Architecting for HIPAA Security and Compliance on Amazon Web Services

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) applies to covered entities and business associates. HIPAA was expanded in 2009 by the Health Information Technology for Economic and ClinicalHealth (HITECH) Act. HIPAA and HITECH establish a set of federal standards intended to protect the security and privacy of PHI. This paper briefly outlines how companies can use Amazon Web Services (AWS) to create HIPAA (Health Insurance Portability and Accountability Act)-compliant applications. We will focus on the HIPAA Privacy and Security Rules for protecting Protected Health Information (PHI), how to use AWS to encrypt data in transit and at rest, and how AWS features can be used to meet HIPAA requirements for auditing, back-ups, and disaster recovery.