AWS Services in Scope by Compliance Program

— Health Insurance Portability and Accountability Act (HIPAA)

We include generally available services in the scope of our compliance efforts based on the expected use case, feedback and demand. If a service is not currently listed as in scope of the most recent assessment, it does not mean that you cannot use the service. It is part of the shared responsibility for your organization to determine the nature of the data. Based on the nature of what you are building on AWS, you should determine if the service will process or store customer data and how it will or will not impact the compliance of your customer data environment.

We encourage you to discuss your workload objectives and goals with your AWS account team; they will be able to evaluate your proposed use case and architecture, and how our security and compliance processes overlay that architecture. Need to connect with an AWS business representative?

This webpage provides a list of AWS Services in Scope of AWS assurance programs. Unless specifically excluded, generally available features of each of the services are considered in scope of the assurance programs, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service.

✓ = This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance program tab below.

Click here for full list of services covered under the AWS compliance programs.

HIPAA BAA

SERVICES / PROGRAMS		HIPAA
Alexa for Business (for healthcare skills only – requires Alexa Skills BAA. See HIPAA whitepaper for details)		✓
Amazon Athena		✓
Amazon API Gateway		✓
Amazon AppFlow		✓
Amazon AppStream 2.0		✓
Amazon Augmented AI [excludes Public Workforce and Vendor Workforce for all features]		✓
Amazon Aurora		✓
Amazon Chime		✓
Amazon Cloud Directory		✓
Amazon CloudFront [including AWS Lamba@Edge]		✓
Amazon CloudWatch		✓
Amazon CloudWatch Events [including Amazon EventBridge]		✓
Amazon CloudWatch Logs		✓
Amazon CloudWatch SDK Metrics for Enterprise Support		✓
Amazon Cognito		✓
Amazon Comprehend		✓
Amazon Comprehend Medical		✓
Amazon Connect [excludes Wisdom, and High-Volume Outbound Communications]		✓
Amazon Detective		✓
Amazon DevOps Guru		✓
Amazon DocumentDB (with MongoDB compatibility)		✓
Amazon DynamoDB		✓
Amazon EC2 Auto Scaling		✓
Amazon Elastic Container Registry (ECR)		✓
Amazon Elastic Container Service (ECS) [both Fargate and EC2 launch types]		✓
Amazon Elastic Kubernetes Service (EKS)		✓
Amazon ElastiCache		✓
Amazon Elastic Block Store (EBS)		✓
Amazon Elastic Compute Cloud (EC2)		✓
Amazon Elastic File System (EFS)		✓
Amazon Elastic MapReduce (EMR)		✓
Amazon Forecast		✓
Amazon FreeRTOS		✓
Amazon FSx		✓
Amazon GuardDuty		✓
Amazon HealthLake		✓
Amazon Inspector		✓
Amazon Kendra		✓
Amazon Keyspaces (For Apache Cassandra)		✓
Amazon Kinesis Data Analytics		✓
Amazon Kinesis Data Streams		✓
Amazon Kinesis Data Firehose		✓
Amazon Kinesis Video Streams		✓
Amazon Lex		✓
Amazon Location Service		✓
Amazon Macie		✓
Amazon Managed Streaming for Apache Kafka		✓
Amazon MemoryDB for Redis		✓
Amazon MQ		✓
Amazon Neptune		✓
Amazon OpenSearch Service		✓
Amazon Personalize		✓
Amazon Pinpoint [excluding Voice Message capabilities]		✓
Amazon Polly		✓
Amazon Quantum Ledger Database (QLDB)		✓
Amazon QuickSight		✓
Amazon Redshift		✓
Amazon Rekognition		✓
Amazon RDS (MariaDB)		✓
Amazon RDS (MySQL, Oracle)		✓
Amazon RDS (Postgres)		✓
Amazon RDS (SQL Server)		✓
Amazon Route 53		✓
Amazon S3 Glacier		✓
Amazon SageMaker [excludes Studio Lab, Ground Truth Plus, Public Workforce and Vendor Workforce for all features]		✓
Amazon Simple Email Service (SES)		✓
Amazon Simple Notification Service (SNS)		✓
Amazon Simple Queue Service (SQS)		✓
Amazon Simple Storage Service (S3)		✓
Amazon Simple Workflow Service (SWF)		✓
Amazon Textract		✓
Amazon Timestream		✓
Amazon Transcribe		✓
Amazon Translate		✓
Amazon Virtual Private Cloud (VPC)		✓
Amazon WorkDocs		✓
Amazon WorkLink		✓
Amazon WorkSpaces		✓
AWS Amplify [includes AWS Amplify Console]		✓
AWS Application Migration Service		✓
AWS AppSync		✓
AWS App Mesh		✓
AWS Backup		✓
AWS Batch		✓
AWS Certificate Manager (ACM)		✓
AWS Cloud 9		✓
AWS Cloud Map		✓
AWS CloudEndure [including CloudEndure Disaster Recovery and CloudEndure Migration]		✓
AWS CloudFormation		✓
AWS CloudHSM		✓
AWS CloudTrail		✓
AWS CodeBuild		✓
AWS CodeCommit		✓
AWS CodeDeploy		✓
AWS CodePipeline		✓
AWS Config		✓
AWS Control Tower		✓
AWS Data Exchange		✓
AWS Database Migration Service (DMS)		✓
AWS DataSync		✓
AWS Direct Connect		✓
AWS Directory Service [excluding Simple AD]		✓
AWS Elastic Beanstalk		✓
AWS Elastic Disaster Recovery		✓
AWS Elemental MediaConnect		✓
AWS Elemental MediaConvert		✓
AWS Elemental MediaLive		✓
AWS Firewall Manager		✓
AWS Global Accelerator		✓
AWS Glue (including AWS Lake Formation)		✓
AWS Glue DataBrew		✓
AWS IoT Core		✓
AWS IoT Device Management		✓
AWS IoT Events		✓
AWS IoT Greengrass		✓
AWS Key Management Service (KMS)		✓
AWS Lambda		✓
AWS Managed Services [excluding Operations on Demand Services, except for the RFC Expedite feature]		✓
AWS Network Firewall		✓
AWS OpsWorks for Chef Automate		✓
AWS OpsWorks for Puppet Enterprise		✓
AWS OpsWorks Stacks		✓
AWS Organizations		✓
AWS Outposts		✓
AWS Private Certificate Authority		✓
AWS RoboMaker		✓
AWS Secrets Manager		✓
AWS Security Hub		✓
AWS Serverless Application Repository		✓
AWS Server Migration Service (SMS)		✓
AWS Service Catalog		✓
AWS Shield		✓
AWS Single Sign-On		✓
AWS Snowball		✓
AWS Snowball Edge		✓
AWS Snowmobile		✓
AWS Step Functions		✓
AWS Storage Gateway		✓
AWS Systems Manager		✓
AWS Transfer for SFTP		✓
AWS X-Ray		✓
AWS Web Application Firewall (WAF)		✓
Elastic Load Balancing		✓
VM Import/Export		✓

AWS Services in Scope by Compliance Program

— Health Insurance Portability and Accountability Act (HIPAA)

Want More Information About Services in Scope?

Ending Support for Internet Explorer