Is Amazon Bedrock HIPAA‑Eligible? What to Know About the AWS BAA and Using PHI

If you plan to use Amazon Bedrock with Protected Health Information (PHI), treat it as HIPAA‑eligible only when all three conditions are true: AWS designates the service as HIPAA‑eligible, you have an executed AWS Business Associate Addendum (BAA), and you implement required HIPAA Compliance Controls under the AWS Shared Responsibility Model. If any condition is unmet, do not send PHI to the service.

Generative AI adds extra risk because PHI can appear in prompts, system messages, retrieved context, and model outputs. Your policies should assume any content touching PHI is in scope and must follow your security and privacy program.

HIPAA Eligibility Overview

Eligibility versus compliance

“HIPAA‑eligible” means AWS supports using a service with PHI under a BAA; it does not, by itself, make your workload compliant. Compliance requires that you configure, monitor, and operate the workload in line with HIPAA’s Security and Privacy Rules.

What must be true before sending PHI

Confirm the service’s HIPAA eligibility, ensure your organization’s BAA with AWS is in force, and scope PHI‑processing only to covered accounts and regions. Document how PHI flows into Bedrock, where it is stored, who can access it, and how long it is retained.

AWS Business Associate Addendum Requirements

What the BAA does—and doesn’t—do

The AWS Business Associate Addendum contractually permits use of HIPAA‑eligible services with PHI and commits AWS to safeguard information as a business associate. It does not relieve you of implementing HIPAA Compliance Controls appropriate to your risk analysis.

Practical steps to align with the BAA

• Execute and centrally track the BAA; ensure all in‑scope accounts are covered.
• Limit PHI processing to services identified as HIPAA‑eligible under the BAA.
• Define permissible uses and disclosures of PHI in your application architecture.
• Map administrative, physical, and technical safeguards to specific AWS controls.
• Maintain evidence (policies, configurations, logs) to demonstrate due diligence.

PHI Handling Best Practices

Data minimization and de‑identification

Send the least PHI necessary. Prefer de‑identified or pseudonymized data; tokenize direct identifiers and keep the re‑identification keys outside the inference path. Treat both prompts and outputs as PHI when they could reference an individual.

Prompt and retrieval hygiene

Redact direct identifiers before prompt construction. For retrieval‑augmented workflows, index de‑identified documents, enforce document‑level access controls, and filter retrieved context for sensitive elements before invoking Bedrock.

Retention and logging

Apply strict retention limits to request/response payloads and application logs. Scrub or avoid logging PHI in traces, metrics, and error messages. Validate that any model invocation logging aligns with your retention and access policies.

Secure Configuration and Monitoring

Identity and access

Use least‑privilege IAM policies, permission boundaries, and strong authentication. Isolate administrative roles from application roles and enforce separation of duties for key management and deployment.

Network and isolation

Keep traffic on the AWS network using VPC interface endpoints (AWS PrivateLink) where supported, apply egress controls, and segregate environments (dev/test/prod). Restrict inbound paths to Bedrock integrations through approved services only.

Data Encryption Standards

Encrypt data at rest with AWS KMS customer‑managed keys and enforce TLS 1.2+ in transit. Use envelope encryption for sensitive payloads, rotate keys on a defined schedule, and restrict key usage to authorized principals and workloads.

Monitoring and detective controls

Enable CloudTrail for API activity, centralize logs, and create alerts for anomalous access, unusual data volumes, and policy changes. Complement with Config, GuardDuty, and Security Hub to continuously assess configuration drift and threats.

Incident Response and Breach Notification

Prepare and practice

Maintain a Bedrock‑specific incident runbook covering triage, containment, forensics, and recovery. Pre‑stage responder access, golden queries for log searches, and decision trees for escalating to legal, privacy, and executive teams.

Breach Notification Procedures

Assess whether a security incident constitutes a HIPAA breach, perform a risk assessment, and follow notification timelines and content requirements. Coordinate with AWS under your BAA for any provider notifications and preserve evidence for regulators and audits.

Subcontractor and Vendor Compliance

Subcontractor Oversight Requirements

Inventory all vendors touching PHI—such as data pipelines, observability tools, and integration platforms—and flow down BAA‑equivalent obligations. Require security attestations, right‑to‑audit clauses, and documented data‑flow boundaries.

Third‑party models and tooling

If your solution involves external tools or services alongside Bedrock, ensure they are contractually covered, technically restricted to least privilege, and monitored. Avoid forwarding PHI to any service lacking appropriate agreements and safeguards.

Documentation and Training Importance

Evidence and governance

Maintain living documentation: data‑flow diagrams, threat models, configuration baselines, change records, and risk analyses required by the HIPAA Security Rule. Tie each safeguard to a responsible owner and verification method.

Workforce readiness

Train staff on PHI handling, prompt hygiene, and escalation paths. Reinforce that the AWS Shared Responsibility Model means AWS secures the cloud while you secure your data, identities, and configurations in the cloud.

Conclusion

In short, use Amazon Bedrock with PHI only when the service is HIPAA‑eligible under your executed AWS BAA and your implementation satisfies HIPAA Compliance Controls. Pair strong architecture with disciplined operations to reduce risk and demonstrate due care.

FAQs.

What makes Amazon Bedrock HIPAA-eligible?

It is HIPAA‑eligible for your use only when AWS designates the service as HIPAA‑eligible, your organization has an executed BAA with AWS, and your deployment enforces appropriate safeguards—identity, network, encryption, logging, and governance—consistent with HIPAA and the AWS Shared Responsibility Model.

How does the AWS BAA apply to Amazon Bedrock?

The BAA permits using HIPAA‑eligible AWS services with PHI and commits AWS to specified safeguards and notifications. Your responsibilities remain: restrict PHI to eligible services, configure security controls, limit access, manage retention, and document how PHI is used and protected within Bedrock workflows.

What are best practices for handling PHI with Amazon Bedrock?

Minimize PHI in prompts, de‑identify where possible, encrypt data with KMS, enforce least‑privilege IAM, keep traffic on private endpoints where supported, scrub logs, and treat model inputs and outputs as PHI. Regularly test controls, review audit trails, and validate retention settings.

How can I ensure subcontractor compliance under HIPAA?

Build a vendor inventory, obtain BAAs or equivalent agreements, verify security attestations, and flow down technical and administrative requirements. Limit data sharing to the minimum necessary, monitor access continuously, and include audit rights and breach reporting obligations in each contract.