Most important AWS Services for HIPAA Compliance

Rapid growth forces many businesses to start migrating their software solutions from on-premise to the cloud. Some companies even go forward by adopting the cloud-first strategy and build software right in the cloud. A solid cloud strategy helps achieve scalability, availability, cost efficiency and increase performance. Here, the healthcare industry is not an exception and a growing number of healthcare businesses (providers, health agencies, payers, and software vendors) are using cloud-based services to store and manage healthcare information.

Among the variety of hybrid and multi-cloud environments, Amazon Web Services (AWS) is one of the most popular and trusted cloud platforms on the market. AWS HIPAA compliant services enable healthcare business associates subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use the secure infrastructure in order to manage growing amounts of data by using solutions for high-performance computing, archiving, and transmission of Protected Health Information (PHI).

For healthcare businesses which deal with PHI and migrate or build software solutions in the cloud, understanding how to meet and maintain HIPAA compliance on the cloud infrastructure has been challenging. From the software development side, applications that contain PHIs should thoroughly cover HIPAA compliance and be checked through the HIPAA Compliance Requirements Checklist which describes rules and regulations for physical, technical, and administrative safeguards. Summarizing the checklist items, the solution that contains PHI must:

  • allow access only for authorized entities
  • implement audit controls of all activities
  • implement the data backup and disaster recovery
  • encrypt data that should not be accessible in case of cyberattacks
  • integrate with secure data storage

Let’s together figure out which AWS services are HIPAA compliant and the most important for building AWS HIPAA compliance architecture.

1. Transmission security, access and integrity controls.

Amazon VPC

Amazon Virtual Private Cloud is a service that allows launching a private or public subnet since it also allows you to create a VPN. VPN gives you a complete control over your virtual networking environment, which is an important feature for healthcare applications. This service is one of the AWS Security Best Practices.


AWS Virtual Private Network allows you to configure protected connections between your on-premises networks and the AWS global network. AWS VPN creates site-to-site encrypted tunnels between your on-premises network and your Amazon Virtual Private Clouds to protect your traffic that is critically important for healthcare softwares.


AWS Identity and Access Management is a service which allows you to create and control rules for user authentication or limit access for a certain set of entities who use your AWS resources.


AWS Key Management Service allows creating keys to encrypt the hosted data of AWS. At the same time, this feature uses validated hardware security modules to protect your PHI records. KMS is the best way of data encryption and maintenance of patients’ information security.

Amazon Cognito

Amazon Cognito is an AWS service that allows you to add user sign-up, sign-in, and control access to your private information. This service enables your web and mobile solutions to quickly and easily scale to millions of users and supports sign-in with social and enterprise identity providers.

2. Log-in monitoring, audit controls, and activities review.

AWS CloudTrail

AWS CloudTrail is a service that enables operational auditing and risk auditing of your AWS account. This service helps you to log, continuously monitor, and retain activities related to your AWS infrastructure which simplifies analysis, resource change tracking, and troubleshooting.

Amazon CloudWatch

Amazon CloudWatch is a monitoring and observability service allowing you to continuously monitor applications and resources in AWS by collecting operational data, logs, metrics, and events. Since performance and stability are among the key goals for healthcare systems, this service is important as it helps you to detect anomalous behavior in your infrastructure, set-up alarms, visualize logs, metrics and respond to system-wide performance changes.

That allows you to collect monitoring and operational data in the form of logs, metrics, and events. By continuously monitoring your applications and with the help of AWS resources you can detect anomalous behavior in your environments, set alarms, visualize logs and metrics, and respond to system-wide performance changes.

Amazon GuardDuty

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. With the cloud, the collection and aggregation of account and network activities is simplified, but it can be time consuming for security teams to continuously analyze event log data for potential threats. With GuardDuty, you now have an intelligent and cost-effective option for continuous threat detection in AWS. GuardDuty analyzes tens of billions of events across multiple AWS data sources, such as AWS CloudTrail event logs and Amazon VPC Flow Logs.

3. Disaster recovery, Data backup and storage.

Amazon S3

Amazon Simple Storage Service offers data availability, security and high performance for all healthcare suppliers. This means that Amazon S3 can be used to store and protect any amount of data while providing easy-to-use management features. Amazon S3 is the best option for storing information on the cloud at reasonable monthly prices.

Amazon EC2

Amazon Elastic Compute Cloud is a service that provides secure, resizable compute capacity in the cloud. Amazon EC2 offers the broadest and deepest compute platform with the choice of processors, storage, networking, operating systems, and purchase models.

Amazon EBS

Amazon Elastic Block Store is an easy to use, high-performance block-storage service designed for use with EC2 for both throughput and transaction intensive workloads at any scale. This service is used in healthcare solutions to store relational and non-relational databases, big data analytics engines, file systems.

Amazon Glacier

Glacier is designed for long-term storage of data that is infrequently accessed and for which retrieval latency times of 3 to 5 hours are acceptable. In healthcare solutions this service is used to backup your data in cloud-based storage.

Amazon RDS

Amazon Relational Database is a HIPAA compliant sql database service by AWS that provides a cost-efficient and resizable capacity at the time of automating healthcare administration tasks that are time-consuming. One of the best benefits of RDS is that it is available on several database instance types.


To sum up, being HIPAA compliant is important for your healthcare solutions, and as we can see, Amazon provides a wide range of HIPAA compliant AWS services which helps its customers to process, maintain, and store PHIs without vulnerabilities and errors. This way you can be sure that your path to become HIPAA Compliant is easier with Amazon Web Services.

Interested in creating HIPAA-compliant medical data applications with AWS? We’ll be happy to help!

Yuriy Bondarenko
Yuriy Bondarenko Delivery Manager, Romexsoft
Share The Post