[kstrauser]

AWS is fine for building out HIPAA services. They have a decent portal at https://aws.amazon.com/compliance/hipaa-compliance/ explaining their compliance, which services you can use, and how to get them to sign a Business Associate Agreement (BAA).

I haven't done healthcare stuff in GCP or Azure so I can't compare, but AWS is _not_ a blocker for HIPAA.

[FireBeyond]

> I haven't done healthcare stuff in GCP

My understanding is that Google will not agree to any of the liability provisions inherent to a BAA, no matter how large your size.

[kstrauser]

Someone else linked to https://cloud.google.com/security/compliance/hipaa which says:

> Google will enter into Business Associate Agreements with customers as necessary under HIPAA.

Huh! That's a pleasant surprise.

[selinkocalar]

I've heard that that page is outdated and instead if you sign into G Suite as an admin, go to the admin console (admin.google.com/ac/companyprofile/legal) and then go to "Security and Privacy Additional Terms" you can review sign a BAA.