您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure 安全性和符合性蓝图 - HIPAA/HITRUST 健康数据和 AIAzure Security and Compliance Blueprint - HIPAA/HITRUST Health Data and AI

概述Overview

Azure 安全性与合规性蓝图 - HIPAA/HITRUST 健康数据和 AI 提供了包含 Azure PaaS 解决方案和 IaaS 解决方案在内的一整套部署,用于演示如何在遵循行业符合性要求的情况下,引入、存储、分析、识别健康数据并与之交互以及安全部署解决方案。对于其数据受到监管的客户来说,本蓝图有助于他们加速采用和利用云。The Azure Security and Compliance Blueprint - HIPAA/HITRUST Health Data and AI offers a turn-key deployment of an Azure PaaS and IaaS solution to demonstrate how to ingest, store, analyze, interact, identity and Securely deploy solutions with health data while being able to meet industry compliance requirements. The blueprint helps accelerate cloud adoption and utilization for customers with data that is regulated.

Azure 安全性和符合性蓝图 - HIPAA/HITRUST 健康数据和 AI 蓝图提供的工具和指南有助于部署安全且符合美国健康保险流通与责任法案 (HIPAA) 和健康信息信托联盟 (HITRUST) 规定的平台即服务 (PaaS) 环境,以便在安全的已部署为端到端解决方案的多层云环境中引入、存储、分析个人与非个人医疗记录并与之交互。The Azure Security and Compliance Blueprint - HIPAA/HITRUST Health Data and AI Blueprint provides tools and guidance to help deploy a secure, Health Insurance Portability and Accountability Act (HIPAA), and Health Information Trust Alliance (HITRUST) ready platform-as-a-service (PaaS) environment for ingesting, storing, analyzing, and interacting with personal and non-personal medical records in a secure, multi-tier cloud environment, deployed as an end-to-end solution.

IaaS 解决方案演示如何将本地基于 SQL 的解决方案迁移到 Azure,以及如何实现特权访问工作站 (PAW) 以安全地管理基于云的服务和解决方案。IaaS solution will demonstrate how to migrate an on-premises SQL based solution to Azure, and to implement a Privileged Access Workstation (PAW) to securely manage cloud-based services and solutions. IaaS SQL Server 数据库将潜在的试验数据添加到 SQL IaaS VM 中,并且该 VM 使用经过 MSI 身份验证的访问权限来与 SQL Azure PaaS 服务交互。这些示例都展示了一个通用的参考体系结构,旨在简化对 Microsoft Azure 的采用。The IaaS SQL Server database adds potential experimentation data is imported into a SQL IaaS VM, and that VM uses MSI authenticated access to interact a SQL Azure PaaS service.Both these showcases a common reference architecture and is designed to simplify adoption of Microsoft Azure. 这个规定的体系结构演示了一个解决方案,寻求通过基于云的方法减轻部署负担和成本的组织可以利用此解决方案解决其需求。This provided architecture illustrates a solution to meet the needs of organizations seeking a cloud-based approach to reducing the burden and cost of deployment.

根据设计,此解决方案可以使用一个示例数据集并以安全的方式对其进行存储。该数据集已采用快速医疗保健互操作性资源 (FHIR) 进行格式化,而此格式是一种世界性的标准,用于通过电子方式交换医疗保健信息。The solution is designed to consume a sample data set formatted using Fast Healthcare Interoperability Resources (FHIR), a worldwide standard for exchanging healthcare information electronically, and store it in a secure manner. 然后,客户就可以通过 Azure 机器学习工作室来利用强大的商业智能工具和分析,审核根据示例数据做出的预测。Customers can then use Azure Machine Learning Studio to take advantage of powerful business intelligence tools and analytics to review predictions made on the sample data. Azure 机器学习工作室可以促进特定类型的试验,例如,本蓝图包括的示例数据集、脚本和工具可以用来预测病人的住院时间。As an example of the kind of experiment Azure Machine Learning Studio can facilitate, the blueprint includes a sample dataset, scripts, and tools for predicting the length of a patient's stay in a hospital facility.

本蓝图旨在充当一个模块化的基础,方便客户按照特定的要求进行调整,开发新的 Azure 机器学习试验来解决临床和操作用例方案的问题。This blueprint is intended to serve as a modular foundation for customers to adjust to their specific requirements, developing new Azure Machine learning experiments to solve both clinical and operational use case scenarios. 根据设计,它在部署后是安全且合规的;但是,客户有责任正确配置角色并实施修改。It is designed to be secure and compliant when deployed; however, customers are responsible for configuring roles correctly and implementing any modifications. 注意以下事项:Note the following:

  • 本蓝图提供了一个基线,有助于客户在 HITRUST 和 HIPAA 环境中使用 Microsoft Azure。This blueprint provides a baseline to help customers use Microsoft Azure in a HITRUST, and HIPAA environment.

  • 虽然本蓝图按设计是符合 HIPAA 和 HITRUST 标准的(使用通用安全框架 -- CSF),但必须由外部审核员根据 HIPAA 和 HITRUST 认证要求进行认证之后,才能认为它是合规的。Although the blueprint was designed to be aligned with HIPAA and HITRUST (through the Common Security Framework -- CSF), it should not be considered compliant until certified by an external auditor per HIPAA and HITRUST certification requirements.

  • 客户有责任对任何使用此基础体系结构生成的解决方案进行适当的安全性和符合性审核。Customers are responsible for conducting appropriate security and compliance reviews of any solution built using this foundational architecture.

部署自动化Deploying the automation

  • 若要部署此解决方案,请遵循部署指南中提供的说明。To deploy the solution, follow the instructions provided in the deployment guidance.

  • 有关本解决方案工作原理的简要概述,请观看此视频,其中解释并演示了其部署。For a quick overview of how this solution works, watch this video explaining and demonstrating its deployment.

  • 常见问题可参阅常见问题解答指南。Frequently asked question can be found in the FAQ guidance.

  • 体系结构图。Architectural diagram. 此图显示了用于蓝图和示例用例方案的引用体系结构。The diagram shows the reference architecture used for the blueprint and the example use case scenario.

  • IaaS 扩展此解决方案将演示如何将本地基于 SQL 解决方案迁移到 Azure,以及如何实现特权访问工作站安全地管理基于云的服务和解决方案。IaaS Extension This solution will demonstrate how to migrate an on-premises SQL based solution to Azure, and to implement a Privileged Access Workstation to securely manage cloud-based services and solutions.

解决方案组件Solution components

基础体系结构由以下组件构成:The foundational architecture is composed of the following components:

  • 威胁模型 :以 tm7 格式提供的综合性威胁模型适用于 Microsoft Threat Modeling Tool,可以显示解决方案的组件、组件之间的数据流,以及信任边界。Threat model A comprehensive threat model is provided in tm7 format for use with the Microsoft Threat Modeling Tool, showing the components of the solution, the data flows between them, and the trust boundaries. 此模型有助于客户了解在开发机器学习工作室组件或其他修改项时系统基础结构中存在的潜在风险点。The model can help customers understand the points of potential risk in the system infrastructure when developing Machine Learning Studio components or other modifications.

  • 客户实现矩阵 :一种 Microsoft Excel 工作簿,其中列出了相关的 HITRUST 要求,并说明了 Microsoft 和客户的相互责任。Customer implementation matrix A Microsoft Excel workbook lists the relevant HITRUST requirements and explains how Microsoft and the customer are responsible for meeting each one.

  • 健康审核Health review. 此解决方案已由 Coalfire systems, Inc. 审核。有关健康符合性(HIPAA 和 HITRUST)实施方面的审核和指南提供了审核员对此解决方案的审核意见,以及在将蓝图转换为生产就绪型部署过程中的注意事项。The solution was reviewed by Coalfire systems, Inc. The Health Compliance (HIPAA, and HITRUST) Review and guidance for implementation provides an auditor's review of the solution, and considerations for transforming the blueprint to a production-ready deployment.

体系结构图Architectural diagram

角色Roles

此蓝图为管理用户(操作员)定义了两个角色,为负责医院管理和病人护理的用户定义了三个角色。The blueprint defines two roles for administrative users (operators), and three roles for users in hospital management and patient care. 定义的第六个角色是针对负责评估 HIPAA 和其他法规遵循情况的审核员的。A sixth role is defined for an auditor to evaluate compliance with HIPAA and other regulations. 有了 Azure 基于角色的访问控制 (RBAC),就可以通过内置的自定义角色对解决方案的每个用户进行访问管理,既准确又有针对性。Azure Role-based Access Control (RBAC) enables precisely focused access management for each user of the solution through built-in and custom roles. 请参阅 Azure 门户中基于角色的访问控制入门用于 Azure 基于角色的访问控制的内置角色,对 RBAC、角色和权限进行详细了解。See Get started with Role-Based Access Control in the Azure portal and Built-in roles for Azure role-based access control for detailed information about RBAC, roles, and permissions.

站点管理员Site Administrator

站点管理员负责客户的 Azure 订阅。The site administrator is responsible for the customer's Azure subscription. 他们控制总体部署,但无权访问病人记录。They control the overall deployment, but have no access to patient records.

  • 默认角色分配:所有者Default role assignments: Owner

  • 自定义角色分配:不适用Custom role assignments: N/A

  • 范围:订阅Scope: Subscription

数据库分析师Database Analyst

数据库分析师管理 SQL Server 实例和数据库。The database analyst administers the SQL Server instance and database. 他们无权访问病人记录。They have no access to patient records.

数据科学家Data Scientist

数据科学家操作 Azure 机器学习工作室。The data scientist operates the Azure Machine Learning Studio. 他们可以导入、导出和管理数据,并且可以运行报表。They can import, export, and manage data, and run reports. 数据科学家有权访问病人数据,但没有管理员权限。The data scientist has access to patient data, but does not have administrative privileges.

首席医疗信息官 (CMIO)Chief Medical Information Officer (CMIO)

CMIO 有效地解决了医疗保健机构中医疗保健专业人员不懂信息/技术的问题。The CMIO straddles the divide between informatics/technology and healthcare professionals in a healthcare organization. 其职责通常包括通过分析确定医疗机构中的资源是否分配得当。Their duties typically include using analytics to determine if resources are being allocated appropriately within the organization.

  • 内置角色分配:无Built-in role assignments: None

医护管理员Care Line Manager

医护管理员直接负责照顾病人。The care line manager is directly involved with the care of patients. 此角色需要监测每个病人的状况,并确保护理人员能够满足病人的具体护理要求。This role requires monitoring the status of individual patients as well as ensuring that staff is available to meet the specific care requirements of their patients. 医护管理员负责添加和更新病人记录。The care line manager is responsible for adding and updating patient records.

  • 内置角色分配:无Built-in role assignments: None

  • 自定义角色分配:有权运行 HealthcareDemo.ps1,负责病人入院和出院事项。Custom role assignments: Has privilege to run HealthcareDemo.ps1 to do both Patient Admission, and Discharge.

  • 范围:resourceGroupScope: ResourceGroup

审核员Auditor

审核员评估解决方案的符合性。The auditor evaluates the solution for compliance. 他们不能直接访问网络。They have no direct access to the network.

  • 内置角色分配:读取者Built-in role assignments: Reader

  • 自定义角色分配:不适用Custom role assignments: N/A

  • 范围:订阅Scope: Subscription

示例用例Example Use case

本蓝图随附的示例用例演示了如何使用蓝图对云中的健康数据启用机器学习和分析操作。The example use case included with this blueprint illustrates how the Blueprint can be used to enable machine learning and analytics on health data in the cloud. Contosoclinic 是美国的一家小医院。Contosoclinic is a small hospital located in the United States. 医院网络管理员希望使用 Azure 机器学习工作室,在病人入院时更好地预测其住院时间,以便提高操作性工作负荷效率,改进所能提供的护理的质量。The hospital network administrators want to use Azure Machine Learning Studio to better predict the length of a patient's stay at the time of admittance, in order to increase operational workload efficiency, and enhance the quality of care it can provide.

预测住院时间Predicting length of stay

示例用例方案使用 Azure 机器学习工作室将病人入住时获取的详细医疗信息与根据过往病人的情况聚合的历史数据进行比较,从而预测新入院病人的住院时间。The example use case scenario uses Azure Machine Learning Studio to predict a newly admitted patient's length of stay by comparing the medical details taken at patient intake to aggregated historical data from previous patients. 蓝图包括大量的匿名医疗记录,用于演示解决方案的定型和预测功能。The blueprint includes a large set of anonymized medical records to demonstrate the training and predictive capabilities of the solution. 在生产部署中,客户会使用自己的记录给解决方案定型,以便进行更准确的预测,使预测结果能够反映客户的环境、设施和病人的具体详细情况。In a production deployment, customers would use their own records to train the solution for more accurate predictions reflecting the unique details of their environment, facilities, and patients.

用户和角色Users and roles

站点管理员 -- AlexSite Administrator -- Alex

电子邮件:Alex_SiteAdminEmail: Alex_SiteAdmin

Alex 的工作是对那些能够减轻本地网络管理负担并降低管理成本的技术进行评估。Alex's job is to evaluate technologies that can reduce the burden of managing an on-premises network and reduce costs for management. Alex 已经对 Azure 进行了一段时间的评估,但仍然在努力地根据 HiTrust 符合性要求配置所需的服务,以便将病人数据存储在云中。Alex has been evaluating Azure for some time but has struggled to configure the services that he needs to meet the HiTrust compliance requirements to store Patient Data in the cloud. Alex 选择了 Azure 健康 AI 来部署没有符合性问题的健康解决方案,满足客户在 HiTrust 方面的要求。Alex has selected the Azure Health AI to deploy a compliance-ready health solution, which has addressed the requirements to meet the customer requirements for HiTrust.

数据科学家 -- DebraData Scientist -- Debra

电子邮件:Debra_DataScientistEmail: Debra_DataScientist

Debra 负责创建和使用模型来分析医疗记录,以便深入了解病人护理。Debra is in charge of using and creating models that analyze medical records to provide insights into patient care. Debra 使用 SQL 和 R 统计编程语言来创建其模型。Debra uses SQL and the R statistical programming language to create her models.

数据库分析师 -- DannyDatabase Analyst -- Danny

电子邮件:Danny_DBAnalystEmail: Danny_DBAnalyst

有关 Microsoft SQL Server(用于存储 Contosoclinic 的所有病人数据)的事项,应主要联系 Danny。Danny is the main contact for anything regarding the Microsoft SQL Server that stores all the patient data for Contosoclinic. Danny 是一位有经验的 SQL Server 管理员,最近开始熟悉 Azure SQL 数据库工作。Danny is an experienced SQL Server administrator who has recently become familiar with Azure SQL Database.

首席医疗信息官 -- CarolineChief Medical Information Officer -- Caroline

Caroline 与医护管理员 Chris 以及数据科学家 Debra 一起合作,共同探讨影响病人住院时间的具体因素。Caroline is working with Chris the Care Line Manager, and Debra the Data Scientist to determine what factors impact patient length of stay. Caroline 使用住院时间 (LOS) 解决方案的预测来确定是否已在医院网络中正确分配资源。Caroline uses the predictions from the length-of-stay (LOS) solution to determine if resources are being allocated appropriately in the hospital network. 例如,使用此解决方案中提供的仪表板。For example, using the dashboard provided in this solution.

医护管理员 -- ChrisCare Line Manager -- Chris

电子邮件:Chris_CareLineManagerEmail: Chris_CareLineManager

作为直接在 Contosoclinic 负责管理病人入院和出院的人员,Chris 使用 LOS 解决方案生成的预测来确保安排足够的人员为住院病人提供照护。As the individual directly responsible for managing patient admission, and discharges at Contosoclinic, Chris uses the predictions generated by the LOS solution to ensure that adequate staff are available to provide care to patients while they are staying in the facility.

审核员 -- HanAuditor -- Han

电子邮件:Han_AuditorEmail: Han_Auditor

Han 是获得认证的审核员,拥有 ISO、SOC 和 HiTrust 方面的审核经验。Han is a certified auditor who has experience auditing for ISO, SOC, and HiTrust. 雇佣 Han 是为了审核 Contosoclinc 的网络。Han was hired to review Contosoclinc's network. Han 可以审核解决方案随附的“客户责任矩阵”,确保蓝图和 LOS 解决方案可以用来存储、处理和显示敏感的个人数据。Han can review the Customer Responsibility Matrix provided with the solution to ensure that the blueprint and LOS solution can be used to store, process, and display sensitive personal data.

设计配置Design configuration

此部分详述内置到蓝图中的默认配置和安全措施,大致可用于:This section details the default configurations and security measures built into the Blueprint outlined to:

  • 引入原始数据源,包括 FHIR 数据源INGEST data raw sources including FHIR data source
  • 存储敏感信息STORE sensitive information
  • 分析和预测结果ANALYZE and predict outcomes
  • 与结果和预测交互INTERACT with the results and predictions
  • 解决方案的标识管理IDENTITY management of solution
  • 启用了安全性的功能SECURITY enabled features

标识IDENTITY

Azure Active Directory 和基于角色的访问控制 (RBAC)Azure Active Directory and role-based access control (RBAC)

身份验证:Authentication:

  • Azure Active Directory (Azure AD) 是 Microsoft '提供的多租户、基于云的目录和标识管理服务。Azure Active Directory (Azure AD) is the Microsoft's multi-tenant cloud-based directory and identity management service. 解决方案的所有用户(包括访问 SQL 数据库的用户)都在 Azure Active Directory 中创建。All users for the solution were created in Azure Active Directory, including users accessing the SQL Database.

  • 使用 Azure AD 对应用程序执行身份验证。Authentication to the application is performed using Azure AD. 有关详细信息,请参阅将应用程序与 Azure Active Directory 集成For more information, see Integrating applications with Azure Active Directory.

  • Azure Active Directory Identity Protection 可以检测会影响组织标识的潜在漏洞,配置自动化的措施来应对所检测到的与组织标识相关的可疑操作,调查可疑的事件,并采取相应的措施予以解决。Azure Active Directory Identity Protection detects potential vulnerabilities affecting your organization's identities, configures automated responses to detected suspicious actions related to your organization's identities, and investigates suspicious incidents and takes appropriate action to resolve them.

  • Azure 基于角色的访问控制 (RBAC) 可在 Azure 中实现极有针对性的访问管理。Azure Role-based Access Control (RBAC) enables precisely focused access management for Azure. 只有订阅管理员可以访问订阅,只有站点管理员可以访问 Azure Key Vault。Subscription access is limited to the subscription administrator, and Azure Key Vault access is limited to the site administrator. 要求使用强密码(至少 12 个字符,包括至少一个大/小写字母、一个数字和一个特殊字符)。Strong passwords (12 characters minimum with at least one Upper/Lower letter, number, and special character) are required.

  • 如果在部署过程中启用了 -enableMFA 开关,则支持多重身份验证。Multi-factor authentication is supported when the -enableMFA switch is enabled during deployment.

  • 如果在部署过程中启用了 -enableADDomainPasswordPolicy 开关,则密码会在 60 天后过期。Passwords expire after 60 days when the -enableADDomainPasswordPolicy switch is enabled during deployment.

角色:Roles:

  • 解决方案利用内置角色来管理对资源的访问。The solution makes use of built-in roles to manage access to resources.

  • 默认情况下,会向所有用户分配特定的内置角色。All users are assigned specific built-in roles by default.

Azure 密钥保管库Azure Key Vault

  • Key Vault 中存储的数据包括:Data stored in Key Vault includes:

    • Application Insights 密钥Application insight key
    • 病人数据存储访问密钥Patient Data Storage Access key
    • 病人连接字符串Patient connection string
    • 病人数据表名称Patient data table name
    • Azure ML Web 服务终结点Azure ML Web Service Endpoint
    • Azure ML 服务 API 密钥Azure ML Service API Key
  • 根据需要配置高级访问权限策略Advanced access policies are configured on a need basis

  • 在定义 Key Vault 访问策略时,尽量将访问密钥和机密的必需权限降至最低Key Vault access policies are defined with minimum required permissions to keys and secrets

  • Key Vault 中的所有密钥和机密都有过期日期All keys and secrets in Key Vault have expiration dates

  • Key Vault 中的所有密钥都受 HSM 保护 [密钥类型 = 受 HSM 保护的 2048 位 RSA 密钥]All keys in Key Vault are protected by HSM [Key Type = HSM Protected 2048-bit RSA Key]

  • 使用基于角色的访问控制 (RBAC) 向所有用户/标识授予了最低必需权限All users/identities are granted minimum required permissions using Role Based Access Control (RBAC)

  • 应用程序共享 Key Vault 的前提是彼此信任且需要在运行时访问相同的机密Applications do not share a Key Vault unless they trust each other and they need access to the same secrets at runtime

  • Key Vault 的诊断日志已启用,其保留期至少为 365 天。Diagnostics logs for Key Vault are enabled with a retention period of at least 365 days.

  • 对密钥进行允许的加密操作时,仅限必需的操作Permitted cryptographic operations for keys are restricted to the ones required

引入INGEST

Azure FunctionsAzure Functions

根据设计,解决方案会使用 Azure Functions 来处理在分析演示中使用的示例性的住院时间数据。The solution was designed to use Azure Functions to process the sample length of stay data used in the analytics demo. 在函数中创建了三种功能。Three capabilities in the functions have been created.

1.批量导入客户数据 phi 数据1. Bulk import of customer data phi data

根据When using the demo script. “部署和运行演示”中的概述,将演示脚本..\HealthcareDemo.ps1 与 BulkPatientAdmission 开关配合使用时,该脚本会执行以下处理管道:.\HealthcareDemo.ps1 with the BulkPatientAdmission switch as outlined in Deploying and running the demo it executes the following processing pipeline:

  1. Azure Blob 存储 - 病人数据 .csv 文件示例上传到存储Azure Blob Storage - Patient data .csv file sample uploaded to storage
  2. 事件网格 - 事件将数据发布到 Azure Function(批量导入 - Blob 事件)Event Grid - Event Publishes data to Azure Function (Bulk import - blob event)
  3. Azure Function - 进行处理后,将数据存储到 SQL 存储中,使用的是安全的函数 - event(type; blob url)Azure Function - Performs the processing and stores the data into SQL Storage using the secure function - event(type; blob url)
  4. SQL DB - 使用标记来分类,对病人数据进行数据库存储,并通过 ML 过程进行定型试验。SQL DB - The database store for Patient Data using tags for classification, and the ML process is kicked off to do the training experiment.

另外,根据设计,Azure Function 可以读取和保护示例数据集中使用以下标记的指定敏感数据:Additionally the azure function was designed to read and protect designated sensitive data in the sample data set using the following tags:

  • dataProfile => “ePHI”dataProfile => “ePHI”
  • owner => <站点管理员 UPN>owner => <Site Admin UPN>
  • environment => “Pilot”environment => “Pilot”
  • department => “Global Ecosystem" 此标记应用于其中的病人 'names' 确定为明文的示例数据集。department => “Global Ecosystem" The tagging was applied to the sample data set where patient 'names' was identified as clear text.

2.新病人入院2. Admission of new patients

根据When using the demo script. “部署和运行演示”中的概述,将演示脚本..\HealthcareDemo.ps1 与 BulkPatientadmission 开关配合使用时,该脚本会执行以下处理管道: 1.Azure Function 被触发,该函数从 Azure Active Directory 请求持有者令牌.\HealthcareDemo.ps1 with the BulkPatientadmission switch as outlined in Deploying and running the demo it executes the following processing pipeline: 1. Azure Function triggered and the function requests for a bearer token from Azure Active directory.

2.Key Vault 请求获取与请求的令牌关联的机密。2. Key Vault requested for a secret that is associated to the requested token.

3.Azure 角色验证请求,并授予对 Key Vault 的访问请求。3. Azure Roles validate the request, and authorize access request to the Key Vault.

4.Key Vault 返回机密。在此示例中,该机密为 SQL DB 连接字符串。4. Key Vault returns the secret, in this case the SQL DB Connection string.

5.Azure Function 使用连接字符串安全地连接到 SQL 数据库,然后继续进行操作,以便存储 ePHI 数据。5. Azure Function uses the connection string to securely connect to SQL Database and continues further processing to store ePHI data.

为了存储数据,已根据快速医疗保健互操作性资源(FHIR,发音同 fire)的规定实施常用的 API 架构。To achieve the storage of the data, a common API schema was implemented following Fast Healthcare Interoperability Resources (FHIR, pronounced fire). 为此函数提供了以下 FHIR 交换元素:The function was provided the following FHIR exchange elements:

  • 病人架构:涵盖病人的“个人”信息。Patient schema covers the "who" information about a patient.

  • 观察架构:涵盖医疗保健中的中心元素,用于支持诊断、监视进度、确定基线和模式,甚至用于捕获人口统计特征。Observation schema covers the central element in healthcare, used to support diagnosis, monitor progress, determine baselines and patterns and even capture demographic characteristics.

  • 就诊架构:涵盖各种就诊类型,例如流动就诊、紧急就诊、家庭护理式就诊、住院就诊,以及虚拟就诊。Encounter schema covers the types of encounters such as ambulatory, emergency, home health, inpatient, and virtual encounters.

  • 条件架构:涵盖各种详细信息,涉及到条件、问题、诊断,或者其他具有一定关注度的事件、情况、问题或临床概念。Condition schema covers detailed information about a condition, problem, diagnosis, or other event, situation, issue, or clinical concept that has risen to a level of concern.

事件网格Event Grid

此解决方案支持 Azure 事件网格,这是一项服务,用于管理所有事件从任意源到任意目标的路由,并且提供:The solution supports Azure Event Grid, a single service for managing routing of all events from any source to any destination, providing:

存储STORE

SQL 数据库和 SQL ServerSQL Database and Server

存储帐户Storage accounts

  • 动态数据只能使用 TLS/SSL 来传输Data in motion is transferred using TLS/SSL only.

  • 不允许对容器进行匿名访问。Anonymous access is not allowed for containers.

  • 配置警报规则是为了跟踪匿名活动。Alert rules are configured for tracking anonymous activity.

  • 必须使用 HTTPS 来访问存储帐户资源。HTTPS is required for accessing storage account resources.

  • 身份验证请求数据会进行记录,并且会受到监视。Authentication request data is logged and monitored.

  • Blob 存储中的数据会进行静态加密。Data in Blob storage is encrypted at rest.

分析ANALYZE

机器学习Machine Learning

安全性SECURITY

Azure 安全中心Azure Security Center

  • Azure 安全中心可集中查看所有 Azure 资源的安全状态。Azure Security Center provides a centralized view of the security state of all your Azure resources. 可立即确认相应的安全控制措施是否部署到位且配置正确,并且可以快速识别任何需要关注的资源。At a glance, you can verify that the appropriate security controls are in place and configured correctly, and you can quickly identify any resources that require attention.

  • Azure 顾问是个性化的云顾问程序,可帮助遵循最佳做法来优化 Azure 部署。Azure Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. 它可分析资源配置和遥测使用情况,并推荐解决方案,有助于提高 Azure 资源的经济效益、性能、高可用性和安全性。It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources.

Application InsightsApplication Insights

  • Application Insights 是多个平台上面向 Web 开发人员的可扩展应用程序性能管理 (APM) 服务。Application Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. 使用它可以监视实时 Web 应用程序。Use it to monitor your live web application. 它检测性能异常。It detects performance anomalies. 其中包含强大的分析工具来帮助诊断问题,了解用户在应用中实际执行了哪些操作。It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. Application Insights 有助于持续提高性能与可用性。It's designed to help you continuously improve performance and usability.

Azure 警报Azure Alerts

  • 警报种方法来监视 Azure 服务并允许您配置数据条件。Alerts offer a method of monitoring Azure services and allow you to configure conditions over data. 当警报条件与监视的数据匹配时,警报还会提供通知。Alerts also provide notifications when an alert condition matches the monitoring data.

Azure Monitor 日志Azure Monitor logs

Azure Monitor 日志是管理服务的集合。Azure Monitor logs is a collection of management services.