Amazon Web Services has a number of Compliance Programs and AWS Security Certifications clients are able to utilize to jumpstart compliance efforts.
AWS Compliance Programs include many major cybersecurity frameworks including NIST, ISO, etc.
In addition to 3rd party certifications, Amazon provides security features, frameworks and agreements for addressing specific laws and regulations sucha as HIPAA, GDPR, and FERPA. Organizations dealing with protected health information (PHI) may maintain HIPAA compliance in AWS by configuring AWS HIPAA Eligible Services in coordination with with client administrative and technical safeguards.
Many services in the AWS ecosystem can be used in a HIPAA compliant manner. Unfortunately, it is up to your organization to architect HIPAA compliant applications. There is no official certification for achieving HIPAA compliance. Amazon currently offers a business associates agreement (BAA) addressing physical safeguards, but your team must configure proper technical and administrative safeguards required under HIPAA.
Teams that handle protected health information (PHI) must handle administrative tasks such as annual risk assessments and employee training. Technical solutions must be implemented for requirements such as backup, disaster recovery, and audit logging. Most cloud providers, including Amazon Web Services operate on a “Shared Responsibility” model. Learn more about the compliance requirements shared between your organization and your cloud provider.
Amazon Web Services (AWS) provides a wide array of offerings for creating backend services and deploying applications. These core services can be configured to be HIPAA compliant. AWS offers the flexibility to launch, manage, and scale virtual machines (VMs), cloud storage, managed databases and other services.
Dash allows your organization to create custom HIPAA administrative policies and configure and monitor a HIPAA compliant environment in Amazon Web Services (AWS), with one simple process: