Is there any documentation on how AWS Bedrock can be HIPAA eligible in more detail?


I have found documentation that AWS that Bedrock has achieved HIPAA eligibility

Does that mean the instance of LLMs Bedrock is running and is within AWS walls and has been altered to make sure data that goes to the LLM doesn't get saved or shared to other customers?

1 Answer
Accepted Answer

Hi John

You're right in that data doesn't leave the AWS service or go back to the model vendor. To quote the documentation:

"Each model provider has an escrow account that they upload their models to. The Amazon Bedrock inference account has permissions to call these models, but the escrow accounts themselves don't have outbound permissions to Amazon Bedrock accounts. Additionally, model providers don't have access to Amazon Bedrock logs or access to customer prompts and continuations."

There is also this resource for compliance validation.

Hopefully this helps!

answered 2 months ago
profile pictureAWS
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions