Update nexus: fix conflicts and sync local changes
This commit is contained in:
Shen Wei
@@ -1,57 +1,57 @@
|
||||
---
|
||||
title: "HIPAA"
|
||||
type: entity
|
||||
tags: [security, compliance, healthcare]
|
||||
date: 2025-03-02
|
||||
---
|
||||
|
||||
# HIPAA
|
||||
|
||||
**HIPAA**(Health Insurance Portability and Accountability Act)是美国 1996 年颁布的联邦法律,主要规范医疗健康信息的隐私和安全。
|
||||
|
||||
## Overview
|
||||
|
||||
HIPAA 是医疗行业云采用的关键合规门槛。主流云服务商通过 HIPAA 合规认证,使其能够服务医疗健康行业客户。
|
||||
|
||||
## Key Rules
|
||||
|
||||
### Privacy Rule(隐私规则)
|
||||
- 保护个人医疗信息(PHI / Protected Health Information)
|
||||
- 规定谁可以访问 PHI
|
||||
- 赋予患者访问和控制自己信息的权利
|
||||
|
||||
### Security Rule(安全规则)
|
||||
- **Administrative Safeguards**: 安全管理和流程
|
||||
- **Physical Safeguards**: 物理设施安全
|
||||
- **Technical Safeguards**: 技术保护措施
|
||||
|
||||
### Breach Notification Rule(违约通知规则)
|
||||
- 超过 500 人受影响必须在 60 天内通知
|
||||
- 向 HHS 和媒体通报
|
||||
|
||||
## Cloud Provider HIPAA Compliance
|
||||
|
||||
主流云服务商通过 HIPAA 合规,允许医疗客户在云中处理 PHI:
|
||||
|
||||
| Provider | HIPAA Compliance |
|
||||
|----------|-----------------|
|
||||
| **AWS** | BAA (Business Associate Agreement) 可用,HIPAA Eligible Services |
|
||||
| **Azure** | HIPAA BAA,覆盖大量 Azure 服务 |
|
||||
| **Google Cloud** | HIPAA BAA,支持 PHI 工作负载 |
|
||||
|
||||
## Relevance to Cloud Myths
|
||||
|
||||
HIPAA 认证是反驳"云不安全"误解的重要证据:
|
||||
- 云服务商支持 HIPAA 合规 = 可安全处理最敏感的医疗数据
|
||||
- 通过 HIPAA 认证的云环境在某些方面优于传统本地医疗系统
|
||||
|
||||
## Related Standards
|
||||
|
||||
- [[ISO-27001]] — 信息安全管理体系
|
||||
- [[GDPR]] — 欧盟数据保护条例(跨地区对比)
|
||||
- [[SOC-2]] — 通用安全控制报告
|
||||
- [[PHI]] — Protected Health Information
|
||||
|
||||
## Sources
|
||||
|
||||
- [[The Myths and Misconceptions About Cloud Computing (LinkedIn)|sources/the-myths-and-misconceptions-about-cloud-computing-linkedin]]
|
||||
---
|
||||
title: "HIPAA"
|
||||
type: entity
|
||||
tags: [security, compliance, healthcare]
|
||||
date: 2025-03-02
|
||||
---
|
||||
|
||||
# HIPAA
|
||||
|
||||
**HIPAA**(Health Insurance Portability and Accountability Act)是美国 1996 年颁布的联邦法律,主要规范医疗健康信息的隐私和安全。
|
||||
|
||||
## Overview
|
||||
|
||||
HIPAA 是医疗行业云采用的关键合规门槛。主流云服务商通过 HIPAA 合规认证,使其能够服务医疗健康行业客户。
|
||||
|
||||
## Key Rules
|
||||
|
||||
### Privacy Rule(隐私规则)
|
||||
- 保护个人医疗信息(PHI / Protected Health Information)
|
||||
- 规定谁可以访问 PHI
|
||||
- 赋予患者访问和控制自己信息的权利
|
||||
|
||||
### Security Rule(安全规则)
|
||||
- **Administrative Safeguards**: 安全管理和流程
|
||||
- **Physical Safeguards**: 物理设施安全
|
||||
- **Technical Safeguards**: 技术保护措施
|
||||
|
||||
### Breach Notification Rule(违约通知规则)
|
||||
- 超过 500 人受影响必须在 60 天内通知
|
||||
- 向 HHS 和媒体通报
|
||||
|
||||
## Cloud Provider HIPAA Compliance
|
||||
|
||||
主流云服务商通过 HIPAA 合规,允许医疗客户在云中处理 PHI:
|
||||
|
||||
| Provider | HIPAA Compliance |
|
||||
|----------|-----------------|
|
||||
| **AWS** | BAA (Business Associate Agreement) 可用,HIPAA Eligible Services |
|
||||
| **Azure** | HIPAA BAA,覆盖大量 Azure 服务 |
|
||||
| **Google Cloud** | HIPAA BAA,支持 PHI 工作负载 |
|
||||
|
||||
## Relevance to Cloud Myths
|
||||
|
||||
HIPAA 认证是反驳"云不安全"误解的重要证据:
|
||||
- 云服务商支持 HIPAA 合规 = 可安全处理最敏感的医疗数据
|
||||
- 通过 HIPAA 认证的云环境在某些方面优于传统本地医疗系统
|
||||
|
||||
## Related Standards
|
||||
|
||||
- [[ISO-27001]] — 信息安全管理体系
|
||||
- [[GDPR]] — 欧盟数据保护条例(跨地区对比)
|
||||
- [[SOC-2]] — 通用安全控制报告
|
||||
- [[PHI]] — Protected Health Information
|
||||
|
||||
## Sources
|
||||
|
||||
- [[The Myths and Misconceptions About Cloud Computing (LinkedIn)|sources/the-myths-and-misconceptions-about-cloud-computing-linkedin]]
|
||||
|
||||
Reference in New Issue
Block a user