Amazon Baa Agreement
Since Amazon announced that it would change its policies to sign BAAs for HIPAA compliant data storage, we are looking forward and excited. But that sentiment quickly became disappointing when we read their proposal for an agreement. The BAA is the first specialized industry agreement to make AWS available online. We have chosen to launch the BAA as an obligation for AWS client organizations that are reinventing the way healthcare is studied and made available with the cloud. Many AWS customers have great stories to tell as we work together to use technology to advance the healthcare industry. I need to activate or manage an association business addendum agreement (BAA) for AWS organizations with an AWS account for an organization. Step by step: Learn how to use AWS Artifact to accept agreements for multiple accounts in your organization. (2:07) Amazon is very interested in the use of AWS by health organizations and, as such, an agreement is signed through business partners. As part of this agreement, Amazon supports the security, control and management processes required by HIPAA. It is important to remember that HIPAAA is not a single point that stops after signing a matching contract. It is your team`s responsibility to maintain HIPAA security measures throughout your organization and infrastructure at all times. AWS BAA agreements are required for certain organizations subject to the Health Insurance Portability and Accountability Act (HIPAA) to protect protect protected health information (Phi).
You can use AWS Artifact to manage agreements for your AWS account or for all accounts in your organization if you use AWS organizations. For more information, please see Manage Your Agreements in AWS Artifact. Amazon Associate Addendum (AKA. Business Associates Agreement BAA) defines HIPAA protection mechanisms managed by AWS and breaks down the distribution of compliance responsibilities between the cloud platform and customers. It is the responsibility of the client organization to ensure that it is complying with the agreement and managing its security responsibility in order to comply with HIPAA. Follow these instructions to download and accept the AWS BAA agreement with a single AWS account or for all an organization`s accounts in AWS organizations. One of the mistakes that have been made many times is to set access controls to allow access for «authenticated users.» Maybe that`s what you authenticated to get access to your data. However, this is not the definition of a user authenticated by Amazon. An authenticated user is anyone with an AWS account and anyone can receive an AWS account for free.
Is AWS HIPAA compatible? Yes, it is possible, and AWS offers huge benefits to health organizations.