Amazon AWS Will Sign HIPAA Business Associate Agreement

Posted on June 19, 2013 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Thanks to Ian Eslick for catching this piece of news. This is really big news, because there were a lot of companies and organizations that were building healthcare applications on the back of Amazon AWS. I’m glad that Amazon has finally put together a policy related to HIPAA.

Here’s their new section describing their compliance with HIPAA:

AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA)  to leverage the secure AWS environment to process, maintain, and store protected health information and AWS will be signing business associate agreements with such customers. AWS also offers a HIPAA-focused whitepaper for customers interested in learning more about how they can leverage AWS for the processing and storage of health information. The Creating HIPAA-Compliant Medical Data Applications with AWS whitepaper outlines how companies can use AWS to process systems that facilitate HIPAA and HITECH compliance. For more information on the AWS HIPAA compliance program please contact AWS Sales and Business Development.

Obviously the devil is in the details on this. I’ll reach out to one of my HIPAA lawyer friends to see what they think of this. If you’re a healthcare organization or vendor that’s on Amazon AWS, I’d love to hear your thoughts as well. The fact that Amazon is now willing to sign a BAA is really big news and a great step forward for anyone wanting to develop an application covered by HIPAA on Amazon’s AWS.