AWS Security Blog
Four HIPAA Eligible Services Recently Added to the AWS Business Associate Agreement
We are pleased to announce that the following four AWS services have been added in recent weeks to the AWS Business Associate Agreement (BAA):
- Amazon API Gateway (excluding the use of Amazon API Gateway caching)
- Amazon SQS
- AWS Database Migration Service
- AWS Direct Connect
As with all HIPAA Eligible Services covered under the BAA, Protected Health Information (PHI) must be encrypted while at rest or in transit. See Architecting for HIPAA Security and Compliance on Amazon Web Services, which explains how you can configure each AWS HIPAA Eligible Service to store, process, and transmit PHI.
For more details, see the full AWS Blog post.