Posted On: Aug 24, 2017

This Quick Start deploys a model environment that can help organizations with workloads that fall within the scope of the U.S. Health Insurance Portability and Accountability Act (HIPAA), including workloads with protected health information (PHI). The Quick Start architecture maps to certain technical requirements imposed by HIPAA regulations.

The deployment is automated by AWS CloudFormation templates and scripts that build an example multi-tier, Linux-based web application in the AWS Cloud in about 30 minutes. Customers can customize the templates to build a repeatable, auditable reference architecture that meets their specific needs. The Quick Start includes a deployment guide that describes the architecture in detail and provides step-by-step instructions for deploying, configuring, and validating the AWS environment. The Quick Start also includes a security controls reference that maps the Quick Start’s architecture decisions, components, and configurations to certain HIPAA regulatory requirements.

Customers must accept the AWS Business Associate Addendum (BAA) and configure their AWS account(s) as required by the BAA before using AWS services in connection with PHI. Customers are solely responsible for determining which portions of HIPAA apply to them, and how to comply with those applicable requirements. For more information about the AWS BAA and HIPAA workloads on AWS, visit the AWS HIPAA Compliance webpage.

To get started with the HIPAA Quick Start on AWS, use the following resources:
- Learn more about the HIPAA Quick Start architecture and details
- View the deployment guide
- View the security controls reference (Microsoft Excel format)
- Browse and launch other AWS Quick Start reference deployments

About Quick Starts

Quick Starts are automated reference deployments for key workloads on the AWS Cloud. Each Quick Start launches, configures, and runs the AWS compute, network, storage, and other services required to deploy a specific workload on AWS, using AWS best practices for security and availability. This is the latest in a series of compliance Quick Starts, which provide security-focused architecture solutions to help Managed Service Providers (MSPs), cloud provisioning teams, developers, integrators, and information security teams follow strict security, compliance, and risk management controls.