AWS HealthLake FAQs

General

AWS Healthlake is a HIPAA-eligible service enabling healthcare and life sciences companies to securely store and transform their data into a queryable format, and further analyze this data in the cloud, at petabyte scale. Using the HealthLake APIs, healthcare organizations can easily copy health data, such as imaging medical reports or patient notes, from on-premises systems to a secure data lake in the cloud. AWS HealthLake uses machine learning (ML) models that enable customers to understand and extract meaningful medical information from the raw data, such as medications, procedures, and diagnoses. HealthLake organizes and indexes information and stores it in the Fast Healthcare Interoperability Resources (FHIR) industry standard format to provide a complete view of each patient's medical history.

To start using the AWS HealthLake, sign in to the AWS Management Console and navigate to “AWS HealthLake” in the AI/ML category.

AWS HealthLake is available in the US East (N. Virginia), US West (Oregon), US East (Ohio), and Asia Pacific (Mumbai) regions in the AWS Console.

Please see our developer documentation.

AWS HealthLake integrates with AWS analytics services. For example, see how Amazon QuickSight can deploy interactive dashboards to analyze your population data in this blog. HealthLake also integrates with ML services like Amazon SageMaker for developers and data scientists to build, train, and deploy their own predictive analytics using machine learning models. For example, see how you can build disease predictive models using Amazon SageMaker with AWS HealthLake normalized data. Clinicians can also use web or mobile application dashboards to view the results of custom or pre-built models. Using Amazon Neptune and Amazon Kendra, you can also build an ML-enabled cognitive search application where clinical evidence is tagged, indexed, and structured to provide evidence-based information on topics like transmission, risk factors, therapeutics, and incubation.

Pricing

AWS HealthLake’s standard resource validation, SMART on FHIR authorization, and Bulk data FHIR API export capabilities are included as part of the HealthLake Advanced tier.

Fast Healthcare Interoperability Resources

Fast Healthcare Interoperability Resources (FHIR) is a standard for exchanging healthcare information electronically. The standard was created by the Health Level Seven International healthcare standards organization. To learn more, see the FHIR overview on the HL7 FHIR website.

Currently, AWS HealthLake ingests data in FHIR R4 format. If your source systems are not configured to transmit data in the FHIR format, use an AWS partner to convert legacy healthcare data formats into FHIR.

To see a list of FHIR resources that are supported, see our developer documentation.

Security and compliance

AWS HealthLake is a HIPAA Eligible Service. You can find a list of AWS HIPAA Eligible Services here. For more information about AWS, the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA), and using AWS services to process, store, and transmit protected health information (PHI), see our HIPAA Compliance Overview.

AWS HealthLake is a HIPAA-eligible service that meets meets rigorous security and access control standards to ensure patients’ sensitive health data is protected and meets regulatory compliance. Customer data is encrypted at all times, in transit and at rest. Data is encrypted using Customer-Managed Keys (CMK). Also, per FHIR specification, if a customer deletes a piece of data, it will be only be hidden from analysis and results; it is not deleted from the service, and is only versioned. Please visit our GDPR Center for more information on GDPR compliance using AWS Services, including AWS HealthLake.

AWS HealthLake is a HIPAA eligible service. If you are storing Protected Health Information on AWS, you are required to have a BAA. You can quickly enter into a BAA online using the AWS Artifacts click through found here.

The reason resources are shared between customer accounts and the service accounts is because AWS Healthlake is a fully managed service. The service account does not have access to the data in your account and is only orchestrating the resources behind AWS Healthlake including Glue, Lambda, and Lake Formation among others. AWS Healthlake uses Lake formation in conjunction with Glue and Resource Access Manager (RAM) to provide a managed experience where the customer’s Glue catalog is shared with the customer’s account. However, the Glue catalog is a logical view, and not where the data resides.

This enables AWS HealthLake to transform your HealthLake datastore FHIR data into a format that can be queried using Athena. AWS HealthLake creates tables as FHIR resource types in AWS HealthLake owned service accounts and shares them with customer accounts using LakeFormation named resource share method. The “another account” is essentially the AWS HealthLake service account where customer data is encrypted at rest within AWS HealthLake service boundary to ensure security and HIPAA-eligible requirements are met.