ATNA becomes a transport, identity, and logging architecture on AWS
ATNA is not just a generic security checklist. It is the IHE profile that tells architects how secure nodes should authenticate to each other and how security-relevant events should be audited across an interoperability domain.
ATNA expectation to AWS control mapping
| ATNA concern | AWS control | Implementation note |
|---|---|---|
| Mutual node authentication | mTLS on API endpoints or private integration boundaries | Authenticate both ends before PHI-bearing traffic is exchanged |
| Secure transmission | TLS termination, certificate validation, private networking | Protect SOAP and FHIR traffic in transit |
| Centralized audit trail | CloudTrail, log aggregation, analytics, retention policy | Capture who did what, when, and from where |
| Administrative separation | IAM least privilege and KMS-backed secrets handling | Limit who can operate integrations, rotate keys, and inspect sensitive data |
Secure-node pattern on AWS
Loading diagram...
Audit Trail and Node Authentication (ATNA)
Official IHE profile for secure nodes, audit record repositories, and audit-event requirements.
Read ATNAImplementing mutual TLS for AWS workloads
AWS guidance for mTLS patterns relevant to secure-node style traffic.
Read the mTLS guidanceAudit designs should support forensics without becoming a second PHI repository
The subtle part of audit design is not simply generating more logs. It is deciding what must be preserved for accountability while avoiding unnecessary duplication of sensitive result sets. For document queries, the most valuable evidence is usually who queried, what they queried for, the outcome, and the system path used.
That is why audit pipelines commonly capture actor identity, network source, timestamp, transaction name, and query parameters, then correlate those events to registry or repository systems rather than copying full results into the audit sink.
Why multiple audit layers are usually required
| Evidence source | What it captures well | What it misses by itself |
|---|---|---|
| CloudTrail | AWS control-plane API usage, administrative changes, and service access events where supported | Clinical query intent, end-user context, and many application-level document transactions |
| Application audit events | User, patient, document query, outcome, and business transaction semantics | Underlying infrastructure changes unless correlated with platform logs |
| Network or edge logs | Source IPs, TLS handshakes, and traffic path evidence | Clinical meaning unless linked to application context |
Logging pitfall
If your audit store captures the full query result body for every sensitive transaction, you can accidentally create a second, less-governed copy of the patient record.
Query CloudTrail logs with Athena
Official AWS documentation for querying API activity logs during investigation and compliance review.
Open the Athena log query guideCertificate and key handling should be treated as a first-class clinical control
Healthcare integrations often depend on organization certificates, private trust anchors, or regional PKI artifacts such as NASH in Australia. Those credentials should be retrieved at runtime from a managed secrets boundary, not embedded into source code or manual deployment bundles.
Practical secret-handling decisions
| Need | Recommended pattern | Why it matters |
|---|---|---|
| Store certificate or private key | AWS Secrets Manager with KMS encryption | Protects sensitive material and enables controlled retrieval |
| Limit runtime access | IAM role scoped to the integration function only | Reduces blast radius if one workload is compromised |
| Rotate and track use | Versioned secret updates plus audit logging | Supports governance and incident response |
API Gateway mutual TLS
Official AWS documentation for trust-store management and client-certificate validation at the API edge.
Read the API Gateway mTLS docsAWS Secrets Manager documentation
Official AWS documentation for secret storage, retrieval, and rotation controls.
Read the Secrets Manager docsKnowledge Check
Test your understanding with this quiz. You need to answer all questions correctly to mark this section as complete.