If you're in the healthcare industry, and use AWS cloud hosting services, you'll be happy to know that AWS is HIPAA compliant. Healthcare providers use the AWS cloud to process, store, and transmit PHI (Protected Health Information). AWS allows covered entities and their business associates who are subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) to take advantage of a secure AWS environment to process, maintain, and store protected health information.
What is HIPAA?
Established in 1996 as The Health Insurance Portability and Accountability Act (HIPAA), it was expanded in 2009 by the Health Information Technology for Economic and Clinical Health Act (HITECH). Together, HIPAA and establish a set of federal standards intended to protect the security and privacy of PHI - the provisions of these are encompassed by the “Administrative Simplification” rules.
HIPAA regulations help healthcare workers retain their health insurance when they are in between jobs, and encourages the use of electronic healthcare records, to improve quality and efficiency of American healthcare system. HIPAA also seeks to protect the security and privacy of Protected Health Information (PHI). PHI consists of a wide set of data on everything from insurance and billing information, to clinical care data.
Who is required to follow HIPAA laws?
There are three entities that must follow the HIPAA regulations - these are referred to as “covered entities.”
- Health plans, which includes health insurance companies, HMO’s (Health Maintenance Organizations), company health plans, and certain government programs that pay for health care, such as Medicare and Medicaid.
- Most Health Care Providers, which includes those who administer certain business electronically (eg. electronically billing your health insurance), such as doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies and dentists.
- Health Care Clearinghouses - entities that take nonstandard health information from another entity, and process it into standard health information (such as standard electronics format or data content).
Business associates of these covered entities must also follow HIPAA regulation laws. Business associates include any contractors, subcontractors, and other third party vendors or individuals that are not official employees of a covered entity.
What information remains secure and protected through HIPAA?
- Any documentation or information provided by your doctors, nurses, and other health care providers put into your medical record.
- Information provided by your doctor about your care or treatment with nurses and others.
- Information about you held in your health insurer’s computer system.
- Billing information that your clinic has of yours.
- Most other health information about your that is held by those who must follow these laws.
Want to know more about AWS? Watch our recorded webinar on Delivering Corporate eLearning in the AWS Cloud.