AWS News Blog

White Paper: Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services

Voiced by Polly

I am really excited to release our white paper on how to create HIPAA-compliant information processing systems in the Cloud. The paper focuses on the HIPAA sections: The Privacy Rule and The Security Rule, and how to encrypt and protect your data in the AWS cloud.

White paper is now available on AWS website for download.

U.S. companies that are handling healthcare information, specifically personally identifiable information, are subject to the security and privacy regulations of Health Insurance Portability and Accountability Act (HIPAA). The White paper talks about applications that deal with Protected Health Information (PHI) and use Amazon S3 should encrypt their “in-flight” and “at-rest” data using traditional encryption mechanisms they have used in the past. For eg. TC3 Health used PGP Encryption for their implementation. The paper also makes several recommendations like creating a data backup plan, leveraging multiple EC2 Availability Zones for high availability and disaster recovery, creating point-in-time snapshots of EBS volumes etc. in order to comply with HIPAA’s Security standards.

Various developer tools/libraries (for Encryption)

Solutions (with built-in Encryption Support):

Read about customers who have built HIPAA-compliant apps on AWS:


Modified 3/16/2021 – In an effort to ensure a great experience, expired links in this post have been updated or removed from the original post.
Jeff Barr

Jeff Barr

Jeff Barr is Chief Evangelist for AWS. He started this blog in 2004 and has been writing posts just about non-stop ever since.