SCALABLE HIPAA-COMPLIANT REST API GATEWAY DESIGN USING ASP.NET WEB API AND AWS API GATEWAY

The proliferation of cloud-native healthcare applications has intensified the demand for robust, scalable, and regulatorycompliant API infrastructure. This paper presents a comprehensive architectural framework for designing and deploying
HIPAA-compliant RESTful API gateways by leveraging the complementary capabilities of ASP.NET Web API and Amazon
Web Services (AWS) API Gateway. The proposed architecture addresses the multifaceted challenges inherent to healthcare
data exchange, encompassing end-to-end encryption, fine-grained authorization, audit logging, throttling, and disaster recovery,
while simultaneously preserving system responsiveness and horizontal scalability under variable workload conditions. Drawing
from practical experience in engineering HIPAA transaction processing systems, the paper articulates a layered security model,
a microservices decomposition strategy, and a cloud-deployment topology that collectively satisfy the Technical Safeguards
and Administrative Safeguards mandated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Empirical analysis of throughput, latency, and compliance posture demonstrates that the proposed framework is viable for
production-grade healthcare environments requiring both regulatory rigor and enterprise-scale performance.