Compliance with regulatory standards and cybersecurity frameworks such as HIPAA /HITECH, SOC 2, GRPR, and PCI DSS are joint effort between cloud providers and your organization. It is a constant process of review, monitoring, and maintaining security standards. Public cloud providers such as Amazon Web Services (AWS) typically provide a Business Associates Agreement (BAA) that dictates specific security standards managed by the provider or required by your organization. These agreements outline cloud service configuration and layout technical and physical safeguards.
It is the responsibility of your organization to properly configure your cloud environment, create organizational policies, and develop applications that meet relevant compliance standards.