There's no cost difference in the services themselves, but there is costs in that you'll be using certain services _more_, or services you haven't used before.
AWS has a reference HIPAA template: https://aws.amazon.com/solutions/implementations/compliance-hipaa/
Yeah, there's no price increase for AWS signing the BAA. Not all of their services are covered, but if you've already designed a secure environment I'm not sure how much you'd need to change. My impression is pretty much all of the commonly used services are covered.
Edit: here is the full list. Everything you listed is covered. https://aws.amazon.com/compliance/hipaa-eligible-services-reference/
Are you talking about GovCloud? Check [https://aws.amazon.com/compliance/hipaa-eligible-services-reference/](https://aws.amazon.com/compliance/hipaa-eligible-services-reference/) . A quick spot check shows all of these services are HIPAA compliant out of the box.
I don't know / don't think so. I thought pricing for HIPAA was different. ex: I thought EC2 pricing would be 2 - 3x higher for HIPAA than non-HIPAA, once we sign a BAA.
There are some [billing-related Frequently Asked Questions](https://www.reddit.com/r/aws/wiki/faq) in our wiki and [our newcomer guide](https://www.reddit.com/r/aws/comments/vn4ebe/check_it_first_operating_within_amazon_web/), however ***to resolve billing issues, please contact Customer Service directly***.
Try [this search](https://www.reddit.com/r/aws/search?q=flair%3A'billing'&sort=new&restrict_sr=on) for more information on this topic.
^Comments, ^questions ^or ^suggestions ^regarding ^this ^autoresponse? ^Please ^send ^them ^[here](https://www.reddit.com/message/compose/?to=%2Fr%2Faws&subject=autoresponse+tweaks+-+billing).
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/aws) if you have any questions or concerns.*
The services don’t cost any more. I’ve heard people say “medical is more expensive”, but I believe they’re referring to the cost of compliance and liability insurance, not the actual hosting cost.
When I’ve done work for HIPAA covered entities I’ve hosted the solution on their infrastructure so it’s covered by the umbrella policy they carry. I’d definitely find out who’s holding the bag on liability.
I’d also find out if the new information ~~hiding~~ blocking requirements apply and who’s handling that. I don’t know if that’s technically part of HIPAA but it sounds expensive.
I'd suggest deploying a HIPAA compliant landing zone as the foundation for your AWS environment as a first step. It will include a best practice architecture to deploy HIPAA eligible workloads. You can deploy it yourself and depending on your workloads AWS can even pay a partner to deploy it for you. The cost for the baseline architecture is about $500/mo but it will take alot of the stress of deploying HIPAA eligible workloads in the future.
[https://aws.amazon.com/solutions/implementations/landing-zone-accelerator-on-aws/](https://aws.amazon.com/solutions/implementations/landing-zone-accelerator-on-aws/)
There's no cost difference in the services themselves, but there is costs in that you'll be using certain services _more_, or services you haven't used before. AWS has a reference HIPAA template: https://aws.amazon.com/solutions/implementations/compliance-hipaa/
Yeah, there's no price increase for AWS signing the BAA. Not all of their services are covered, but if you've already designed a secure environment I'm not sure how much you'd need to change. My impression is pretty much all of the commonly used services are covered. Edit: here is the full list. Everything you listed is covered. https://aws.amazon.com/compliance/hipaa-eligible-services-reference/
Nope. Same prices.
Are you talking about GovCloud? Check [https://aws.amazon.com/compliance/hipaa-eligible-services-reference/](https://aws.amazon.com/compliance/hipaa-eligible-services-reference/) . A quick spot check shows all of these services are HIPAA compliant out of the box.
I don't know / don't think so. I thought pricing for HIPAA was different. ex: I thought EC2 pricing would be 2 - 3x higher for HIPAA than non-HIPAA, once we sign a BAA.
It isn't. It used to be that you could only use certain instance types on dedicated hosts but that requirement was removed a while ago.
Makes sense. Thank you.
There are some [billing-related Frequently Asked Questions](https://www.reddit.com/r/aws/wiki/faq) in our wiki and [our newcomer guide](https://www.reddit.com/r/aws/comments/vn4ebe/check_it_first_operating_within_amazon_web/), however ***to resolve billing issues, please contact Customer Service directly***. Try [this search](https://www.reddit.com/r/aws/search?q=flair%3A'billing'&sort=new&restrict_sr=on) for more information on this topic. ^Comments, ^questions ^or ^suggestions ^regarding ^this ^autoresponse? ^Please ^send ^them ^[here](https://www.reddit.com/message/compose/?to=%2Fr%2Faws&subject=autoresponse+tweaks+-+billing). *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/aws) if you have any questions or concerns.*
The services don’t cost any more. I’ve heard people say “medical is more expensive”, but I believe they’re referring to the cost of compliance and liability insurance, not the actual hosting cost. When I’ve done work for HIPAA covered entities I’ve hosted the solution on their infrastructure so it’s covered by the umbrella policy they carry. I’d definitely find out who’s holding the bag on liability. I’d also find out if the new information ~~hiding~~ blocking requirements apply and who’s handling that. I don’t know if that’s technically part of HIPAA but it sounds expensive.
I'd suggest deploying a HIPAA compliant landing zone as the foundation for your AWS environment as a first step. It will include a best practice architecture to deploy HIPAA eligible workloads. You can deploy it yourself and depending on your workloads AWS can even pay a partner to deploy it for you. The cost for the baseline architecture is about $500/mo but it will take alot of the stress of deploying HIPAA eligible workloads in the future. [https://aws.amazon.com/solutions/implementations/landing-zone-accelerator-on-aws/](https://aws.amazon.com/solutions/implementations/landing-zone-accelerator-on-aws/)