Posted On: Nov 12, 2018
AWS Certificate Manager is now a HIPAA Eligible Service and has been added to the AWS Business Associate Addendum (BAA).
AWS Certificate Manager lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources. With AWS Certificate Manager, there is no additional charge for provisioning public or private SSL/TLS certificates you use with ACM-integrated services, such as Elastic Load Balancing and Amazon API Gateway. You pay for the AWS resources you create to run your application. There is no additional charge for using AWS Certificate Manager with HIPAA eligibility.
If you have a BAA in place with AWS, you can immediately start using AWS Certificate Manager to manage the SSL/TLS certificates that enable secure communications of protected health information (PHI). If you do not have a BAA in place with AWS or have any other questions about running HIPAA-regulated workloads on AWS, please contact us.
HIPAA Eligibility applies to all AWS Regions where AWS Certificate Manager is available. See the Architecting for HIPAA Security and Compliance on Amazon Web Services Whitepaper for information and best practices about how to configure AWS HIPAA Eligible Services to store, process, and transmit protected health information (PHI).