AWS HIPAA Business Associate Agreement

This agreement outlines AWS's commitment to HIPAA compliance when processing protected health information (PHI) on behalf of Covered Entities and Business Associates.

Key Provisions

Permitted Usage

AWS processes PHI solely as directed by the Covered Entity, ensuring compliance with HIPAA privacy and security rules.

Data Protection

AWS employs encryption and access controls to meet HIPAA standards for both at-rest and in-transit data.

Audit Readiness

Supports HHS compliance and HHS attestation requirements.

BAA Compliance

Compliant with all HHS bAA requirements for cloud services.

Technical Safeguards

Includes encryption and access controls.

Legal Compliance

Adheres to HHS Privacy and Security Rules.

Implementation Details

Compliance Framework

Technical requirements including encryption, logging, and access controls are fully implemented and regularly audited.

  • • Regular Security Compliance Audits
  • • 24/7 Monitoring
  • • Data Integrity Measures

Data Handling

PHI data is processed in accordance with HHS and HHS compliance, with strict access controls and audit trails.

  • • Access Control
  • • Audit Logging
  • • Data Classification

Need HIPAA Compliance Assistance Support?

Our legal team can help ensure your AWS implementation meets all HIPAA requirements.