I'm going to implement client/server application - 1 server - [0-N] clients.
In order to organize communication between clients and server I plan to use Amazon SQS or something like that.
Right now I have a two questions:
Is Amazon SQS HIPAA compliant ?
How to organise multi tenancy support based on Amazon SQS queues ?
The data between clients must not be shared. Each client can only deal with a data that was sent only for this client.
Is it possible to implement on the single Amazon SQS queue or I need to create a separate queue for each client ?
Regarding HIPAA and SQS: While your BAA with AWS probably does not allow you to use SQS for PHI, it probably does allow you to use S3 (but don't take my word for it, look in your BAA to be sure).
If this is the case, then you can put your message payload (PHI) in an (encrypted) S3 file and send an SQS message that references the S3 key. When you handle the SQS message, you go grab the file from S3 and process it, deleting the message and/or the file as appropriate.
There is even an "extended" SQS client that you may be able to use that handles this magic for you.
Another option is to enable and configure Event Notifications on your S3 bucket such that a message is queued for each file uploaded to the bucket. In other words, the file is uploaded and the message is sent as a side-effect. Then, when you process the message you get a handle to the S3 file. By keeping your PHI in S3, you avoid the BAA restrictions on SQS.