PHIã®æå·åãã¢ã¯ã»ã¹å¶åŸ¡ãããç£æ»ãã°ãHIPAAèŠä»¶ãæºãã䟵害察å¿ã·ã¹ãã ãŸã§ãå»çã°ã¬ãŒãã®ã»ãã¥ãªãã£ã€ã³ãã©ã¹ãã©ã¯ãã£ãèšèšããŸãã
æçµæŽæ°

HIPAAæºæ ã®å»çã€ã³ãã©ã¹ãã©ã¯ãã£ã®ãšã³ãããŒãšã³ãéçºãšå®è£

ã客æ§ã®ã·ã¹ãã ã§ä¿è·å»çæ å ±ãæµãããã¹ãŠã®æ¥ç¹ããããã³ã°ããä¿åæããã³è»¢éæã®ãšã³ãããŒãšã³ãæå·åãå®è£ ããŸãã

å€èŠçŽ èªèšŒãåããããŒã«ããŒã¹ã®ã¢ã¯ã»ã¹å¶åŸ¡ã·ã¹ãã ãæ§ç¯ããèš±å¯ãããæ åœè ã®ã¿ãPHIã«ã¢ã¯ã»ã¹ã§ããããã«ããŸãã

PHIãžã®ãã¹ãŠã®ã¢ã¯ã»ã¹ã远跡ããç°åžžãæ€åºããããã®å æ¬çãªç£æ»ãã°ããªã¢ã«ã¿ã€ã ç£èŠãããã³ã¢ã©ãŒãã·ã¹ãã ãå®è£ ããŸãã

Business Associate Agreementã®è¿œè·¡ããªã¹ã¯è©äŸ¡ãã³ã³ãã©ã€ã¢ã³ã¹ææžåã¯ãŒã¯ãããŒãèªååããŸãã
ã¢ããªã±ãŒã·ã§ã³ã®ããããã¬ã€ã€ãŒã«å»çã°ã¬ãŒãã®ã»ãã¥ãªãã£ãèšèš
é»åä¿è·å»çæ å ±ãåãæ±ãå»çã¢ããªã±ãŒã·ã§ã³åãã®HIPAAæºæ ã¢ãŒããã¯ãã£ãèšèšããŸã
BAAé©çšç¯å²ã®ããHIPAA驿 ŒãµãŒãã¹ã®ã¿ã䜿çšããŠãAWSãAzureãGCPç°å¢ãèšå®ããŸã
æå·åãèªèšŒãç£æ»èšŒè·¡ãåããFHIRæºæ ã®APIãšHL7çµ±åãæ§ç¯ããŸã
èªååããããªã¹ã¯è©äŸ¡ãããªã·ãŒã¬ãã¥ãŒãããã³ã³ã³ãã©ã€ã¢ã³ã¹ã¬ããŒãããã·ã¥ããŒããéçºããŸã
NISTããã³OCRã®ã¬ã€ãã³ã¹ã«æ²¿ã£ã培åºçãªHIPAAã»ãã¥ãªãã£ãªã¹ã¯è©äŸ¡ã宿œããŸã
HIPAAã®ã¿ã€ã ã©ã€ã³ã«æºæ ããèªå䟵害æ€åºãéç¥ãããã³å¯Ÿå¿ã·ã¹ãã ãæ§ç¯ããŸã
åœç€Ÿãå®è£ ã»èšå®ããå»çãã©ãããã©ãŒã ããã³ã»ãã¥ãªãã£ããŒã«
AWS HIPAA, Azure Health, GCP Healthcare API
Epic, Cerner, Allscripts, FHIR APIs
Okta, Azure AD, AWS Cognito
AWS KMS, Azure Key Vault, HashiCorp Vault
Splunk, Datadog, AWS CloudTrail
Vanta, Drata, Compliancy Group
HIPAAæºæ ã·ã¹ãã æ§ç¯ã®ããã®å»çã°ã¬ãŒãã®ããŒã«
HIPAAæºæ ã®å»çã·ã¹ãã ãæ§ç¯ããããã®äœç³»çãªã¢ãããŒã
PHIãåŠçãããã¹ãŠã®ã·ã¹ãã ãç¹å®ããããŒã¿ãããŒããããã³ã°ããOCRèŠä»¶ã«æ²¿ã£ã培åºçãªHIPAAã»ãã¥ãªãã£ãªã¹ã¯è©äŸ¡ã宿œããŸãã
HIPAAæºæ ã®ã·ã¹ãã ã¢ãŒããã¯ãã£ãèšèšããå æ¬çãªç®¡çãç©ççãããã³æè¡çä¿è·ããªã·ãŒãéçºããŸãã
PHIãåãæ±ããã¹ãŠã®ã·ã¹ãã ã«ãæå·åãã¢ã¯ã»ã¹å¶åŸ¡ãç£æ»ãã°ãããã³ç£èŠã·ã¹ãã ãå®è£ ããŸãã
Business Associate Agreementã確ç«ãããã³ããŒãªã¹ã¯ç®¡çã¯ãŒã¯ãããŒãå®è£ ãã第äžè ã³ã³ãã©ã€ã¢ã³ã¹è¿œè·¡ãèšå®ããŸãã
ãã¹ãŠã®HIPAAã»ãã¥ãªãã£èŠåèŠä»¶ã«å¯ŸããŠããããã¬ãŒã·ã§ã³ãã¹ããè匱æ§è©äŸ¡ãããã³å¶åŸ¡æ€èšŒã宿œããŸãã
ç¶ç¶çãªç£èŠãèªååããããªã¹ã¯è©äŸ¡ãåŸæ¥å¡ãã¬ãŒãã³ã°ããã°ã©ã ãããã³å¹Žæ¬¡ã³ã³ãã©ã€ã¢ã³ã¹ã¬ãã¥ãŒãèšå®ããŸãã
å»çããã³ã©ã€ããµã€ãšã³ã¹çµç¹åãã®HIPAAæºæ ã·ã¹ãã ã®æ§ç¯
HIPAAã³ã³ãµã«ãã£ã³ã°ã®è²»çšã¯ãçµç¹ã®èŠæš¡ãšPHIã®åãæ±ãã®ç¯å²ã«ãã£ãŠç°ãªããŸãããªã¹ã¯ã¢ã»ã¹ã¡ã³ãã¯$5,000ããå§ãŸããŸããå®å šãªHIPAAã³ã³ãã©ã€ã¢ã³ã¹ã®å®è£ ã¯ãå¿ èŠãªæè¡çå¶åŸ¡ã«å¿ããŠã$15,000ãã$60,000以äžã«ãªããŸãã
HIPAAãªã¹ã¯è©äŸ¡ã«ã¯3ã4é±éããããŸããããªã·ãŒãæè¡çä¿è·çãããã³ã¹ã¿ããã®ãã¬ãŒãã³ã°ãå«ãå®å šãªæºæ ã®å®æœã«ã¯3ã6ã¶æããããŸããç¶ç¶çãªæºæ ã«ã¯ã幎次ãªã¹ã¯è©äŸ¡ãšç¶ç¶çãªç£èŠãå¿ èŠã§ãã
ããããªãããå¯Ÿè±¡äºæ¥è ãïŒå»çæäŸè ãå¥åº·ä¿éºçµåãæ å ±åŠçæ©é¢ïŒã§ããããPHIãæ±ããäºæ¥ææºè ãã§ããå ŽåãHIPAAã³ã³ãã©ã€ã¢ã³ã¹ãå¿ èŠã§ããå¥åº·ããŒã¿ãåŠçããã¢ããªãéçºããŠããHealth-techç³»ã¹ã¿ãŒãã¢ããã¯ãéåžžãHIPAAã³ã³ãã©ã€ã¢ã³ã¹ãå¿ èŠã§ãã
BAAã¯ãå¯Ÿè±¡äºæ¥äœãšããžãã¹ã¢ãœã·ãšã€ããšã®éã®å¥çŽã§ãããPHIã®èš±å®¹ãããäœ¿çšæ¹æ³ãä¿è·èŠä»¶ãããã³äŸµå®³éç¥æç¶ããå®ãããã®ã§ããç§ãã¡ã¯ã貎瀟ã®ãã¹ãŠã®ãã³ããŒé¢ä¿ã«ãããBAAã®äœæãšã¬ãã¥ãŒãæ¯æŽããŸãã
ã¯ããåœç€Ÿã¯ãæå·åãã¢ã¯ã»ã¹å¶åŸ¡ãç£æ»ãã°ãããã¯ã¢ããæé ãããã³ã»ãã¥ã¢ãªéä¿¡ãã£ãã«ãå®è£ ããŠããŸãããŸããHIPAAã®æè¡çä¿è·æªçœ®ã®èŠä»¶ãæºããããã«ãã¯ã©ãŠãã€ã³ãã©ã¹ãã©ã¯ãã£ïŒAWS, Azure, GCPïŒãæ§æããŠããŸãã
HIPAAç£æ»ã§ã¯ãã客æ§ã®ãªã¹ã¯ã¢ã»ã¹ã¡ã³ããããªã·ãŒãæè¡çãªå®å šå¯Ÿçããã¬ãŒãã³ã°èšé²ãããã³ã€ã³ã·ãã³ãå¯Ÿå¿æé ã確èªãããŸããç§ãã¡ã¯ãã¹ãŠã®ææžãæºåããæš¡æ¬ç£æ»ã宿œããããã»ã¹ãéããŠããŒã ãã¬ã€ãããŸãã
ã客æ§ã®ã¢ããªã±ãŒã·ã§ã³ãå¿ èŠãšããå»çã°ã¬ãŒãã®ã»ãã¥ãªãã£ãèšèšãããŠãã ãããç¡æã®HIPAAãªã¹ã¯è©äŸ¡ãšæç¢ºãªå®è£ ããŒããããããæäŸããŸãã