AWS Partner Network (APN) Blog

HIPAA Compliancy on AWS: Amazon DynamoDB, Amazon RDS, and Amazon EMR Now Covered Under the AWS Business Associate Agreement

by Kate Miller | on | in Healthcare |

Many of our APN Partners work closely with customers in the healthcare industry, and develop services and solutions that address business needs in the healthcare space. One of the biggest considerations for healthcare customers and healthcare-focused APN Partners is building applications that are compliant with the US Health Insurance Portability and Accountability Act (“HIPAA”).

You can use AWS to build applications that are compliant with HIPAA, using services that are covered under the AWS Business Associate Agreement (BAA). This includes popular services like Amazon EC2, Amazon S3, Amazon Glacier, and Amazon Redshift. We’re happy to announce that the AWS BAA now covers three new services: Amazon RDS (MySQL and Oracle engines only), Amazon DynamoDB (NoSQL database), and Amazon EMR (big data processing). A full list of our HIPAA-eligible services can be found here.

APN Partners play an increasingly important role throughout the healthcare ecosystem. For example, Orion Health worked with Logicworks, a Premier APN Consulting Partner, to build the Cal INDEX Health Information Exchange on top of AWS. You can learn more about Orion Health’s story here. With the addition of the new HIPAA-eligible services, AWS partners can build HIPAA-compliant applications that cover the entire healthcare analytics pipeline, from data ingestion; to analysis using popular big data processing tools; through output to object storage, to a relational or non-relational database, to a data warehouse, or to a long-term archive. The most recent information on configuring these services for HIPAA applications can be found in our whitepaper. To learn about a few more of the innovative HIPAA-compliant projects that AWS customers and partners have built on AWS, visit our ‘HIPAA and AWS’ page here.

If you already have an executed BAA with AWS, no action is necessary to begin using these services. If you have any questions about building HIPAA-compliant applications on AWS, please contact us and we will put you in touch with a representative from our team.