AWS RDS – HIPAA compliant?


I’m planning to have Oracle on AWS.

Is Oracle RDS HIPAA compliant? How can I make it HIPAA compliant?


The answer just recently changed. RDS is now HIPAA compliant, per their documentation/FAQ:

What Services Can I Use in My AWS Account if I Have a BAA with AWS?

Customers may use any AWS service in an account designated as a HIPAA account, but they should only process, store and transmit PHI in the HIPAA-eligible services defined in the BAA. There are nine HIPAA-eligible services today, including Amazon DynamoDB, Amazon EBS, Amazon EC2, Amazon Elastic MapReduce (EMR), Amazon Elastic Load Balancer (ELB), Amazon Glacier, Amazon Relational Database Service (RDS) [MySQL and Oracle engines], Amazon Redshift, and Amazon S3.


Leave a Reply