- Newest
- Most votes
- Most comments
Hi Russel, you can find further information on Amazon Bedrock compliance validation in the user guide documentation.
In general the Security section of the user guide and also the security section of the FAQ are the recommended starting points for any clarification related to compliance.
To download security and compliance documents you can use AWS Artifact.
The practice of sterilizing PHI when using OpenAI is a safe minimum practice. According to their public documentation ChatGPT is not offering a BAA (assume PHI is used insecurely, likely to train the model in question). AWS will also sign a BAA with our covered-entity customers and AWS Bedrock is a HIPAA eligible service -- meaning, if configured and used appropriately it can be used in HIPAA-regulated solutions (or be part of a solution that is HIPAA-compliant). While Bedrock encrypts data it uses at-rest and in-transit, the whole of HIPAA-compliance is a bigger conversation, so the previous links should be read and understood fully.
As an aside, Amazon Q, Q Business, CodeWhisperer (Q Developer/Builder) should not be fed PHI -- these services are special implementations of the same models that Bedrock uses, but are not intended for medical record purposes.
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 5 months ago