Posted On: Apr 11, 2022
Today, Amazon Web Services (AWS) announced that AWS Single Sign-On (AWS SSO) is now HIPAA (Health Insurance Portability and Accountability Act) eligible. AWS SSO is where customers create, or connect, workforce identities and manage their access centrally across AWS accounts. HIPAA eligibility means that customers subject to HIPAA - including health insurance companies, healthcare providers, healthcare clearinghouses, government programs that pay for healthcare, military and veterans' health programs, as well as their associates - can now use AWS SSO for authentication and authorization of users who configure or manage AWS workloads that store, process or transmit Protected Health Information (PHI) and users who sign into applications integrated with AWS SSO that utilize PHI.
If you have a HIPAA Business Associate Addendum (BAA) in place with AWS, you can now start using AWS SSO for HIPAA eligible workloads or use cases. With just a few clicks in the AWS SSO management console you can create users in AWS SSO, or connect your existing identity source, and configure permissions that grant your users access across AWS accounts and hundreds of pre-integrated cloud applications. For information and best practices about configuring AWS HIPAA Eligible Services, see the Architecting for HIPAA Security and Compliance on Amazon Web Services Whitepaper. If you don't have a BAA in place with AWS, or if you have any other questions about running HIPAA-regulated workloads on AWS, please contact us.
AWS SSO achieved Payment Card Industry – Data Security Standard (PCI DSS) compliance and was assessed at the PROTECTED level of the Information Security Registered Assessors Program (IRAP). In addition, it supports customer compliance with International Organization for Standardization (ISO), System and Organization Controls (SOC) 1, 2, and 3, Esquema Nacional de Seguridad (ENS) High, the Financial Market Supervisory Authority (FINMA) International Standard on Assurance Engagements (ISAE) 3000 Type 2 Report requirements, and Multi-Tier Cloud Security (MTCS). To learn more about AWS SSO, visit the AWS Single Sign-On web page, the AWS Region Availability pages, and the AWS GovCloud (US) page.