By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

BAA Hipaa applied to all accounts?

0

Hi, Once BAA is signed at the organization level , does it get applied to all:

accounts?

users?

IAM roles?

service accounts?

Basically applied everywhere?

Thank you

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
Security, Identity, & ComplianceAWS ArtifactAWS IAM Identity CenterAWS Account ManagementBAA
Language
English
Navi
asked a month ago242 views
2 Answers
1

Refer this blog post, which exactly answers the questions asked and provide more details on shared responsibility.

https://aws.amazon.com/blogs/security/accept-a-baa-with-aws-for-all-accounts-in-your-organization/

profile pictureAWS
EXPERT
secondabhi_aws
answered a month ago
0

Hi,

AFAIK, The AWS Business Associate Addendum (BAA) covers all accounts in your AWS Organization. It applies to all IAM users, roles, and service accounts within these accounts. Only AWS HIPAA-eligible services are covered by the BAA. You must activate HIPAA-eligible services in AWS Artifact for each relevant account. While the BAA provides coverage, you're still responsible for proper configuration and HIPAA compliance. AWS recommends using separate accounts for PHI and non-PHI workloads.

Hope it helps.

Awaneendra Tiwari
answered a month ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago

Relevant content