Our AWS Infrastructure is HIPAA Compliant
A large and growing number of healthcare providers, payers and IT professionals are using AWS’s utility-based cloud services to process, store, and transmit PHI.
AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) to leverage the secure AWS environment to process, maintain, and store protected health information.
AWS offers a HIPAA-focused Whitepaper for customers interested in learning more about how they can leverage AWS for the processing and storage of health information. The “Creating HIPAA-Compliant Medical Data Applications with AWS” whitepaper outlines how companies can use AWS to process systems that facilitate HIPAA and HITECH compliance.
HIPAA Compliance: A Shared Responsibility Model
When evaluating the security of a cloud solution, it is important for customers to understand and distinguish between:
- Security measures that the cloud service provider (AWS) implements and operates – “security of the cloud”
- Security measures that the customer implements and operates, related to the security of customer content and applications that make use of AWS services – “security in the cloud”
While AWS manages security of the cloud, security in the cloud is the responsibility of the customer. Customers retain control of what security they choose to implement to protect their own content, platform, applications, systems and networks, no differently than they would for applications in an on-site datacenter.