Page tree

Skip to end of metadata
Go to start of metadata

Like most cloud providers, ClearDATA operates under a shared responsibility model. While AWS takes responsibility for the security of its infrastructure, responsibility for maintaining compliance within your AWS environment is a collaborative effort between ClearDATA and our customers. 

Listed below are AWS products and their associated reference guides for creating and maintaining compliance within AWS & ClearDATA. Each guide provides recommendations and steps to rectify security vulnerabilities and compliance risks within your AWS environment. Responsibility assignment matrices per service are also provided which can help you better understand ClearDATA's role and responsibilities as well as your own.  If you are interested in enabling or configuring any of the AWS BAA Covered services listed below which are not covered by our automated safeguards, please create a support request through the portal detailing your request.

Additionally, if there is a particular AWS product reference guide that isn’t listed below, please get in touch with us and we will add it to the list.


Services

Analytics
Athena  BAA COVERED AUTOMATED SAFEGUARDS
Elasticsearch  BAA COVERED AUTOMATED SAFEGUARDS
Glue  BAA COVERED AUTOMATED SAFEGUARDS
Kinesis Data Stream  BAA COVERED AUTOMATED SAFEGUARDS
Kinesis Firehose  BAA COVERED AUTOMATED SAFEGUARDS
Managed Streaming for Apache Kafka (MSK) BAA COVERED MANUAL SAFEGUARDS
QuickSight BAA COVERED MANUAL SAFEGUARDS
Customer Engagement
Connect BAA COVERED
Machine Learning & Artificial Intelligence
Sagemaker  BAA COVERED AUTOMATED SAFEGUARDS
Comprehend BAA COVERED AUTOMATED SAFEGUARDS
Comprehend Medical BAA COVERED AUTOMATED SAFEGUARDS
Polly BAA COVERED
Transcribe BAA COVERED AUTOMATED SAFEGUARDS
Translate BAA COVERED AUTOMATED SAFEGUARDS
Migration & Transfer
Transfer for SFTP  BAA COVERED AUTOMATED SAFEGUARDS
Database Migration Service BAA COVERED
DataSync BAA COVERED
Snowball BAA COVERED
Storage
Backup BAA COVERED
Elastic Block Storage (EBS) BAA COVERED AUTOMATED SAFEGUARDS
Elastic File System (EFS)  BAA COVERED AUTOMATED SAFEGUARDS
FSx for Windows File Server BAA COVERED
Glacier BAA COVERED AUTOMATED SAFEGUARDS
Simple Storage Service (S3)  BAA COVERED AUTOMATED SAFEGUARDS
Storage Gateway BAA COVERED
Customer Engagement
Connect  BAA COVERED
Application Integration
Simple Queueing Service (SQS)  BAA COVERED AUTOMATED SAFEGUARDS
Simple Notification Service (SNS) BAA COVERED
Step Functions BAA COVERED
Database
DocumentDB BAA COVERED MANUAL SAFEGUARDS
DynamoDB  BAA COVERED AUTOMATED SAFEGUARDS
ElastiCache for Redis  BAA COVERED AUTOMATED SAFEGUARDS
Redshift  BAA COVERED AUTOMATED SAFEGUARDS
Relational Database Service (RDS), including Aurora  BAA COVERED AUTOMATED SAFEGUARDS
Management & Governance
Auto Scaling BAA COVERED
CloudFormation BAA COVERED
CloudTrail BAA COVERED
CloudWatch (including Events, Logs, SDK Metrics) BAA COVERED
Config BAA COVERED
Organizations BAA COVERED
MANUAL SAFEGUARDS
Systems Manager BAA COVERED
Trusted Advisor 
Networking & Content Delivery
API Gateway BAA COVERED AUTOMATED SAFEGUARDS
Application Load Balancing (ALB)  BAA COVERED AUTOMATED SAFEGUARDS
CloudFront BAA COVERED
Direct Connect BAA COVERED
Elastic Load Balancer (ELB) BAA COVERED MANUAL SAFEGUARDS
Network Load Balancer BAA COVERED
Route 53 BAA COVERED
Security Groups  BAA COVERED AUTOMATED SAFEGUARDS
VPC BAA COVERED MANUAL SAFEGUARDS
VPN Gateway BAA COVERED
Compute
EC2  BAA COVERED AUTOMATED SAFEGUARDS
EC2 Auto Scaling BAA COVERED AUTOMATED SAFEGUARDS
EC2 Container Registry BAA COVERED
ECS (EC2 Launch Type)  BAA COVERED MANUAL SAFEGUARDS
ECS (Fargate Launch Type) BAA NON-COVERED [1]
Elastic Container Service for Kubernetes (EKS)  BAA COVERED AUTOMATED SAFEGUARDS
Batch BAA COVERED MANUAL SAFEGUARDS
Lambda BAA COVERED
Developer Tools
CodeBuild BAA COVERED
CodeCommit BAA COVERED
CodePipeline BAA COVERED
X-Ray BAA COVERED
Media Services
Kinesis Video Streams  BAA COVERED AUTOMATED SAFEGUARDS
Security, Identity, & Compliance
CloudHSM BAA COVERED
Cognito BAA COVERED
Directory Service excluding Simple AD & AD Connector BAA COVERED
GuardDuty BAA COVERED
Identity & Access Management   MANUAL SAFEGUARDS
Key Management Service BAA COVERED
Macie BAA COVERED
Secrets Manager BAA COVERED
Shield Advanced BAA COVERED
Web Application Firewall (WAF) BAA COVERED



Legend

Any Service not listed here as covered or non-covered can be considered unsupported and not eligible for use by our customers. Please contact ClearDATA Support to make a request that a service be Supported.

BAA COVERED = Supported service and eligible to transmit, process, and store PHI

BAA NON-COVERED = Supported service but not eligible to transmit, process, or store PHI

AUTOMATED SAFEGUARDS = Automatically remediates compliance controls described within the document

UNSUPPORTED =These services are not permitted to be used by our customers in any fashion

MANUAL SAFEGUARDS = These services are configured by ClearDATA Healthcare Managed Services team, and available to host or process PHI once the resource is provisioned

Amazon Reference

Amazon Web Services HIPAA Eligible Services Reference: https://aws.amazon.com/compliance/hipaa-eligible-services-reference/

Architecting for HIPAA Security and Compliance on Amazon Web Services: https://d1.awsstatic.com/whitepapers/compliance/AWS_HIPAA_Compliance_Whitepaper.pdf

ClearDATA Reference

1. Please contact ClearDATA Support for details

  • No labels