Sold by: Kriv AI
Kriv AI delivers turn-key deployment of Amazon Bedrock inside a HITRUST-certified AWS landing zone for healthcare Customers (hospitals, health systems, payers, digital health). HITRUST CSF v11.6 + HITRUST AI Security Assessment evidence mapped to AWS services; Bedrock Guardrails for PHI + medical-misinformation + bias/fairness filters; PHI-safe RAG via OpenSearch Serverless + Textract + Comprehend Medical + Macie redaction; CloudTrail Object Lock immutable audit (7-year HIPAA §164.316); External Assessor Organization (EAO) handoff package indexed to HITRUST CSF v11.6 control IDs. Deploys on Customer's AWS account (no managed-cloud lock-in). Three tiers: $95K Foundation / $175K Standard / $275K Enterprise + $40K per use-case add-on. AWS Select + Databricks + Anthropic CPN. Natural follow-on to N8 HITRUST Roadmap.
Overview
HITRUST listings exist. Amazon Bedrock listings exist. The combination does not — until now.
HITRUST CSF v11.6 (2024) added the HITRUST AI Security Assessment — the first industry-specific AI control set, with 51+ AI-specific requirements spanning model lifecycle, prompt injection, output validation, and training-data governance. Health systems, payers, and digital health face a specific problem: HITRUST MyCSF scope now includes AI workloads, but their Bedrock deployments (ambient scribes, clinical copilots, claims AI, PHI-safe RAG) were built without HITRUST control mapping. HHS OCR 2024 enforcement (Cascade Eye & Skin $1.5M; Doctors' Management Services settlement) and 2025 proposed Security Rule amendments raise the bar; cyber-insurance renewal increasingly gates on HITRUST + AI Security Assessment; enterprise counterparties demand attestation.
Current AWS Marketplace listings are one-or-the-other. ClearDATA sells HITRUST-inheritable managed cloud at $15K–$75K/mo ($180K–$900K/yr) but locks Customer into ClearDATA tenancy with no Bedrock blueprint. HI-TEX is infrastructure-only. Mactores is SageMaker-era. Traditional SI HITRUST + AWS engagements $250K–$750K over 4–8 months. Big-4 AI governance + HITRUST combined deals $500K–$1.5M. N23 is the first transparent, fixed-fee, turn-key Bedrock deployment on a HITRUST-certified AWS landing zone with AI Security Assessment evidence packaged for EAO handoff.
Methodology leverages Kriv's live N8 HITRUST Roadmap, N11 FHIR Patient Engagement, and E3 HIPAA AI Governance Framework. Deployment on Customer's AWS account (not ClearDATA-style managed tenancy).
Reference architecture. AWS Landing Zone (Organizations Security/Audit/Workload/Sandbox; Control Tower; SCPs mapped to CSF families). Identity & Access (IAM Identity Center + SAML; MFA; least-privilege; Access Analyzer; quarterly reviews). Network (private VPC; PrivateLink for Bedrock / SageMaker / S3 / Secrets Manager; zero internet egress for PHI; VPC Flow Logs). Encryption (KMS CMKs; BYOK / CloudHSM; envelope; annual rotation). Bedrock with Guardrails (PHI, denied topics, medical-misinformation, bias/fairness), Model Invocation Logging to S3 Object Lock, Knowledge Bases PHI-safe RAG, Agents with HITL clinical gates, Model Cards + Model Monitor. PHI-Safe RAG via OpenSearch Serverless (KMS); ingestion via Textract + Comprehend Medical + Macie redaction; §164.514 Safe Harbor de-id; embeddings stay in Customer AWS account. Audit Manager HITRUST framework automated evidence indexed to CSF v11.6 control IDs; CloudTrail org trail + S3 Object Lock 7-yr HIPAA §164.316. Threat Detection (GuardDuty + Security Hub + Macie + Inspector). IR (CloudWatch + EventBridge + SNS to SOC; AI IR Runbooks). BCDR aligned to CSF §10.02.
CSF v11.6 coverage. All 19 control families at infrastructure layer. The 51+ AI Security Assessment requirements covered through Bedrock + Guardrails + Model Monitor + CloudTrail + Audit Manager — model governance, prompt-injection defenses, data lineage, bias testing, explainability, AI IR, vendor AI risk.
Week-by-week (8-week Foundation). W1 Kickoff + HITRUST scope (e1/i1/r2/r2+AI) + use-case discovery + EAO shortlist (A-LIGN, Schellman, Coalfire, Insight Assurance). W2 Landing-zone provisioning. W3 Bedrock + Guardrails + Model Invocation Logging. W4 PHI-safe RAG. W5 Guardrails tuning + Agents HITL + Model Cards. W6 Audit Manager HITRUST + Model Monitor. W7 Security controls (GuardDuty, Security Hub, Macie, Inspector, IR runbooks). W8 EAO handoff + UAT + readout + 30-day warranty.
Three tiers. Foundation $95K (6–8 wk; 1 use case; 19 CSF families; e1/i1 scope; 30-day warranty) for digital health Series B–C, single-hospital providers, small payers. Standard $175K (10 wk; up to 3 use cases; full AI Security Assessment evidence; r2 scope; 60-day warranty) for regional systems $1B–$5B, Medicaid MCOs, regional MA. Enterprise $275K (12 wk; up to 5 entities; r2+AI scope; Bedrock Agents orchestration; EAO engagement support; 90-day hypercare) for large IDNs, national Blues, Series D digital health, AMCs. Optional Extra Use-Case $40K each.
Important disclosures. Kriv is NOT a HITRUST External Assessor Organization (EAO); HITRUST certification is issued by HITRUST Alliance following an independent EAO's validated assessment — Kriv prepares evidence only. Kriv issues no HITRUST / SOC 2 / ISO 42001 / HIPAA certifications. Kriv is Customer's BA where PHI flows during implementation — BAA required before kickoff. No legal, regulatory, or clinical advice. AWS infrastructure billed separately. Bedrock/Claude outputs for clinical use cases require CMIO + medical director + clinical governance review. No guarantee of HITRUST certification outcome, OCR audit outcome, enforcement avoidance, or cyber-insurance premium reduction.
Highlights
- First HITRUST-certified Bedrock deployment SKU on AWS Marketplace — CSF v11.6 + HITRUST AI Security Assessment (51+ requirements) evidence indexed for EAO handoff. All 19 CSF control families addressed at infrastructure layer. Bedrock with Guardrails (PHI detection + denied topics + medical-misinformation + bias/fairness), Model Invocation Logging to S3 Object Lock, Knowledge Bases for PHI-safe RAG, Agents with HITL clinical gates, Model Cards, Model Monitor.
- PHI-safe RAG via Amazon OpenSearch Serverless (KMS-encrypted) + Textract + Comprehend Medical + Macie redaction. §164.514 Safe Harbor de-identification path. Embeddings remain in Customer AWS account — no cross-account or external-vendor egress. CloudTrail org trail with S3 Object Lock immutable retention (7-year HIPAA §164.316). AWS Audit Manager HITRUST framework automated evidence collection indexed to CSF v11.6 control IDs. IAM Identity Center with SAML + MFA + quarterly access reviews.
- Deploys on Customer's AWS account (no managed-cloud lock-in) — AWS Select + Databricks + Anthropic CPN. EAO handoff package included (A-LIGN, Schellman, Coalfire, Insight Assurance shortlist). Three tiers: Foundation $95K (6–8 weeks; 1 use case; e1/i1 scope) for digital health Series B–C; Standard $175K (10 weeks; 3 use cases; r2 scope; full AI Security Assessment evidence) for regional health systems; Enterprise $275K (12 weeks; IDN up to 5 entities; r2+AI scope; 90-day hypercare)
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Resources
Support
Vendor support
Primary contact. info@kriv.ai · +1-732-433-5564 · https://kriv.ai/support
Response SLA. First response within 2 US business days (Mon–Fri 9 am – 6 pm ET, ex-US federal holidays). Active engagements: Engagement Lead within 4 business hours weekdays. HITRUST-renewal or OCR-enforcement-driven engagements compress to same business day.
Onboarding SLA. First customer contact within 2 US business days of buyer inquiry / private-offer acceptance. Kickoff within 2–3 weeks of SOW (BAA execution + AWS account delegation extends timing); 5–10 business days when enforcement-driven.
Escalation. (1) Engagement Lead (named in SOW) → (2) Practice Director (info@kriv.ai ) → (3) CEO Abhinav Dangri (info@kriv.ai ).
Communication. Dedicated Microsoft Teams channel; weekly 60-min video checkpoint; Friday written status. Customer SMEs 4–6 hrs/week (CISO, CIO, HIPAA Privacy Officer, CMIO, Cloud Engineering, Clinical Informatics). Enterprise hypercare adds daily standup during 90-day window.
Handoff. Word/Excel/PDF in customer secure share; landing zone + Bedrock as CloudFormation / CDK; HITRUST CSF v11.6 evidence as Excel indexed to control IDs; Model Cards + Model Monitor dashboards as JSON + CloudWatch configs; EAO handoff package as compiled PDF + supporting Excel.
Out of scope. Kriv is NOT a HITRUST EAO; certification is issued by HITRUST Alliance following independent EAO validated assessment. Kriv prepares evidence only; Kriv is Customer's BA where PHI flows during implementation (BAA required). No legal, regulatory, or clinical advice. Bedrock/Claude outputs for clinical use cases require Customer clinical review.
AWS-side billing. AWS infrastructure (Bedrock consumption, KMS, S3, OpenSearch, Audit Manager, CloudTrail, GuardDuty, Macie, Inspector, Secrets Manager) billed directly by AWS.
Holiday coverage. Closed on US federal holidays.