Architecting for HIPAA Security and Compliance on Amazon Web Services AWS Whitepaper Architecting for HIPAA Security and Compliance on Amazon Web Services AWS Whitepaper Architecting for HIPAA Security and Compliance on Amazon Web Services: AWS Whitepaper Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Architecting for HIPAA Security and Compliance on Amazon Web Services AWS Whitepaper Table of Contents Abstract ............................................................................................................................................ 1 Introduction ...................................................................................................................................... 2 Encryption and protection of PHI in AWS .............................................................................................. 3 Alexa for Business ...................................................................................................................... 6 Amazon API Gateway ................................................................................................................. 6 Amazon AppFlow ....................................................................................................................... 7 Amazon AppStream 2.0 .............................................................................................................. 7 Amazon Athena ......................................................................................................................... 7 Amazon Aurora .......................................................................................................................... 8 Amazon Aurora PostgreSQL ........................................................................................................ 8 Amazon CloudFront .................................................................................................................... 8 Lambda@Edge ................................................................................................................... 8 Amazon CloudWatch .................................................................................................................. 9 Amazon CloudWatch Events ........................................................................................................ 9 Amazon CloudWatch Logs ........................................................................................................... 9 Amazon Comprehend ................................................................................................................. 9 Amazon Comprehend Medical ...................................................................................................... 9 Amazon Connect ........................................................................................................................ 9 Amazon DocumentDB (with MongoDB compatibility) .................................................................... 10 Amazon DynamoDB .................................................................................................................. 10 Amazon Elastic Block Store ....................................................................................................... 10 Amazon EC2 ............................................................................................................................ 11 Amazon Elastic Container Registry .............................................................................................. 11 Amazon ECS ............................................................................................................................ 11 Amazon EFS ............................................................................................................................ 12 Amazon EKS ............................................................................................................................ 12 Amazon ElastiCache for Redis .................................................................................................... 12 Encryption at Rest ............................................................................................................ 13 Transport Encryption ........................................................................................................ 13 Authentication ................................................................................................................. 13 Applying ElastiCache Service Updates ................................................................................. 14 Amazon OpenSearch Service ..................................................................................................... 14 Amazon EMR ........................................................................................................................... 14 Amazon EventBridge ................................................................................................................. 14 Amazon Forecast ...................................................................................................................... 15 Amazon FSx ............................................................................................................................. 15 Amazon GuardDuty .................................................................................................................. 16 Amazon HealthLake .................................................................................................................. 16 Amazon Inspector .................................................................................................................... 16 Amazon Kinesis Data Analytics ................................................................................................... 16 Amazon Kinesis Data Firehose .................................................................................................... 17 Amazon Kinesis Streams ........................................................................................................... 17 Amazon Kinesis Video Streams .................................................................................................. 17 Amazon Lex ............................................................................................................................. 17 Amazon Managed Streaming for Apache Kafka (Amazon MSK) ....................................................... 18 Amazon MQ ............................................................................................................................ 18 Amazon Neptune ..................................................................................................................... 19 AWS Network Firewall .............................................................................................................. 19 Amazon Pinpoint ...................................................................................................................... 19 Amazon Polly ........................................................................................................................... 20 Amazon Quantum Ledger Database (Amazon QLDB) ..................................................................... 20 Amazon QuickSight .................................................................................................................. 21 Amazon RDS for MariaDB .......................................................................................................... 21 Amazon RDS for MySQL ............................................................................................................ 21 iii Architecting for HIPAA Security and Compliance on Amazon Web Services AWS Whitepaper Amazon RDS for Oracle ............................................................................................................ 22 Amazon RDS for PostgreSQL ..................................................................................................... 22 Amazon RDS for SQL Server ...................................................................................................... 22 Encryption at Rest ............................................................................................................ 23 Transport Encryption ........................................................................................................ 23 Auditing .......................................................................................................................... 23 Amazon Redshift ...................................................................................................................... 23 Amazon Rekognition ................................................................................................................. 23 Amazon Route 53 ..................................................................................................................... 24 Amazon S3 Glacier ................................................................................................................... 24 Amazon S3 Transfer Acceleration ..............................................................................................