Amazon Athena - Architecting for HIPAA Security and Compliance on Amazon Web Services

Amazon Athena

Amazon Athena is an interactive query service that makes it easy to analyze data directly in Amazon Simple Storage Service (Amazon S3) using standard SQL. Athena helps customers analyze unstructured, semi-structured, and structured data stored in Amazon S3. Examples include CSV, JSON, or columnar data formats such as Apache Parquet and Apache ORC. Customers can use Athena to run ad hoc queries using ANSI SQL, without the need to aggregate or load the data into Athena.

Amazon Athena can now be used to process data containing PHI. Encryption of data while in transit between Amazon Athena and S3 is provided by default using SSL/TLS. Encryption of PHI while at-rest on S3 should be performed according to the guidance provided in the S3 section. Encryption of query results from and within Amazon Athena, including staged results, should be enabled using server-side encryption with Amazon S3 managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS) or client-side encryption with AWS KMS-managed keys (CSE-KMS). Amazon Athena uses AWS CloudTrail to log all API calls.