Selecting A HIPAA Compliant Cloud

Comparing HIPAA cloud options can be difficult. There are a few requirements teams should always consider when selecting a HIPAA compliant cloud provider.

Read Our Latest Whitepaper – Managing HIPAA in AWS   Download Whitepaper

HIPAA Cloud Overview

When selecting a HIPAA compliant cloud, your organization must configure and maintain all physical, technical, and administrative safeguards required by HIPAA. Utilizing public cloud platforms such as Amazon Web Services (AWS) allows organizations to take advantage of established security programs provided by the cloud provider. Benefits of configuring HIPAA compliant applications in the public cloud include:

Security Certifications

Established cloud platforms like AWS have a number of certifications and security programs organizations are able to take advantage of.

Numerous Cloud Services

Public cloud platforms offer hundreds of managed services that organizations can utilize to build solutions quickly.

Easy Scalability

Public cloud platforms allow organizations to pay for only the services they need and scale out to large services when it is time to scale up.


Organizations can build applications using almost any major technology when using public cloud platform.

Download Our Guide To Managing HIPAA In AWS

Fulfilling HIPAA Cloud Requirements

Not every web host or cloud solution can be configured in a HIPAA compliant manner. When selecting a HIPAA compliant cloud provider it is important to keep the following requirements in mind:

1. Sign A Business Associates Agreement (BAA) With Your Cloud Provider

For any cloud solutions used for storing, analyzing, and/or transmitting protected health information (PHI), your organization must sign and execute a Business Associates Agreement (BAA). This agreement details the breakdown of HIPAA responsibilities between your organization and the cloud provider.

A BAA should also be signed for all software that will store, analyze, or transmit PHI. So if your team will store PHI in Dropbox, CRM platforms or other services, you must have a signed BAA with those software vendors as well.

Fulfilling HIPAA Cloud Requirements

2. Utilize services only covered under the BAA

Your cloud provider’s BAA dictates which services can or cannot be used in a HIPAA compliant manner. For example, some organization’s may have covered services for specific product lines, or software packages.

Only services covered under the cloud BAA should be utilized with PHI. Organization’s such as Amazon Web Services (AWS) have a large list of HIPAA eligible services. Your team can utilize BAA covered services to store and handle PHI.

Fulfilling HIPAA Cloud Requirements

3. Prepare Your Organization’s Security Plan

Regardless of the selected cloud provider, your organization has specific HIPAA responsibilities. Your organization must create a set of HIPAA administrative policies that dictate standard operating procedures for implementing, reviewing, and managing compliance safeguards.

Your team must also implement all technical safeguards not provided or setup by your cloud provider. This includes encryption, backup and recovery, and audit logging solutions. It is possible to build a non-compliant solution on a HIPAA compliant cloud provider.

Fulfilling HIPAA Cloud Requirements

Automating HIPAA Compliance With Dash

The Dash Compliance Automation Platform, offers organizations a single solution for configuring and monitoring HIPAA compliance in Amazon Web Services. With Dash, your organization can build HIPAA compliant applications in your own AWS account. Dash automates many regulatory requirements to ensure a HIPAA compliant cloud. All Dash installations include:

Custom administrative policies – Dash generates all necessary HIPAA administrative policies based around your organization

Continuous compliance monitoring – Dash scans and monitors your cloud environment for compliance issue and provides triage and remediation for compliance concerns

Real-time compliance notifications – Dash provides real-time notifications about your organization’s security and compliance profile.

Tour Dash Compliance Automation
Automating HIPAA Compliance With Dash

A Trusted Compliance Partner

Dash is built around a team of compliance and cloud experts. We provide HIPAA cloud solutions that enable organizations to easily configure and manage HIPAA in Amazon Web Services, the market-leading cloud platform.

HIPAA/HITECH Compliance Experts

Security Plans Tailored To Your Organization

Compliance Built Around Your Cloud and Infrastructure

Amazon Web Services (AWS) Advanced Partner

A Trusted Compliance Partner

See How Dash Configures HIPAA Cloud Solutions