AWS Security Blog

Updated HIPAA Whitepaper Now Available

To provide guidance about how to leverage Amazon Web Services (AWS) to develop applications that meet HIPAA and HITECH compliance requirements, we recently updated the Architecting for HIPAA Security and Compliance on Amazon Web Services whitepaper.

The advancements and growth of healthcare technology have been an accelerating force behind the continued adoption of cloud computing, creating exciting new horizons for research and patient care. However, these innovative and creative healthcare programs can be difficult to drive to technical completion within the framework of federal standards.

This whitepaper provides information about how to use AWS’s HIPAA-eligible services to architect HIPAA solutions, and encrypt and protect data in the AWS cloud. It also gives guidance around the use of AWS Key Management Service for encryption of personal health information (PHI) and outlines auditing, backup, and disaster recovery considerations.

Additional Resources:


Chad Woolf

Chad joined Amazon in 2010 and built the AWS compliance functions from the ground up, including audit and certifications, privacy, contract compliance, control automation engineering and security process monitoring. Chad’s work also includes enabling public sector and regulated industry adoption of the AWS cloud, compliance with complex privacy regulations such as GDPR and operating a trade and product compliance team in conjunction with global region expansion. Prior to joining AWS, Chad spent 12 years with Ernst & Young as a Senior Manager working directly with Fortune 100 companies consulting on IT process, security, risk, and vendor management advisory work, as well as designing and deploying global security and assurance software solutions. Chad holds a Masters of Information Systems Management and a Bachelors of Accounting from Brigham Young University, Utah. Follow Chad on Twitter.