AI Summary - 20-sec read - Reviewed by experts
- As of February 10, 2026, AWS lists Amazon Bedrock and Bedrock AgentCore as HIPAA-eligible services.
- HIPAA-eligible does not mean compliant. You must sign a Business Associate Agreement (BAA) with AWS before any PHI touches the service.
- Use Bedrock Guardrails to detect and redact PII and PHI, filter content, and constrain what the agent can say and do.
- Bedrock does not store your prompts or train models on your data; pair that with encryption, scoped accounts, and audit logging for a defensible build.
- Short on time? Book a free call.
Short on time? Book a free call.
You want an AI agent that can answer questions about a patient record, a claim, or an intake form. The moment it reads protected health information, you are one misconfiguration away from a reportable breach. The good news: as of February 2026, AWS Bedrock is HIPAA-eligible. The important news: eligible is only the starting line.
Plenty of teams read "HIPAA-eligible" and assume the compliance work is done. It is not. Eligibility means AWS will support the service under a legal agreement. Compliance is what you build on top. Here is how to do it properly on Bedrock.
Eligible vs compliant: the distinction that matters
AWS updated its HIPAA Eligible Services Reference on February 10, 2026, and the list now includes Amazon Bedrock and Amazon Bedrock AgentCore. That is a real milestone for healthcare teams that want managed models instead of self-hosting.
But HIPAA-eligible only means AWS supports using that service with PHI under a Business Associate Agreement. It does not, by itself, make your workload compliant. You are responsible for configuring, monitoring, and operating the agent in line with the HIPAA Security and Privacy Rules. AWS secures the platform; you secure how you use it. That shared-responsibility line is where most audits are won or lost.
Building an AI agent that will touch patient data?
Get a free audit of your Bedrock setup. We check your BAA scope, Guardrails, encryption, and logging against the HIPAA Security Rule before you go live. No pitch, reply in 2 hrs, no card needed, NDA on request.
Get a free auditStep 1: Sign the BAA and scope the blast radius
Before a single token of PHI flows, your organization must have an in-force BAA with AWS. Then scope tightly:
- Process PHI only in AWS accounts and regions covered by your BAA.
- Isolate the PHI workload in its own account or VPC, away from general workloads.
- Lock down access with identity-based policies, least privilege, and no shared admin keys.
This is the same discipline we apply across every AI on AWS Bedrock engagement: contain where PHI can travel before you worry about the model.
Step 2: Put Guardrails between the model and the data
Amazon Bedrock Guardrails is your control layer. For a PHI workload, configure it to:
- Detect and redact PII and PHI in both prompts and responses, so sensitive fields never leak into a log or an answer that should not contain them.
- Filter harmful or out-of-scope content. AWS reports Guardrails can block a large share of harmful content and, with Automated Reasoning checks, validate responses with high accuracy to reduce hallucinations.
- Constrain the agent to approved topics, so it declines questions outside its clinical or administrative remit.
Guardrails matters most for agents because an agent does not just answer, it acts. You want a hard boundary on what it can read, say, and trigger.
Takeaways
- Bedrock and Bedrock AgentCore are HIPAA-eligible as of February 10, 2026.
- No PHI before a signed BAA. Eligibility is permission, not compliance.
- Use Guardrails to redact PII/PHI and constrain the agent in and out.
- Bedrock does not train on your data; add encryption, scoped accounts, and audit logs to make it defensible.
Step 3: Lean on what Bedrock gives you, then add the rest
Bedrock helps you out of the box: it does not store your prompts or use your data to train its models, and it encrypts data in transit and at rest. That removes a whole category of risk that self-hosted stacks carry. But you still owe the audit trail.
For a defensible healthcare build, add full request and response logging (with PHI redacted in the logs themselves), continuous monitoring, and a human-in-the-loop step for any high-stakes action. This is the architecture behind our HIPAA-compliant AI case study, where the agent assists staff but never acts unsupervised on clinical decisions.
Want a Bedrock agent that passes a HIPAA review?
Talk to a team that has shipped HIPAA-compliant AI on AWS for US healthcare. No pitch, reply in 2 hrs.
Book a free callStep 4: Choose the model and the pattern deliberately
Not every model or pattern fits a regulated workload. Keep the model inside Bedrock so it stays inside your BAA scope; do not route PHI to an external API that is not covered. If you are weighing managed Bedrock against calling a model API directly, our Bedrock vs OpenAI API comparison walks through the trade-offs on cost, speed, and control, with compliance as the deciding factor for health data.
For the broader program, from intake bots to claims triage, our AI for healthcare practice and our production AI agent development team handle the evals, audit logs, and human oversight that a HIPAA workload demands.
FAQ
Is AWS Bedrock HIPAA-compliant?
Bedrock is HIPAA-eligible as of February 10, 2026, which means AWS supports using it with PHI under a BAA. Compliance is your responsibility: you must sign the BAA and configure, monitor, and operate the workload in line with the HIPAA Security and Privacy Rules.
Do I need a BAA to use Bedrock with PHI?
Yes. You must have an in-force Business Associate Agreement with AWS before processing any PHI, and you should restrict PHI to accounts and regions covered by that BAA.
How does Bedrock protect PHI in AI agent prompts?
Use Bedrock Guardrails to detect and redact PII and PHI in prompts and responses, filter content, and constrain the agent to approved topics. Bedrock also does not store your prompts or train on your data, and encrypts data in transit and at rest.
Can an AI agent make clinical decisions under HIPAA?
Compliance is about data handling, not autonomy, but the safe pattern keeps a human in the loop for any high-stakes action. Let the agent assist and surface information; keep a person accountable for the decision.
HIPAA-eligible Bedrock removes the infrastructure excuse for not building healthcare AI. The work now is doing it right: the BAA, the Guardrails, the scoping, and the logs. Get those four correct and your agent is an asset, not a liability.
Founder and CEO of Braincuber. Has scoped and shipped 500+ Odoo, AI, and cloud projects for US mid-market and global brands. Takes every founder call personally — no SDR layer between buyers and the people building the system.