Amazon Verified Permissions is now a Health Insurance Portability and Accountability Act (HIPAA) eligible service, enabling healthcare and life sciences organizations subject to HIPAA to use the service for permissions management. Amazon Verified Permissions is a permissions management and fine-grained authorization service for the applications that you build. Amazon Verified Permissions uses the Cedar policy language to enable developers and admins to define policy-based access controls using roles and attributes. For example, an patient management application might call Amazon Verified Permissions (AVP) to determine if Alice is permitted access to Bob’s patient records, given that she is in the doctors group and is Bob’s doctor.
If you have a HIPAA Business Associate Addendum (BAA) in place with AWS, you can now use Amazon Verified Permissions for workloads that are subject to HIPAA compliance. If you are building applications on API Gateway, you can get started with Amazon Verified Permissions with a just few clicks. Connect to your identity provider and configure permissions that protect API’s based on user groups and attributes. If you don’t have a BAA in place with AWS, or if you have any other questions about running HIPAA-regulated workloads on AWS, please contact us.
You can find AWS HIPPA eligible services on the HIPAA Eligible Services Reference page. For more information on the service visit Fine-Grained Authorization – Amazon Verified Permissions – AWS
Source:: Amazon AWS