
Ask HN: AWS or Azure for HIPAA compliant web form? - thisisdallas
I need a basic HIPAA compliant web form for a medical office.<p>I&#x27;m looking at setting up a server on AWS or Azure that will host the form. I will use use an iframe to add the form the practice&#x27;s website that will be hosted on a Digital Ocean droplet.<p>The Azure&#x2F;AWS server won&#x27;t store any data but it will be transferring it to a HIPAA compliant email address (office 365 email address).<p>I&#x27;m somewhat confused on what the best route to take is. I was thinking about building the form on a low resource vm to reduce cost as much as possible. If a simple vm server is all I need, are there any benefits to using AWS or Azure in terms of being HIPAA compliant? In other words, does either platform make it easier to be HIPAA compliant?
======
SkyPuncher
Neither. There simply isn't a way to do "basic HIPAA" in either. You basically
need to fully commit to being HIPAA compliant if you go directly with a
service.

At Carol Health, we use a provider called Healthcare Blocks to manage a HIPAA
compliant environment in AWS. They take care of most of the infrastructure
compliance. While, we take care of the application side. Datica and Aptible
are direct alternatives to Healthcare Blocks.

Those options would give you a more traditional hosting route. You could also
use a services like True Vault. It's kind of like Stripe for HIPAA data. All
of the HIPAA-sensitive data is communicated directly to TrueVault. Your server
then deals with non-PHI data.

~~~
thisisdallas
Thanks for the help, I appreciate it.

> You basically need to fully commit to being HIPAA compliant if you go
> directly with a service.

Do you mind explaining that a little more? Are there specific actions that
need to be taken in order to be HIPAA compliant if no data is being saved on
the server?

