Is Amazon Chime a HIPAA compliant telehealth solution?

Is Amazon Chime a HIPAA compliant telehealth solution? | Paubox

We’ve been getting asked by customers and prospects about various telehealth solutions and whether they can use them in a HIPAA compliant manner.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.

Today we will determine if Amazon Chime is a HIPAA compliant telehealth service or not.

About Amazon Chime

Amazon Chime is a communication service developed by Amazon Web Services (AWS). It provides video conferencing, online meetings, chat, and voice call functionality. It is designed to be a secure and scalable solution for businesses, organizations, and individuals to communicate and collaborate online.

With Amazon Chime, users can hold virtual meetings with audio and video, share their screens, and collaborate on documents in real-time. The service also includes features such as chat rooms, file sharing, and integration with other productivity tools. It is available on a range of devices, including desktop computers, mobile phones, and tablets.

Amazon Chime is offered as a pay-as-you-go service, with pricing based on usage. It is also available as part of the AWS Business and Enterprise Support plans.

Amazon Chime and the business associate agreement

We’ve previously talked about how a business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance.

We checked the AWS site and found an article entitled, “Amazon Chime Achieves HIPAA Eligibility.”

Published in 2019, it states:


Amazon Chime is now a HIPAA Eligible Service. If you have a HIPAA Business Associate Addendum (BAA) in place with AWS, you can now start using Amazon Chime for your HIPAA eligible workloads.


Notification of Enforcement Discretion

When the pandemic first hit in March 2020, the U.S. Department of Health and Human Services (HHS) quickly announced the Notification of Enforcement Discretion, which allowed health care providers to use widely available communication apps without the risk of incurring HIPAA fines.

This notice allows health care providers to use popular applications to provide telehealth services, so long as they are “non-public facing.”

Examples of non-public facing applications include:

  • Amazon Chime
  • Apple FaceTime
  • Doxy.me
  • Facebook Messenger
  • Google Hangouts video
  • Google Hangouts
  • iMessage
  • Jabber
  • Signal
  • Skype
  • Spruce Health Care Messenger
  • Updox
  • VSee
  • WhatsApp
  • Zoom

See also: HIPAA privacy and security guidelines as they relate to telehealth

Is Amazon Chime HIPAA compliant?

The business associate agreement is a key component to HIPAA compliance between a covered entity and a business associate.

As we noted earlier, Amazon is willing to sign a BAA with its customers for Amazon Chime.

In addition, Amazon Chime is considered by HHS as a telehealth solution that can be used in a non-public facing manner. While the HHS Notification of Enforcement Discretion is not indefinite, it would allow healthcare entities to use Amazon Chime and not be liable for HIPAA fines even if they did not offer a BAA to their customers.

Conclusion: Amazon Chime is HIPAA compliant. Make sure you get a BAA in place with AWS.

About the author

Hoala Greevy

Founder CEO Paubox. Kayak fishing when I can.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport