2 Answers
- Newest
- Most votes
- Most comments
1
Refer this blog post, which exactly answers the questions asked and provide more details on shared responsibility.
https://aws.amazon.com/blogs/security/accept-a-baa-with-aws-for-all-accounts-in-your-organization/
0
Hi,
AFAIK, The AWS Business Associate Addendum (BAA) covers all accounts in your AWS Organization. It applies to all IAM users, roles, and service accounts within these accounts. Only AWS HIPAA-eligible services are covered by the BAA. You must activate HIPAA-eligible services in AWS Artifact for each relevant account. While the BAA provides coverage, you're still responsible for proper configuration and HIPAA compliance. AWS recommends using separate accounts for PHI and non-PHI workloads.
Hope it helps.
answered a month ago
Relevant content
- asked 3 years ago
- Accepted Answerasked a year ago
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago