> Though $3,499/month is WAY above what a small company like mine can afford.
In order to host a HIPAA-compliant application on Amazon, there is a $1,500/month per-zone fee. This does not even count the actual server or storage costs, let alone the costs of building (and then maintaining) a complaint server application plus managing the documentation for it.
You also have to pay this fee again if you want to host the application in a second region (e.g. for failover/redundancy).
So, an extra $2000/month to forget about all of those is a signficant cost, but still a reasonable price.
Hi, very curious here: where did you get this from : "In order to host a HIPAA-compliant application on Amazon, there is a $1,500/month per-zone fee. "........As far as I understand, HIPAA compliant means that data has to be encrypted in transit and at rest ......so, for example, running a SQL Database on an EC2 with SSL and an encrypted file system should do the job and that doesn't cost 1500 per month ??
In order to get a BAA with Amazon you need to use dedicated instances. BAAs are required in order to use Amazon and be compliant with HIPAA. Running any dedicated instances in a zone costs $2/hr (just for the right).
but once you have the BAA , does Amazon force you to run the dedicated instance 24/7 ? I'm very confused , just running an app on a dedicated instance, does not make it HIPAA compliant since the app needs encryption in-transit and at-rest to be HIPAA compliant. You can achieve that on a regular instance ...
We have a HIPAA compliant dedicated server with another company, and including bandwidth for 100,000+ / month visits, it is around $1500. We could easily host another website (e.g. Complaint server) on the server with extremely little additional cost.
In order to host a HIPAA-compliant application on Amazon, there is a $1,500/month per-zone fee. This does not even count the actual server or storage costs, let alone the costs of building (and then maintaining) a complaint server application plus managing the documentation for it.
You also have to pay this fee again if you want to host the application in a second region (e.g. for failover/redundancy).
So, an extra $2000/month to forget about all of those is a signficant cost, but still a reasonable price.