Searchbox.io Jest for storage and retrieval of this data.

HIPAA rules state that I must ensure that communications between my application server and elasticsearch server are encrypted.

How would I go about protecting an Elasticsearch server and communications between the server and the Jest client?
Any resources/tutorials/ideas would be much appreciated.

You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


HIPAA Compliant Elasticsearch
(system) #5