HIPAA Compliance Using Amazon Web Services (AWS)

By HIPAA Vault

When you are choosing a HIPAA hosting company, you have more choices than ever. There are many hosting providers that are HIPAA Compliant and provide this level of security for hosted information in the cloud. One of those organizations is Amazon. They provide a cloud-based solution called “Amazon Web Services” or AWS.

Large corporate cloud provider organizations, such as Amazon, involve extra steps and processes to build cloud services. This can become very complicated with having to choose from so many options based on configurations that some people may not understand or want to take the time to make a decision on. When dealing with HIPAA Compliance, businesses want to be thorough in the decision-making process, yet be comfortable with the mechanisms used for the protection of their health information without having to spend excessive time figuring out what all the “bells-and-whistles” do. While AWS has many options to choose from, it will take some time to figure out what they are and how they will meet individual business needs to satisfy proper HIPAA guidance and regulations.

Pricing can be a “make-or-break” decision for businesses these days. If somethings costs too much, companies want to know what they are paying for and why; when something costs too little, it seems “too good to be true” and things are questioned. When dealing with HIPAA Compliance, cost still remains a factor in the process of finding a cloud service provider. Knowing the cost will be higher is an expectation, but higher cost don’t necessarily mean better quality or service. While AWS has price models geared towards small-scale customers, they are mostly geared towards large businesses or enterprise-level organizations seeking to secure their data in large volumes.

Compare Amazon AWS Pricing with HIPAA Vault

Regulated organizations may be required to operate in a secure, dedicated cloud, as such within a traditional local data center. For some companies, policy requirements can force geographic limitations to certify the physical location of their HIPAA data. One such disadvantage of outsourcing to AWS includes loss of control where this data resides: Customers are unable to choose which data center is hosting the information. When dealing with controlled environments, based on corporate security constraints, organizations should be able to identify where their data is being stored at all times.

Quicker response times and more efficient actions are what customers expect when dealing with the privacy and protection of their data. AWS has the support of a large enterprise organization with a great deal of support staff, but this comes at a cost: time and money. While 24x7x365 Support can sound like a grand idea, don’t get fooled that customer service will always be available to deal with issues. There will be a hierarchy for resolution based on multiple factors; purchased level of support, wait time in the queue, difficulty of the current issue, etc.

Cloud service provider access privileges should be considered when choosing the proper organization to host HIPAA Compliant information. For example, AWS has the proper security controls in-place to regulate and monitor medical information but do they provide an in-depth level of access to gain control of the cloud environment in case of emergency. While other cloud hosting providers can gain system-level access into the files/folders that are within, AWS relies on the organization’s IT Staff to deal with these types of issues.

In the end, when comparing cloud hosting providers for HIPAA Compliance there are many choices to be made: simple options, lower costs, shorter call times, extensive access, etc.


Our certifications