In addition to the increasing use of electronic medical records, HIPAA contains provisions for the protection of the security and privacy of protected health data (PHI). PHI contains a very wide range of identifiable personal health and health data, including insurance and billing information, diagnostic data, clinical care data and laboratory results such as images and test results. HIPAA rules apply to covered facilities, including hospitals, medical service providers, employer-sponsored health plans, research institutes and insurance companies that are directly related to patient and patient data. The HIPAA requirement for the protection of PHPs also applies to business partners. Step by step: Learn how to use AWS Artifact to accept agreements for multiple accounts in your organization. (2:07) Amazon is very interested in the use of AWS by health organizations and, as such, an agreement is signed through business partners. As part of this agreement, Amazon supports the security, control and management processes required by HIPAA. Amazon Associate Addendum (AKA. Business Associates Agreement BAA) defines HIPAA protection mechanisms managed by AWS and breaks down the distribution of compliance responsibilities between the cloud platform and customers. It is the responsibility of the client organization to ensure that it is complying with the agreement and managing its security responsibility in order to comply with HIPAA.
In accordance with HIPAA regulations, cloud service providers (CSPs) are considered business partners, such as AWS. The Addendum Business Associate (BAA) is an AWS contract that is required in accordance with HIPAA rules to ensure that protected health information (PHI) is protected by AWS. The purpose of the BAA is also to clarify and, where appropriate, to limit the authorized uses and disclosures of PHI by AWS based on the relationship between AWS and our customers, as well as activities or services performed by AWS. The BAA is the first specialized industry agreement to make AWS available online. We have chosen to launch the BAA as an obligation for AWS client organizations that are reinventing the way healthcare is studied and made available with the cloud.