Is Amazon Web Services or AWS HIPAA Complaint? This is a question that many healthcare providers have a hard time finding a real answer to. However, we at LuxSci have put in the effort to answer the question once and for all. Hopefully, you’ll find it helpful.
To begin with, AWS definitely includes features that can be used to help you meet all of the requirements of the HIPAA Security Rule. Amazon will even sign a BAA (Business Associate Agreement) with healthcare customers.
All of this can create the impression that using AWS is automatically HIPAA compliant. However, this isn’t the whole story.
You see, it is still very easy to commit information architecture or configuration mistakes that leave data, or in this case, Protected Health Information (ePHI) exposed to unauthorized access, which is a clear HIPAA violation. It is also easy to omit security controls, such as access auditing, logging, backups, and encryption, that are essential for compliance.
Read the rest of this post »