Posted On: Apr 11, 2022

Today, Amazon Web Services (AWS) announced that AWS Single Sign-On (AWS SSO) is now HIPAA (Health Insurance Portability and Accountability Act) eligible. AWS SSO is where customers create, or connect, workforce identities and manage their access centrally across AWS accounts. HIPAA eligibility means that customers subject to HIPAA - including health insurance companies, healthcare providers, healthcare clearinghouses, government programs that pay for healthcare, military and veterans' health programs, as well as their associates - can now use AWS SSO for authentication and authorization of users who configure or manage AWS workloads that store, process or transmit Protected Health Information (PHI) and users who sign into applications integrated with AWS SSO that utilize PHI.

If you have a HIPAA Business Associate Addendum (BAA) in place with AWS, you can now start using AWS SSO for HIPAA eligible workloads or use cases. With just a few clicks in the AWS SSO management console you can create users in AWS SSO, or connect your existing identity source, and configure permissions that grant your users access across AWS accounts and hundreds of pre-integrated cloud applications. For information and best practices about configuring AWS HIPAA Eligible Services, see the Architecting for HIPAA Security and Compliance on Amazon Web Services Whitepaper. If you don't have a BAA in place with AWS, or if you have any other questions about running HIPAA-regulated workloads on AWS, please contact us.