[Seb86]

Hi, very curious here: where did you get this from : "In order to host a HIPAA-compliant application on Amazon, there is a $1,500/month per-zone fee. "........As far as I understand, HIPAA compliant means that data has to be encrypted in transit and at rest ......so, for example, running a SQL Database on an EC2 with SSL and an encrypted file system should do the job and that doesn't cost 1500 per month ??

[tel]

In order to get a BAA with Amazon you need to use dedicated instances. BAAs are required in order to use Amazon and be compliant with HIPAA. Running any dedicated instances in a zone costs $2/hr (just for the right).

[Seb86]

but once you have the BAA , does Amazon force you to run the dedicated instance 24/7 ? I'm very confused , just running an app on a dedicated instance, does not make it HIPAA compliant since the app needs encryption in-transit and at-rest to be HIPAA compliant. You can achieve that on a regular instance ...

[tel]

The BAA only applies to the dedicated instances—in particular, you have to VPC them—you cannot achieve HIPAA compliance with a non-dedicated instance.