Amazon AWS Certificate Manager Is Now HIPAA Eligible

Amazon AWS Certificate Manager Is Now HIPAA Eligible

Amazon Web Services (AWS) has announced that the AWS Certificate Manager has achieved HIPAA eligibility, and has been added to the AWS Business Associate Addendum (BAA) and HIPAA-eligible services list. The latest announcement from AWS shares the expanded scope of the service’s compliance status.

With the latest news, AWS customers can use the AWS Certificate Manager alongside applications that store, process, and/or transmit, protected health information (PHI). Customers must follow the cloud shared responsibility model and have a signed Business Associate Addendum in place to use the service in a HIPAA compliant manner.


AWS Certificate Manager

AWS Certificate Manager, is Amazon’s managed service that allows cloud users to provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and internal resources. AWS customers do not pay any additional charge for AWS Certificate Manager provisioned certificates that are used with ACM-integrated services such as Elastic Load Balancing and Amazon API Gateway.

This service is real benefit for users looking to easily manage SSL certificates inside of their cloud platform and avoid 3rd party certificate authorities. Certificate Manager removes the time consuming process of manually purchasing, uploading, and renewing SSL/TLS certificates. Furthermore, customers can automate certificate renewal and use this AWS service to meet specific regulatory and compliance requirements by issuing certificates and encrypting data in transit.


What Does This Mean For AWS Users?

Cloud users may use AWS Certificate Manager with PHI, as long as they fulfill specific compliance requirements. Amazon operates on a Shared Responsibility Model meaning that security is a “shared responsibility” between AWS and organizations. Organization’s may enter a Business Associates Agreement (BAA) with the cloud provider, where Amazon will take responsibility for physical safeguards for HIPAA and regulatory compliance. It is up to the organization to implement the necessary HIPAA administrative policies and technical safeguards and monitoring.

Dash can help organization’s to configure, monitor and maintain HIPAA compliance in Amazon Web Services.