BAA Readiness Assessment
Initialize your BAA journey with RunAsCloud
The Business Associate Addendum (BAA) is an AWS contract that is required under HIPAA rules to ensure that AWS appropriately safeguards protected health information (PHI). The BAA also serves to clarify and limit, as appropriate, the permissible uses and disclosures of PHI by AWS, based on the relationship between AWS and our customers, and the activities or services being performed by AWS.
AWS & HIPPA
AWS has enabled multiple companies in the healthcare space to increase their pace of innovation, reduce costs, and gain new insights from their data sources.
Security and Compliance is a shared responsibility between AWS and the customer. This relationship is what AWS calls the Shared Responsibility Model (See image below).
Businesses using AWS can use the continuously expanding list of AWS HIPAA compliant services to process, maintain, and store protected health information (PHI).
Customers who signed a BAA with AWS are required to fulfill their end of the Shared- Responsibility Model; Although many AWS services are eligible for HIPAA compliance, they must be implemented correctly when storing or processing PHI.
RunAsCloud works with healthcare companies to build resilient, cost-effective, and secure AWS applications that move, store, process, and archive PHI in accordance with HIPAA compliance standards.
RunAsCloud has extensive with helping customers fulfill their responsibilities as outlined in the baa with AWS.
The RunAsCloud HIPAA Compliance Assessment:
White Glove Check
Security & HIPAA Compliance
Net Zero Cost
RunAscloud will perform over 200 checks of your AWS environment and flag any potential HIPAA vialations
Customer will receive a full report of all potential HIPAA violations delivered by a certified AWS solutions architect
The full cost of the assessment will be refunded in the form of credits, which can be applied to any future consulting hours or MSP fees
AWS SHARED RESPONSIBILITY MODEL
WHAT ARE YOU RESPONSIBLE FOR?
The customer assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall.
Talk with a certified AWS Solutions Architect to confirm the HIPAA compliance of your AWS implementation and schedule a free consultation today.
This shared model can help relieve the customer’s operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates.
This differentiation of responsibility is commonly referred to as Security “of” the Cloud versus Security “in” the Cloud.