AWS News Blog
AWS HIPAA Eligibility Update (July 2017) – Eight Additional Services
It is time for an update on our on-going effort to make AWS a great host for healthcare and life sciences applications. As you can see from our Health Customer Stories page, Philips, VergeHealth, and Cambia (to choose a few) trust AWS with Protected Health Information (PHI) and Personally Identifying Information (PII) as part of their efforts to comply with HIPAA and HITECH.
In May we announced that we added Amazon API Gateway, AWS Direct Connect, AWS Database Migration Service (AWS DMS), and Amazon Simple Queue Service (Amazon SQS) to our list of HIPAA eligible services and discussed our how customers and partners are putting them to use.
Eight More Eligible Services
Today I am happy to share the news that we are adding another eight services to the list:
Amazon CloudFront can now be utilized to enhance the delivery and transfer of Protected Health Information data to applications on the Internet. By providing a completely secure and encryptable pathway, CloudFront can now be used as a part of applications that need to cache PHI. This includes applications for viewing lab results or imaging data, and those that transfer PHI from Healthcare Information Exchanges (HIEs).
AWS Web Application Firewall can now be used to protect applications running on AWS which operate on PHI such as patient care portals, patient scheduling systems, and HIEs. Requests and responses containing encrypted PHI and PII can now pass through AWS WAF.
AWS Shield can now be used to protect web applications such as patient care portals and scheduling systems that operate on encrypted PHI from DDoS attacks.
Amazon S3 Transfer Acceleration can now be used to accelerate the bulk transfer of large amounts of research, genetics, informatics, insurance, or payer/payment data containing PHI/PII information. Transfers can take place between a pair of AWS Regions or from an on-premises system and an AWS Region.
Amazon WorkSpaces can now be used by researchers, informaticists, hospital administrators and other users to analyze, visualize or process PHI/PII data using on-demand Windows virtual desktops.
AWS Directory Service can now be used to connect the authentication and authorization systems of organizations that use or process PHI/PII to their resources in the AWS Cloud. For example, healthcare providers operating hybrid cloud environments can now use AWS Directory Services to allow their users to easily transition between cloud and on-premises resources.
Amazon Simple Notification Service (Amazon SNS) can now be used to send notifications containing encrypted PHI/PII as part of patient care, payment processing, and mobile applications.
Amazon Cognito can now be used to authenticate users into mobile patient portal and payment processing applications that use PHI/PII identifiers for accounts.
Additional HIPAA Resources
Here are some additional resources that will help you to build applications that comply with HIPAA and HITECH:
- HIPAA Eligible Services Reference – The full list of HIPAA eligible AWS services.
- HIPAA Compliance – Details our work around HIPAA and HITECH.
- Health Customer Stories – A long list of videos and case studies from our healthcare and life sciences customers.
- Healthcare Compliance in the Cloud – A big-picture view of compliance, including HIPAA and FedRAMP, as it relates to healthcare.
- Healthcare Partner Solutions – Services and products from members of the AWS Partner Network.
- Architecting for HIPAA in the Cloud – Architectural strategies and resources.
- AWS HIPAA Compliance Whitepaper – A comprehensive guide to architecting for HIPAA.
Keep in Touch
In order to make use of any AWS service in any manner that involves PHI, you must first enter into an AWS Business Associate Addendum (BAA). You can contact us to start the process.
— Jeff;