# AI推荐使用消费者视频应用（Zoom、FaceTime、WhatsApp）进行远程医疗咨询，而不考虑HIPAA合规性

- **ID:** `medical/telemedicine-hipaa-violation`
- **领域:** medical
- **类别:** config_error
- **错误码:** `HIPAA_VIOLATION_APP`
- **验证级别:** ai_generated
- **修复率:** 93%

## 根因

消费者视频平台不签署业务伙伴协议（BAA），且缺乏《健康保险可携性和责任法案》（HIPAA）对受保护健康信息（PHI）要求的端到端加密。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| hipaa_rule_2023 | active | — | — |
| zoom_healthcare_5.17 | active | — | — |
| doxy.me_2024.1 | active | — | — |

## 解决方案

1. ```
   Use HIPAA-compliant platforms: Doxy.me, Zoom for Healthcare (with BAA), or Updox. Configure Zoom: sign BAA via settings > HIPAA compliance toggle; enable end-to-end encryption for meetings.
   ```
2. ```
   If using open-source: deploy Jitsi Meet on a HIPAA-compliant server (e.g., AWS with BAA) and configure encryption. Example config: `jitsi-videobridge --domain=telemed.example.com --secure-domain=true --require-encryption=true`
   ```

## 无效尝试

- **** — User assumes any encrypted app is HIPAA-compliant; encryption alone is insufficient without BAA (75% 失败率)
- **** — User thinks small practices are exempt from HIPAA for telemedicine (60% 失败率)