Like most cloud providers, ClearDATA operates under a shared responsibility model. While AWS takes responsibility for the security of its infrastructure, responsibility for maintaining compliance within your AWS environment is a collaborative effort between ClearDATA and our customers.
Listed below are AWS products and their associated reference guides for creating and maintaining compliance within AWS & ClearDATA. Each guide provides recommendations and steps to rectify security vulnerabilities and compliance risks within your AWS environment. Responsibility assignment matrices per service are also provided which can help you better understand ClearDATA's role and responsibilities as well as your own. If you are interested in enabling or configuring any of the AWS BAA Covered services listed below which are not covered by our automated safeguards, please create a support request through the portal detailing your request.
Additionally, if there is a particular AWS product reference guide that isn’t listed below, please get in touch with us and we will add it to the list.
Any Service not listed here as covered or non-covered can be considered unsupported and not eligible for use by our customers. Please contact ClearDATA Support to make a request that a service be Supported.
BAA COVERED = Supported service and eligible to transmit, process, and store PHI
BAA NON-COVERED = Supported service but not eligible to transmit, process, or store PHI
AUTOMATED SAFEGUARDS = Automatically remediates compliance controls described within the document
UNSUPPORTED =These services are not permitted to be used by our customers in any fashion
Amazon Web Services HIPAA Eligible Services Reference: https://aws.amazon.com/compliance/hipaa-eligible-services-reference/
Architecting for HIPAA Security and Compliance on Amazon Web Services: https://d1.awsstatic.com/whitepapers/compliance/AWS_HIPAA_Compliance_Whitepaper.pdf
1. Please contact ClearDATA Support for details