Posted On: Mar 10, 2017

AWS has expanded its HIPAA compliance program to include AWS Direct Connect as a HIPAA Eligible Service. With the addition of Direct Connect, if you have an executed Business Associate Agreement (BAA) with AWS you can now transfer large amounts of data, including Protected Health Information (PHI), into and out of AWS in a cost-effective manner designed for your security. AWS Direct Connect offers several benefits for customers: it lowers bandwidth costs out of AWS (which is valuable for applications that have bulk data transfer requirements), it offers more consistent network performance over Internet-based connections for applications that require real-time data feeds, and it provides an alternative means to connect to the AWS cloud for customers who may have security or compliance policies that prevent VPN connectivity to the cloud.

Using Direct Connect to migrate data to AWS is a simple first step towards leveraging a full suite of cloud-based HIPAA Eligible Services for data life cycle management, such as Amazon S3 (excluding the use of S3 Transfer Acceleration), Amazon Glacier, and AWS database services. Read our whitepaper to learn more on how to configure AWS services to support your HIPAA applications.

If you already have an executed BAA with AWS and a Direct Connect connection into AWS, no action is necessary to begin using Direct Connect in the account(s) covered by your BAA. If you do not have an executed BAA with AWS or have any other questions about running applications on AWS that might be subject to HIPAA, please contact us and we will put you in touch with a representative from our team.