5 Things You Need to Know About HIPAA Compliance on AWS
Do I need HIPAA Compliance?
If your business is engaged with patient data, you likely need to be concerned about HIPAA compliance. As an overview, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) applies to health care providers engaged in certain electronic transactions, health plans, and businesses that provide services that involve access to Protected Health Information (PHI). PHI data is defined as personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.
With the power of AWS and Cloudnexa by your side, we can bring you into compliance to securely process, store, and transmit PHI data. Cloudnexa has taken the extra steps with AWS and is an audited Healthcare Premier Consulting Partner, one of just a few to have achieved the unique AWS Healthcare Competency. You can learn more about this program on the AWS website site at Amazon Health Care Competency. Here you will find different Partners that have earned this competency, all with different capabilities to fit the needs of just about any customer requirement
Business Associate Agreement (BAA)
All HIPAA applications deployed in the cloud require the customer to sign a Business Associate Agreement (BAA). Customers who execute a BAA with Cloudnexa may use any AWS service in an account designated as a HIPAA Account, but they may only process, store and transmit PHI using the HIPAA-eligible services defined in the AWS BAA as boundary services.
Cloudnexa can sign a BAA with a customer to deploy on AWS, but is also a HIPAA certified company and audited Amazon partner carrying the AWS HealthCare Competency.
HIPAA was expanded in 2009 by the Health Information Technology for Economic and Clinical Health (HITECH) Act which establish a set of federal standards intended to protect the security and privacy of PHI. HIPAA and HITECH impose requirements related to the use and disclosure of PHI and appropriate safeguards to protect PHI data through the usage of centralized event management as well as anti-virus, malware intrusion detection systems.
Leverage Cloudnexa's compliance as a service offering today to simplify your integration with our partners Logz.io and Trend Micro's Deep Security as a Service to achieve the necessary PHI security safeguards.
AWS Reduces Instance Cost Complexity
HIPAA Compliance on AWS no longer requires Dedicated EC2 instances to run in your AWS account. This change can significantly reduce your cost of HIPAA deployments within AWS and Cloudnexa. On average, our customers save around 10% on EC2 instances plus the cost of the AWS dedicated instance region fee which is currently $2 an hour as of writing this.
Picking a Service Partner
AWS Operates as a shared responsibility mode, they provide pre-certified services that can be used for HIPAA related compliance workloads. While the AWS Service offerings are great, they will not assume risk as to how your application stacks are configured within an AWS Account and if it falls within compliance. With Cloudnexa being a HIPAA compliant company as well as maintaining our Amazon Health Care Competency, we can help and guide you through all the necessary steps to achieve the security and peace of mind needed for your PHI data.
See our previous post on how Cloudnexa can simplify your HIPAA Compliance deployments into AWS.
For more information check out the AWS HIPAA Compliance White Paper.