// Replace the content in <>
// Identify your target audience and explain how/why they would use this Quick Start.
//Avoid borrowing text from third-party websites (copying text from AWS service documentation is fine). Also, avoid marketing-speak, focusing instead on the technical aspect.

This guide provides instructions for deploying the U.S. Health Insurance Portability and Accountability Act (HIPAA) Reference Architecture Quick Start on the AWS Cloud. 

This Quick Start is for people in the healthcare industry who are looking for guidance on implementing HIPAA-ready environments in the AWS Cloud.

This Quick Start is part of a set of AWS compliance offerings, which provide security-focused architectures to help managed service providers, cloud-provisioning teams, developers, integrators, and information-security teams follow strict security, compliance, and risk-management controls. For other Quick Starts in this category, see the https://aws.amazon.com/quickstart/?solutions-all.sort-by=item.additionalFields.sortDate&solutions-all.sort-order=desc&awsf.filter-tech-category=tech-category%23security-identity-compliance&awsf.filter-industry=*all&awsf.filter-source-category=*all&awsf.filter-content-type=*all[Quick Start catalog^].

NOTE: {compliance-statement}

.IMPORTANT—PLEASE READ
****
*You must have an AWS Business Associate Addendum (BAA) in place, and follow its configuration requirements, before running protected health information (PHI) workloads on AWS.* You should not use your AWS account in connection with PHI until you have accepted the AWS BAA and configured your AWS account as required by the AWS BAA. Under HIPAA regulations, covered entities and business associates are responsible for putting in place a business associate agreement between themselves and each of their business associates. You are solely responsible for determining whether you and your organization need a business associate agreement with AWS. *If you determine that you need a business associate agreement with AWS, you can https://aws.amazon.com/artifact/getting-started/#BAA_Agreements[accept the AWS BAA through a self-service portal in AWS Artifact^]*. It is your responsibility to obtain a BAA from AWS. For more information about the AWS BAA, visit the https://aws.amazon.com/compliance/hipaa-compliance/[AWS HIPAA Compliance webpage^].

*This Quick Start does not address state-specific laws that may apply to you.* This Quick Start only addresses requirements set forth under HIPAA, a U.S. federal law. Many individual states have adopted rules that are different and in some cases, stricter than those that are federally mandated under HIPAA.

*This Quick Start will not, by itself, make you HIPAA-compliant.* The information contained in this Quick Start package is not exhaustive, and must be reviewed, evaluated, assessed, and approved by you in connection with your organization's particular security features, tools, and configurations. Download the https://fwd.aws/7M7b9?[security controls matrix^], a spreadsheet included with this Quick Start, for an explanation of how this Quick Start can be used to help support your compliance with certain requirements under the HIPAA Privacy and Security Rules. *However, it is the sole responsibility of you and your organization to determine which HIPAA regulatory requirements are applicable to you, and to ensure that you comply with those applicable requirements.* Importantly, most of the requirements under HIPAA are not technical but administrative (that is, people- and process-oriented). Although the https://fwd.aws/7M7b9?[security controls matrix^] that is included with this Quick Start lists and discusses both the technical and administrative requirements, this Quick Start cannot help you comply with the nontechnical HIPAA requirements.
****

*Does HIPAA apply to your organization?*

Customers are solely responsible for determining whether HIPAA applies to them, and if so, for complying with their obligations under HIPAA, the AWS BAA, and all other applicable laws, rules, and regulations. AWS does not provide legal or compliance advice. Customers should consult with qualified legal counsel or consultants, as needed, to ensure that their use of AWS complies with HIPAA, the terms of the AWS BAA, and other applicable laws, rules, and regulations.