Compliance Infrastructure That Runs Itself
The HIPAA Log Shipper provides automated log collection, AWS KMS encryption, and tamper-evident archiving—delivering compliant log retention without manual intervention, dedicated security staff, or complex infrastructure management.
Purpose-built for hosting providers, MSPs, healthcare organizations, and agencies managing healthcare hosting environments.
Healthcare Log Retention Shouldn't Require a Security Team
Server logs in healthcare environments routinely contain Protected Health Information—IP addresses, access patterns, form submissions, and authentication events. HIPAA requires that these logs be retained securely with integrity verification for compliance audits.
For large health systems, this is handled by dedicated security teams. But for small and mid-size healthcare organizations, hosting providers, and the agencies that serve them, there's a massive compliance gap: the requirement exists, but the infrastructure doesn't.
Most organizations either ignore the requirement, rely on manual processes that can't scale, or pay for enterprise solutions that are vastly over-engineered for their needs.
The Compliance Gap
PHI in server logs
IP addresses, form data, and access patterns are routinely logged
Retention with integrity
Logs must be stored securely and proven unmodified for auditors
No dedicated security team
Small/mid-size orgs lack the staff to manage this manually
The HIPAA Log Shipper closes this gap with zero-dependency automation.
How It Works
Six integrated capabilities that deliver compliant log retention without complexity.
Automated Log Collection
Collects logs from web servers, security tools, and system services automatically. Only processes finalized log files—never reads active logs to avoid data corruption or service interference.
KMS Encryption at Rest
All logs are encrypted using AWS KMS server-side encryption before storage. Encryption keys are managed through AWS Key Management Service, ensuring enterprise-grade protection without manual key handling.
Tamper-Evident Integrity
SHA-256 checksum manifests are generated for every log file at the point of collection. These cryptographic hashes provide mathematical proof that no log has been modified, deleted, or tampered with after archiving.
Write-Only Architecture
IAM credentials are scoped to upload-only access. The system cannot read, delete, or list existing files in the archive. Combined with S3 Object Lock, this creates a write-once-read-never security model from the server side.
Exactly-Once Delivery
Tracks files by inode and size to ensure every log is shipped exactly once. No duplicates, no gaps, no missed files. If a shipment fails, it retries without creating redundant copies in the archive.
WHM Integration
Native WHM/cPanel interface for configuration. Supports AWS credentials management, per-account selection, and dual credential modes—giving hosting providers granular control without command-line complexity.
Design Principles
Every architectural decision was made to maximize security while minimizing operational complexity.
Zero-Dependency Architecture
No external agents, daemons, or third-party services. The system runs as a self-contained process with no runtime dependencies beyond the server OS and AWS credentials.
Archived-Only Shipping
Only finalized, rotated log files are shipped. Active logs are never touched, ensuring no interference with running services or risk of partial data collection.
Write-Only Security
The system's credentials can only upload data. Even if the server is fully compromised, an attacker cannot read, modify, or delete any previously archived logs.
Auditor-Friendly Documentation
Every log shipment generates machine-readable manifests with SHA-256 checksums, timestamps, and source metadata. Auditors can verify integrity independently without Mediaura involvement.
Who It's For
Hosting Providers
Offer HIPAA-compliant log retention as a value-add service for healthcare clients without building custom infrastructure.
Managed Service Providers
Add compliance-grade log archiving to your managed services portfolio with minimal integration effort and no ongoing maintenance.
Healthcare Organizations
Meet HIPAA log retention requirements without hiring dedicated security staff or deploying enterprise SIEM solutions.
Agencies with Healthcare Clients
Ensure the hosting environments you manage for healthcare clients meet compliance requirements without operational overhead.
Need Compliant Log Retention Without the Complexity?
The HIPAA Log Shipper delivers automated, tamper-evident log archiving with zero-dependency architecture. No agents to install, no SIEM to configure, no security team required.