Amazon AWS Will Sign HIPAA Business Associate Agreement

Thanks to Ian Eslick for catching this piece of news. This is really big news, because there were a lot of companies and organizations that were building healthcare applications on the back of Amazon AWS. I’m glad that Amazon has finally put together a policy related to HIPAA.

Here’s their new section describing their compliance with HIPAA:

AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA)  to leverage the secure AWS environment to process, maintain, and store protected health information and AWS will be signing business associate agreements with such customers. AWS also offers a HIPAA-focused whitepaper for customers interested in learning more about how they can leverage AWS for the processing and storage of health information. The Creating HIPAA-Compliant Medical Data Applications with AWS whitepaper outlines how companies can use AWS to process systems that facilitate HIPAA and HITECH compliance. For more information on the AWS HIPAA compliance program please contact AWS Sales and Business Development.

Obviously the devil is in the details on this. I’ll reach out to one of my HIPAA lawyer friends to see what they think of this. If you’re a healthcare organization or vendor that’s on Amazon AWS, I’d love to hear your thoughts as well. The fact that Amazon is now willing to sign a BAA is really big news and a great step forward for anyone wanting to develop an application covered by HIPAA on Amazon’s AWS.

About the author

John Lynn

John Lynn

John Lynn is the Founder of, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference,, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.