Amazon Web Services (AWS) has announced that the Amazon Elasticsearch Service has achieved HIPAA eligibility, as well as PCI and ISO compliance. The latest announcement from AWS shares the expanded scope of the service’s compliance status.
With the latest news, AWS customers can use the Amazon Elasticsearch Service to store and analyze protected health information (PHI) and build HIPAA compliant applications. Customers must follow the cloud shared responsibility model and have a signed Business Associates agreement in place to use the service in a HIPAA compliant manner.
Additionally, Amazon Elasticsearch Service is now in-scope of AWS’ PCI DSS which will allow you to store, process, or transmit cardholder data using the service. Additionally, Amazon Elasticsearch Service is in-scope of AWS’ ISO 9001, 27001, 27017, and 27018 certifications. PCI DSS and ISO are among the most recognized security standards for security management in the cloud.
Amazon Elasticsearch Service, is Amazon’s managed Elasticsearch that allows cloud users to search, analyze, and visualize real-time data. Amazon Elasticsearch integrates with open-source solutions including Kibana and Logstash, giving organizations an easy option for analyzing log data and integrating data into other AWS services such as Amazon Cloudwatch and Amazon Lambda.
Amazon’s service is real benefit for users looking for a fully hosted and scalable Elasticsearch solution, without major configuration. Easy-to-use APIs and real-time analytics capabilities allow teams the ability to work with data in cases such as log analytics, application monitoring, and full text-search.
What Does This Mean For AWS Users?
Cloud users may use Amazon Elasticsearch Service with PHI, as long as they fulfill specific compliance requirements. Amazon operates on a Shared Responsibility Model meaning that security is a “shared responsibility” between AWS and organizations. Organization’s may enter a Business Associates Agreement (BAA) with the cloud provider, where Amazon will take responsibility for physical safeguards for HIPAA and regulatory compliance. It is up to the organization to implement the necessary HIPAA administrative policies and technical safeguards and monitoring.
Dash can help organization’s to configure, monitor and maintain HIPAA compliance in Amazon Web Services.