Amazon AWS Will Sign HIPAA Business Associate Agreement


Thanks to Ian Eslick for catching this piece of news. This is really big news, because there were a lot of companies and organizations that were building healthcare applications on the back of Amazon AWS. I’m glad that Amazon has finally put together a policy related to HIPAA.

Here’s their new section describing their compliance with HIPAA:

AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA)  to leverage the secure AWS environment to process, maintain, and store protected health information and AWS will be signing business associate agreements with such customers. AWS also offers a HIPAA-focused whitepaper for customers interested in learning more about how they can leverage AWS for the processing and storage of health information. The Creating HIPAA-Compliant Medical Data Applications with AWS whitepaper outlines how companies can use AWS to process systems that facilitate HIPAA and HITECH compliance. For more information on the AWS HIPAA compliance program please contact AWS Sales and Business Development.

Obviously the devil is in the details on this. I’ll reach out to one of my HIPAA lawyer friends to see what they think of this. If you’re a healthcare organization or vendor that’s on Amazon AWS, I’d love to hear your thoughts as well. The fact that Amazon is now willing to sign a BAA is really big news and a great step forward for anyone wanting to develop an application covered by HIPAA on Amazon’s AWS.