Many services in the AWS ecosystem can be used in a HIPAA compliant manner. Unfortunately, it is up to your organization to architect HIPAA compliant applications. There is no official certification for achieving HIPAA compliance. Amazon currently offers a business associates agreement (BAA) addressing physical safeguards, but your team must configure proper technical and administrative safeguards required under HIPAA.
Teams that handle protected health information (PHI) must handle administrative tasks such as annual risk assessments and employee training. Technical solutions must be implemented for requirements such as backup, disaster recovery, and audit logging. Most cloud providers, including Amazon Web Services operate on a “Shared Responsibility” model. Learn more about the compliance requirements shared between your organization and your cloud provider.
Amazon Web Services (AWS) provides a wide array of offerings for creating backend services and deploying applications. These core services can be configured to be HIPAA compliant. AWS offers the flexibility to launch, manage, and scale virtual machines (VMs), cloud storage, managed databases and other services.
Dash allows your organization to create custom HIPAA administrative policies and configure and monitor a HIPAA compliant environment in Amazon Web Services (AWS), with one simple process:
AWS will sign a business associates agreement (BAA) detailing physical safeguards for cloud servicesSee Cloud Service Responsibilities
Your organization must create administrative policies for assessing and maintaining complianceCreate Custom Policies with Dash