ALL ARTICLES
SHARE

Amazon S3 HIPAA Compliance

Flatirons
Development
3 min read
Amazon S3 HIPAA Compliance

Amazon S3 is the most popular cloud object storage service available. It is an affordable way for Amazon S3 users to store and retrieve any amount of data at any time or place. As with most AWS services, Amazon S3 is inexpensive, fast, and reliable. It is a great choice for file storage from mobile and web applications.

Amazon S3

Is Amazon S3 HIPAA Compliant?

Err… sort of. As it turns out, Amazon S3 is also one of Amazon’s HIPAA Eligible Services. Notice the wording of the terminology “HIPAA Eligible Service.” Amazon S3 is not always HIPAA compliant. In order for it to be HIPAA compliant, you must configure and use it in a HIPAA-compliant manner. This is the shared responsibility model that applies under a HIPAA Business Associate Agreement. Here are some steps you can take to use Amazon S3 securely to try to maintain HIPAA compliance.

Sign a Business Associate Agreement (BAA) with Amazon

As with any time that you are potentially storing protected health information (PHI) with a third-party company, you need to sign a BAA with Amazon. We recommend getting this process started so that you can have a HIPAA-compliant AWS account in a timely manner.

Looking for HIPAA Compliant Software Development?
See how our experts can help you
SCHEDULE A MEETING

Set Appropriate Access Controls

Within a HIPAA-compliant infrastructure, only the people or applications that need access to certain data should have it. When it comes to Amazon S3, you should configure AWS Identity and Access Management (IAM) to control access levels to your Amazon S3 buckets. This will let you set granular permissions for what all of the people in your organization can do with your S3 buckets. By default, your S3 buckets should not be public, and people should not have access to them. Only grant access to the resources that people need.

Use S3 Presigned URLs

AWS Presigned URLs allow you to generate time-limited URLs for objects in your S3 buckets. We recommend always using pre-signed URLs when you can. When you are able to set an expiration date on the links for resources in your bucket, it adds one more layer of security in case a link to a resource containing PHI is leaked somehow.

S3 Backups and Restoration

It is best to have your HIPAA-compliant Amazon S3 buckets use Amazon S3 Glacier. With Amazon S3 Glacier, you can archive data and restore it when necessary. Maintaining records will prevent a loss of data.

Get Help with HIPAA Services

If you need help setting up Amazon S3 to be HIPAA compliant, Flatirons can help. We have experience setting up all sorts of HIPAA-compliant cloud services. We are also a HIPAA-compliant software vendor, and we can sign a Business Associate Agreement with your organization. Contact us for more information.

HIPAA Compliant Software Development

Flatirons helps healthcare organizations create compliant and tailored software solutions.

Schedule a Meeting

Get the CEO's Take

Handpicked tech insights and trends from our CEO.

E-mail

HIPAA Compliant Software Development

Flatirons helps healthcare organizations create compliant and tailored software solutions.

Schedule a Meeting

Get the CEO's Take

Handpicked tech insights and trends from our CEO.

E-mail
Flatirons
More ideas.
Essentials of Digital Product Design
Business

Learn the Essentials of Digital Product Design

Flatirons

Nov 26, 2024
Ruby on Rails Alternatives
Development

10 Ruby on Rails Alternatives You Should Know About

Flatirons

Nov 20, 2024
Practice EHR Integration
Development

Streamline Your Healthcare Practice with EHR Integration

Flatirons

Nov 18, 2024
React Developer Salary
Development

Unlock Your Potential: React Developer Salary Guide

Flatirons

Nov 16, 2024
rails vs python
Development

Ruby on Rails vs Python: Key Differences

Flatirons

Nov 14, 2024
BCM
Development

Understanding Your Car’s BCM – Key Auto Insights

Flatirons

Nov 14, 2024
Essentials of Digital Product Design
Business

Learn the Essentials of Digital Product Design

Flatirons

Nov 26, 2024
Ruby on Rails Alternatives
Development

10 Ruby on Rails Alternatives You Should Know About

Flatirons

Nov 20, 2024
Practice EHR Integration
Development

Streamline Your Healthcare Practice with EHR Integration

Flatirons

Nov 18, 2024
React Developer Salary
Development

Unlock Your Potential: React Developer Salary Guide

Flatirons

Nov 16, 2024
rails vs python
Development

Ruby on Rails vs Python: Key Differences

Flatirons

Nov 14, 2024
BCM
Development

Understanding Your Car’s BCM – Key Auto Insights

Flatirons

Nov 14, 2024
Essentials of Digital Product Design
Business

Learn the Essentials of Digital Product Design

Flatirons

Nov 26, 2024
Ruby on Rails Alternatives
Development

10 Ruby on Rails Alternatives You Should Know About

Flatirons

Nov 20, 2024
Practice EHR Integration
Development

Streamline Your Healthcare Practice with EHR Integration

Flatirons

Nov 18, 2024
React Developer Salary
Development

Unlock Your Potential: React Developer Salary Guide

Flatirons

Nov 16, 2024
rails vs python
Development

Ruby on Rails vs Python: Key Differences

Flatirons

Nov 14, 2024
BCM
Development

Understanding Your Car’s BCM – Key Auto Insights

Flatirons

Nov 14, 2024
Essentials of Digital Product Design
Business

Learn the Essentials of Digital Product Design

Flatirons

Nov 26, 2024
Ruby on Rails Alternatives
Development

10 Ruby on Rails Alternatives You Should Know About

Flatirons

Nov 20, 2024
Practice EHR Integration
Development

Streamline Your Healthcare Practice with EHR Integration

Flatirons

Nov 18, 2024
React Developer Salary
Development

Unlock Your Potential: React Developer Salary Guide

Flatirons

Nov 16, 2024
rails vs python
Development

Ruby on Rails vs Python: Key Differences

Flatirons

Nov 14, 2024
BCM
Development

Understanding Your Car’s BCM – Key Auto Insights

Flatirons

Nov 14, 2024