Health Insurance Portability and Accountability Act
(HIPAA)
Overview
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that includes provisions designed to protect the privacy and security of PHI. Since its inception HIPAA has been modified several times, including rules changes relevant to Privacy (2003), Security (2005), Enforcement (2006), and Breach Notification (2009).
HIPAA is applicable to “covered entities” (Health plans, Healthcare clearinghouses, and healthcare providers who transmit health information electronically) and their business associates.
Among other provisions, HIPAA includes two main sets of rules: the Privacy Rule and the Security Rule. The HIPAA Privacy Rule requires covered entities and their business associates to protect the privacy of PHI on any medium. The HIPAA Security Rule requires that covered entities and their business associates protect the confidentiality, integrity and availability of PHI that is created, transmitted, received or maintained with administrative, physical and technical controls.
A growing number of healthcare providers, payers, and IT professionals are using AWS's utility-based cloud services to process, store, and transmit protected health information (PHI).
AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use the secure AWS environment to process, maintain, and store protected health information.
For information on HIPAA eligible services see the HIPAA Eligible Services Reference.

AWS Healthcare and Life Sciences Customers
