The Health Insurance Portability and Accountability Act (HIPAA) defines rules that American organizations must follow to securely handle and maintain Protected Health Information (PHI). To remain in compliance, organizations are required to have a signed Business Associate Agreement (BAA) from any partner organization that creates, receives, maintains, or transmits PHI. The partner must ensure that it will safeguard the PHI that passes through its systems. Businesses also have to meet a long checklist of compliance rules and practices.

Amazon S3 (Simple Storage Service) provides cloud-based object storage through a web service interface. You can use S3 to store and retrieve any amount of data, at any time, from anywhere on the web. S3 objects, which may be structured in any way, are stored in resources called buckets.

You migrate PHI just as you would any other data, but you must stay cognizant of HIPAA regulations. No one but you and the data source can handle the data unless you have a BAA in place with them.

You can use any methods your data provider offers to extract data from their service. Many cloud-based data sources provide APIs that expose data to programmatic retrieval. Others allow you to set up webhooks to push event data to requesters. For data that lives in a database, you can use SELECT statements or a utility that does a mass dump of the data you specify.

To upload files you must first create an S3 bucket. Once you have a bucket you can add an object to it. An object can be any kind of file: a text file, data file, photo, or anything else. You can optionally compress or encrypt the files before you load them.

Once you've set up your data pipeline to your HIPAA data source, you can relax – as long as nothing changes. You have to keep an eye on any modifications that your sources make to the data they deliver. You should also watch out for cases where your script doesn't recognize a new data type. And since you'll be responsible for maintaining your script, every time your users want slightly different information, you'll have to modify the script. Keep in mind that HIPAA is all about rules and compliance, so you'll also have to know what HIPAA permits and proscribes, as will anyone else who works on the script.

S3 is great, but sometimes you want a more structured repository that can serve as a basis for BI reports and data analytics — in short, a data warehouse. Some folks choose to go with Amazon Redshift, Google BigQuery, PostgreSQL, Snowflake, Microsoft Azure Synapse Analytics, or Panoply, which are RDBMSes that use similar SQL syntax. If you're interested in seeing the relevant steps for loading data into one of these platforms, check out To Redshift, To BigQuery, To Postgres, To Snowflake, To Azure Synapse Analytics, and To Panoply.