HIPAA Compliance Report

Overview

This report performs a technical assessment of your AWS environment against selected safeguards from the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. HIPAA sets national standards in the United States to protect individuals' electronic protected health information (ePHI) that is created, received, maintained, or transmitted electronically. This assessment focuses on technical and administrative safeguards required for covered entities and business associates.

The assessment evaluates your infrastructure against the following HIPAA Security Rule provisions:

Administrative Safeguards (164.308)

• Risk Management, Information system activity review
• Workforce security, including Authorization, Clearance, and Termination procedures
• Information access management, including Access authorization, Access establishment and modification
• Security incident procedures, including Response and reporting
• Contingency plan, including Data backup plan

Technical Safeguards (164.312)

• Access control, including Unique user identification, Emergency access, and Encryption/decryption
• Audit controls, Integrity, and Mechanisms to authenticate ePHI
• Person or entity authentication
• Transmission security, including Integrity controls and Encryption

The assessment covers many AWS services, including IAM, S3, CloudTrail, RDS, and KMS.

Upon completion, you will receive a detailed report identifying all passed and failed resources, along with actionable remediation steps to help you achieve alignment with HIPAA technical and administrative safeguards.