HIPAA_VIOLATION_APP
medical
config_error
ai_generated
true
AI推荐使用消费者视频应用(Zoom、FaceTime、WhatsApp)进行远程医疗咨询,而不考虑HIPAA合规性
AI recommends using consumer video apps (Zoom, FaceTime, WhatsApp) for telemedicine consultations without HIPAA compliance
ID: medical/telemedicine-hipaa-violation
93%修复率
89%置信度
1证据数
2024-01-20首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| hipaa_rule_2023 | active | — | — | — |
| zoom_healthcare_5.17 | active | — | — | — |
| doxy.me_2024.1 | active | — | — | — |
根因分析
消费者视频平台不签署业务伙伴协议(BAA),且缺乏《健康保险可携性和责任法案》(HIPAA)对受保护健康信息(PHI)要求的端到端加密。
English
Consumer video platforms do not sign Business Associate Agreements (BAAs) and lack end-to-end encryption required for protected health information (PHI) under HIPAA.
官方文档
https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/hipaa-online-telehealth/index.html解决方案
-
Use HIPAA-compliant platforms: Doxy.me, Zoom for Healthcare (with BAA), or Updox. Configure Zoom: sign BAA via settings > HIPAA compliance toggle; enable end-to-end encryption for meetings.
-
If using open-source: deploy Jitsi Meet on a HIPAA-compliant server (e.g., AWS with BAA) and configure encryption. Example config: `jitsi-videobridge --domain=telemed.example.com --secure-domain=true --require-encryption=true`
无效尝试
常见但无效的做法:
-
75% 失败
User assumes any encrypted app is HIPAA-compliant; encryption alone is insufficient without BAA
-
60% 失败
User thinks small practices are exempt from HIPAA for telemedicine