Healthcare Ready for AWS is a managed service for healthcare organizations that provides an operational Cloud environment with pre-configured compliance and security controls. Protect and scale out your applications using managed configurations including containers, virtual machines, and serverless, backed by a variety of database options - within your AWS account.
Security and Compliance Features Managed by Healthcare Blocks
Amazon RDS provides the latest versions of MySQL, PostgreSQL, and SQL Server. Healthcare Ready for AWS ensures your database services are configured correctly to satisfy HIPAA requirements, including features such as encryption-at-rest, audit trails, and automated failover. Customers can use DocumentDB for MongoDB workloads.
For more complex data lake/warehouse use cases, Healthcare Ready for AWS supports services such as Amazon HealthLake, Amazon Redshift, and more.
Cost-effective file cloud storage is available through Amazon S3. Healthcare Ready for AWS enforces encryption and logging requirements and can configure data replication across geographic regions to meet disaster recovery requirements.
Healthcare Ready for AWS enforces data encryption requirements. Storage volumes attached to containers and virtual machines are encrypted using AES 256-bit keys, provisioned and rotated through the AWS Key Management Service (KMS). Transmission of data between internal services is encrypted using TLS. Public traffic received through load balancers is encrypted all the way to containers and virtual machines per AWS HIPAA requirements.
For healthcare data integration needs, Healthcare Ready for AWS manages the network security configuration and backing services, such as SFTP endpoints.
Standards and Automatic Compliance Checks

The configuration of your AWS account and services is based on documented standards and verifiable controls, including
- AWS Foundational Security Best Practices
- CIS AWS Foundations Benchmark
- NIST Cybersecurity Framework (CSF)
Your AWS security posture is continuously assessed and summarized by the AWS Security Hub service. Alerts are displayed in a dashboard and can be sent to communication platforms such as Slack and Microsoft Teams.
In addition, organizations can subscribe to the AWS Audit Manager service, which automatically collects evidence for many of the controls required for compliance with HIPAA, HITRUST CSF, and Service Organization Control 2 (SOC 2).
Additional Information
How do I sign up for Healthcare Ready for AWS?
Start a conversation with Healthcare Blocks using our live chat. We'll discuss your needs and provide additional information about getting started. Or send us an email.
What is the best way to estimate my monthly AWS fees?
Healthcare Blocks can produce an estimate that includes the compute and storage services required by your organization, as well as the standard backing services that are necessary to support a bare minimum HIPAA-compliant configuration. Please have your technical lead developer or architect start a live chat to request an estimate.
What are the terms of service and customer responsibilities?
Please review our Healthcare Ready for AWS Services Agreement (PDF), and start a chat if you have any questions.
What are the benefits of using Healthcare Blocks to manage my AWS account?
We have extensive experience with AWS specific to healthcare scenarios and have helped many organizations scale from early-stage concepts to successful platforms.
How to determine which Healthcare Blocks service is a better fit for my organization?
Healthcare Ready for AWS is ideal for teams already working with or willing to invest the time and DevOps resources to learn the Amazon Web Services platform. While Healthcare Ready for AWS helps eliminate some of the technical challenges and implementation tasks, DevOps teams typically take on more responsibilities compared to our Cloud Application Platform experience. The primary benefits for organizations include enhanced transparency into their production systems, faster auditing capabilities, and direct access to the various Web consoles in the AWS platform.
Which AWS regions do you support?
Amazon Web Services us-west-2 (Oregon) and us-east-2 (Ohio).
Who signs the Business Associate Agreement (BAA)?
AWS has its own BAA that your organization would need to execute. To obtain a copy for preview, after creating an AWS account, go to the AWS Artifact service. In addition, Healthcare Blocks will sign a BAA with your organization. We have two different versions, depending on your relationship to us, that you can preview (PDF): covered entity or business associate. An e-signable version will be sent to you upon request.
Do you support the Dokku PaaS in Healthcare Ready for AWS?
Absolutely! We've assisted customers with migrations from our Cloud Application Platform to our newer offering without requiring them to change their production configuration and deployment process.
Can you configure my AWS environment so that my DevOps team cannot access any PHI?
Through a combination of strict access controls in your AWS environment and tasks that your DevOps team would need to implement, this solution is achievable. See our Enhanced Security Architecture for details.