AWS Security Blog
Tag: AWS Business Associate Agreement
Four HIPAA Eligible Services Recently Added to the AWS Business Associate Agreement
We are pleased to announce that the following four AWS services have been added in recent weeks to the AWS Business Associate Agreement (BAA): Amazon API Gateway (excluding the use of Amazon API Gateway caching) Amazon SQS AWS Database Migration Service AWS Direct Connect As with all HIPAA Eligible Services covered under the BAA, Protected Health […]
How to Use AWS Config to Help with Required HIPAA Audit Controls: Part 4 of the Automating HIPAA Compliance Series
In my previous posts in this series, I explained how to get started with the DevSecOps environment for HIPAA that is depicted in the following architecture diagram. In my second post in this series, I gave you guidance about how to set up AWS Service Catalog (#4 in the following diagram) to allow developers a […]
How to Translate HIPAA Controls to AWS CloudFormation Templates: Part 3 of the Automating HIPAA Compliance Series
In my previous post, I walked through the setup of a DevSecOps environment that gives healthcare developers the ability to launch their own healthcare web server. At the heart of the architecture is AWS CloudFormation, a JSON representation of your architecture that allows security administrators to provision AWS resources according to the compliance standards they […]
How to Use AWS Service Catalog for Code Deployments: Part 2 of the Automating HIPAA Compliance Series
In my previous blog post, I discussed the idea of using the cloud to protect the cloud and improving healthcare IT by applying DevSecOps methods. In Part 2 today, I will show an architecture composed of AWS services that gives healthcare security administrators necessary controls, allows healthcare developers to interact with the system using familiar […]
How to Automate HIPAA Compliance (Part 1): Use the Cloud to Protect the Cloud
The United States healthcare ecosystem is highly complex. It is composed of review boards, regulating bodies, government agencies, pharmaceutical companies, insurance payers, and a mix of public and private provider entities, all of which intersect and overlap. Underlying this system lays highly sensitive patient data, which is governed by the U.S. Health Insurance Portability and […]