[sithu]

Great advice, thank you- will make a note of these things for when we start deploying. At the moment, I think we will only need one EC2 instance attached to an encrypted EBS volume with the database on it. We're not using RDS. When you say encrypt PHI traffic between servers, you mean like EC2<-->S3?

[andrewjshults]

EC2 <-> S3 yes (this should be easy as S3 has ssl support out of the box). The bigger issue is stuff like redis (which purposefully doesn't support encryption) which means you either need to be careful not to put PHI in redis (e.g., use object IDs rather than the object themselves, don't cache things that might have PHI) or use something like stunnel (which doesn't play lovely with redis), ipsec, or use GCE.

I'd recommend encrypting from the boot volume up and not just your EBS volumes. Otherwise you have to worry about things like PHI in logs, core dumps, etc. being put onto unencrypted storage.