My expectation is that anything sending email would not be HIPAA compliant but I can’t find any mention one way or the other for quicksight.
If it is not HIPAA compliant, we would love to be able to disable this feature in our environment to limit the possibility of breaches give that quicksight is otherwise HIPAA compliant.
I do not claim to be an expert in HIPPA compliance but it makes sense if a PDF / CSV file with sensitive customer data is shared in an email as an attachment that attachment could be distributed to other people with no traceability. It is for this reason at the time of scheduling options to disable file attachment and only send recipients a download link, additionally even the preview within the email body can also be suppressed [see image]. The download link ensures only those with access and permission are able to access the generated file, and if the access is revoked they can no longer access files. Since the download event happens within the system this information is also logged as an event for audit purposes. Hope that helps!