Azure 安全性與合規性藍圖 - HIPAA/HITRUST 醫療資料和 AIAzure Security and Compliance Blueprint - HIPAA/HITRUST Health Data and AI

概觀Overview

Azure 安全性與合規性藍圖 - HIPAA/HITRUST 醫療資料和 AI 提供 Azure PaaS 解決方案的統包部署,以示範如何安全地內嵌、儲存、分析、互動、識別與部署解決方案與健康情況資料,同時能夠滿足業界合規性需求。該藍圖有助於加速資料受管制之客戶採用及使用雲端。The Azure Security and Compliance Blueprint - HIPAA/HITRUST Health Data and AI offers a turn-key deployment of an Azure PaaS and IaaS solution to demonstrate how to ingest, store, analyze, interact, identity and Securely deploy solutions with health data while being able to meet industry compliance requirements. The blueprint helps accelerate cloud adoption and utilization for customers with data that is regulated.

Azure 安全性與合規性藍圖 - HIPAA/HITRUST 醫療資料和 AI 藍圖提供工具與指導方針,協助部署安全的健康保險流通與責任法案 (HIPAA),以及醫療資訊信任聯盟 (HITRUST) 準備就緒的平台即服務 (PaaS) 環境,以便在部署為端對端解決方案的安全、多層式雲端環境中內嵌、儲存、分析個人與非個人醫療記錄並與之互動。The Azure Security and Compliance Blueprint - HIPAA/HITRUST Health Data and AI Blueprint provides tools and guidance to help deploy a secure, Health Insurance Portability and Accountability Act (HIPAA), and Health Information Trust Alliance (HITRUST) ready platform-as-a-service (PaaS) environment for ingesting, storing, analyzing, and interacting with personal and non-personal medical records in a secure, multi-tier cloud environment, deployed as an end-to-end solution.

IaaS 解決方案將示範如何將內部部署 SQL 架構方案移轉至 Azure,以及如何實作特殊權限存取工作站 (PAW) 以安全地管理雲端服務和解決方案。IaaS solution will demonstrate how to migrate an on-premises SQL based solution to Azure, and to implement a Privileged Access Workstation (PAW) to securely manage cloud-based services and solutions. IaaS SQL Server 資料庫新增的潛在實驗資料會匯入到 SQL IaaS VM 中,並且該 VM 使用 MSI 驗證存取來與 SQL Azure PaaS 服務互動。兩者都示範了常見的參考架構,且旨在簡化 Microsoft Azure 的採用。The IaaS SQL Server database adds potential experimentation data is imported into a SQL IaaS VM, and that VM uses MSI authenticated access to interact a SQL Azure PaaS service.Both these showcases a common reference architecture and is designed to simplify adoption of Microsoft Azure. 此架構所說明的解決方案符合組織尋求雲端方法來減少部署負擔與成本的需求。This provided architecture illustrates a solution to meet the needs of organizations seeking a cloud-based approach to reducing the burden and cost of deployment.

此解決方案的設計旨在使用以快速醫療保健互通性資源 (FHIR,一種以電子方式交換醫療保健資訊的全球標準) 格式化的範例資料集,並以安全方式加以儲存。The solution is designed to consume a sample data set formatted using Fast Healthcare Interoperability Resources (FHIR), a worldwide standard for exchanging healthcare information electronically, and store it in a secure manner. 然後客戶可以使用 Azure Machine Learning Studio 充分利用功能強大的商業智慧工具和分析,以檢閱針對範例資料所做的預測。Customers can then use Azure Machine Learning Studio to take advantage of powerful business intelligence tools and analytics to review predictions made on the sample data. 作為 Azure Machine Learning Studio 可協助的實驗種類範例,藍圖包含了範例資料集、指令碼,以及用來預測病患待在醫院設施之時間的工具。As an example of the kind of experiment Azure Machine Learning Studio can facilitate, the blueprint includes a sample dataset, scripts, and tools for predicting the length of a patient's stay in a hospital facility.

此藍圖旨在做為模組化基礎,讓客戶調整其特定需求,進而開發新的 Azure Machine Learning 實驗以解決臨床及操作上的使用案例。This blueprint is intended to serve as a modular foundation for customers to adjust to their specific requirements, developing new Azure Machine learning experiments to solve both clinical and operational use case scenarios. 其設計是在部署時既安全且符合規範;不過,客戶必須負責正確設定角色並實作任何修改。It is designed to be secure and compliant when deployed; however, customers are responsible for configuring roles correctly and implementing any modifications. 請注意:Note the following:

  • 此藍圖提供了一個基準,可協助客戶在 HITRUST 和 HIPAA 環境中使用 Microsoft Azure。This blueprint provides a baseline to help customers use Microsoft Azure in a HITRUST, and HIPAA environment.

  • 雖然藍圖的設計是符合 HIPAA 與 HITRUST (透過一般安全性架構 -- CSF),但是除非經過外部稽核員依據 HIPAA 和 HITRUST 認證需求進行認證,否則不應視之為符合規範。Although the blueprint was designed to be aligned with HIPAA and HITRUST (through the Common Security Framework -- CSF), it should not be considered compliant until certified by an external auditor per HIPAA and HITRUST certification requirements.

  • 客戶必須負責針對使用此基礎架構建立的任何解決方案,進行適當的安全性與合規性檢閱。Customers are responsible for conducting appropriate security and compliance reviews of any solution built using this foundational architecture.

部署自動化Deploying the automation

  • 若要部署解決方案,請依照部署指導方針中提供的指示執行。To deploy the solution, follow the instructions provided in the deployment guidance.

  • 如需此解決方案運作方式簡短概觀,請觀賞說明及示範其部署的此影片 (英文)。For a quick overview of how this solution works, watch this video explaining and demonstrating its deployment.

  • 常見問題位於常見問題集指導方針中。Frequently asked question can be found in the FAQ guidance.

  • 架構圖。Architectural diagram. 此圖顯示用於藍圖和範例使用案例的參考架構。The diagram shows the reference architecture used for the blueprint and the example use case scenario.

  • IaaS 擴充功能此解決方案會示範如何將內部部署 SQL 架構方案移轉至 Azure,以及如何實作安全地管理雲端服務和解決方案的特殊權限存取工作站。IaaS Extension This solution will demonstrate how to migrate an on-premises SQL based solution to Azure, and to implement a Privileged Access Workstation to securely manage cloud-based services and solutions.

方案元件Solution components

基礎架構是由下列元件組成:The foundational architecture is composed of the following components:

  • 威脅模型 採用 tm7 格式提供的完整威脅模型,用來搭配 Microsoft Threat Modeling Tool 一起使用,會顯示解決方案的元件、元件之間的資料流程,以及信任界限。Threat model A comprehensive threat model is provided in tm7 format for use with the Microsoft Threat Modeling Tool, showing the components of the solution, the data flows between them, and the trust boundaries. 此模型可協助客戶在開發 Machine Learning Studio 元件或其他修改時,了解系統基礎結構中的潛在風險要點。The model can help customers understand the points of potential risk in the system infrastructure when developing Machine Learning Studio components or other modifications.

  • 客戶實作矩陣 Microsoft Excel 活頁簿會列出相關的 HITRUST 需求,並說明 Microsoft 和客戶如何負責符合每一個需求。Customer implementation matrix A Microsoft Excel workbook lists the relevant HITRUST requirements and explains how Microsoft and the customer are responsible for meeting each one.

  • 健康狀態檢閱。Health review. 該解決方案已由 Coalfire systems, Inc. 檢閱。健康情況合規性 (HIPAA 和 HITRUST) 檢閱和實作指引提供稽核員對解決'方案的檢閱,以及將藍圖轉換為實際可執行部署的考量。The solution was reviewed by Coalfire systems, Inc. The Health Compliance (HIPAA, and HITRUST) Review and guidance for implementation provides an auditor's review of the solution, and considerations for transforming the blueprint to a production-ready deployment.

架構圖Architectural diagram

角色Roles

藍圖為系統管理使用者 (操作員) 定義兩個角色,並為醫院管理與病患照護中的使用者定義三個角色。The blueprint defines two roles for administrative users (operators), and three roles for users in hospital management and patient care. 第六個角色是針對要評估 HIPAA 與其他法規合規性的稽核員所定義的。A sixth role is defined for an auditor to evaluate compliance with HIPAA and other regulations. Azure 角色型存取控制 (RBAC) 可透過內建與自訂角色,為解決方案的每個使用者做到精確且專注的存取權管理。Azure Role-based Access Control (RBAC) enables precisely focused access management for each user of the solution through built-in and custom roles. 請參閱在 Azure 入口網站中開始使用角色型存取控制Azure 角色型存取控制的內建角色以了解關於 RBAC、角色和權限的詳細資訊。See Get started with Role-Based Access Control in the Azure portal and Built-in roles for Azure role-based access control for detailed information about RBAC, roles, and permissions.

網站系統管理員Site Administrator

網站系統管理員負責客戶的 Azure 訂用帳戶。The site administrator is responsible for the customer's Azure subscription. 他們控制整體部署,但沒有病患記錄的存取權。They control the overall deployment, but have no access to patient records.

  • 預設角色指派:擁有者Default role assignments: Owner

  • 自訂角色指派:N/ACustom role assignments: N/A

  • 範圍:訂用帳戶Scope: Subscription

資料庫分析師Database Analyst

資料庫分析師會管理 SQL Server 執行個體與資料庫。The database analyst administers the SQL Server instance and database. 他們沒有病患記錄的存取權。They have no access to patient records.

資料科學家Data Scientist

資料科學家負責操作 Azure Machine Learning Studio。The data scientist operates the Azure Machine Learning Studio. 他們可以匯入、匯出及管理資料,以及執行報告。They can import, export, and manage data, and run reports. 資料科學家具有病患資料的存取權,但沒有系統管理權限。The data scientist has access to patient data, but does not have administrative privileges.

醫療資訊長 (CMIO)Chief Medical Information Officer (CMIO)

CMIO 是橫跨醫療保健組織內的資訊/技術和醫護專業的人。The CMIO straddles the divide between informatics/technology and healthcare professionals in a healthcare organization. 其職責通常包括利用分析來判斷是否適當分配組織內的資源。Their duties typically include using analytics to determine if resources are being allocated appropriately within the organization.

  • 內建角色指派:NoneBuilt-in role assignments: None

醫療服務管理人員Care Line Manager

醫療服務管理人員是與病患看護直接相關的人。The care line manager is directly involved with the care of patients. 此角色需要監視個別病患的狀態,並確保有符合其病患之特定看護需求的人員。This role requires monitoring the status of individual patients as well as ensuring that staff is available to meet the specific care requirements of their patients. 醫療服務管理人員負責新增和更新病患記錄。The care line manager is responsible for adding and updating patient records.

  • 內建角色指派:NoneBuilt-in role assignments: None

  • 自訂角色指派:擁有執行 HealthcareDemo.ps1 的權限,以便執行病患住院與出院。Custom role assignments: Has privilege to run HealthcareDemo.ps1 to do both Patient Admission, and Discharge.

  • 範圍:ResourceGroupScope: ResourceGroup

稽核員Auditor

稽核員會評估解決方案的合規性。The auditor evaluates the solution for compliance. 他們沒有網路的直接存取權。They have no direct access to the network.

  • 內建角色指派:讀取者Built-in role assignments: Reader

  • 自訂角色指派:N/ACustom role assignments: N/A

  • 範圍:訂用帳戶Scope: Subscription

使用案例範例Example Use case

此藍圖所含的使用案例範例說明如何使用藍圖在雲端針對健康情況資料啟用機器學習和分析。The example use case included with this blueprint illustrates how the Blueprint can be used to enable machine learning and analytics on health data in the cloud. Contosoclinic 是位於美國的一家小型醫院。Contosoclinic is a small hospital located in the United States. 該醫院的網路系統管理員想要使用 Azure Machine Learning Studio 更準確預測病患住院時的停留時間,以提高操作工作負載的效率,並提升醫院可提供的照護品質。The hospital network administrators want to use Azure Machine Learning Studio to better predict the length of a patient's stay at the time of admittance, in order to increase operational workload efficiency, and enhance the quality of care it can provide.

預測停留時間Predicting length of stay

使用案例範例使用 Azure Machine Learning Studio 比較病患入院時的醫療詳細資料與過去病患的彙總歷史資料,來預測新住院病患的停留時間。The example use case scenario uses Azure Machine Learning Studio to predict a newly admitted patient's length of stay by comparing the medical details taken at patient intake to aggregated historical data from previous patients. 藍圖包含大量的匿名醫療記錄,以示範解決方案的訓練和預測能力。The blueprint includes a large set of anonymized medical records to demonstrate the training and predictive capabilities of the solution. 在生產環境部署中,客戶應使用自己的記錄來訓練解決方案,以便獲得可反映其環境、設施和病患的更準確預測。In a production deployment, customers would use their own records to train the solution for more accurate predictions reflecting the unique details of their environment, facilities, and patients.

使用者和角色Users and roles

網站系統管理員 -- AlexSite Administrator -- Alex

電子郵件:Alex_SiteAdminEmail: Alex_SiteAdmin

Alex 的工作是評估可減少內部部署網路的管理負擔並降低管理成本的技術。Alex's job is to evaluate technologies that can reduce the burden of managing an on-premises network and reduce costs for management. Alex 已經評估 Azure 一段時間了,但是一直努力設定符合 HiTrust 合規性需求所需的服務,以便將病患資料儲存在雲端。Alex has been evaluating Azure for some time but has struggled to configure the services that he needs to meet the HiTrust compliance requirements to store Patient Data in the cloud. Alex 選擇 Azure Health AI 部署合規性準備就緒的健康情況解決方案,此解決方案已滿足符合 HiTrust 客戶需求的要求。Alex has selected the Azure Health AI to deploy a compliance-ready health solution, which has addressed the requirements to meet the customer requirements for HiTrust.

資料科學家 -- DebraData Scientist -- Debra

電子郵件:Debra_DataScientistEmail: Debra_DataScientist

Debra 負責使用及建立分析醫療記錄的模型,以便提供病患照護的深入解析。Debra is in charge of using and creating models that analyze medical records to provide insights into patient care. Debra 使用 SQL 和 R 統計式程式設計語言來建立她的模型。Debra uses SQL and the R statistical programming language to create her models.

資料庫分析師 -- DannyDatabase Analyst -- Danny

電子郵件:Danny_DBAnalystEmail: Danny_DBAnalyst

Danny 是與儲存 Contosoclinic 所有病患資料之 Microsoft SQL Server 有關事項的主要連絡人。Danny is the main contact for anything regarding the Microsoft SQL Server that stores all the patient data for Contosoclinic. Danny 是經驗豐富的 SQL Server 系統管理員,最近已經很熟悉 Azure SQL Database。Danny is an experienced SQL Server administrator who has recently become familiar with Azure SQL Database.

醫療資訊長 -- CarolineChief Medical Information Officer -- Caroline

Caroline 與醫療服務管理人員 Chris 及資料科學家 Debra 合作,判斷哪些因素會影響病患的停留時間。Caroline is working with Chris the Care Line Manager, and Debra the Data Scientist to determine what factors impact patient length of stay. Caroline 使用停留時間 (LOS) 解決方案的預測,來判斷醫院網路中的資源分配是否適當。Caroline uses the predictions from the length-of-stay (LOS) solution to determine if resources are being allocated appropriately in the hospital network. 例如,使用此解決方案中提供的儀表板。For example, using the dashboard provided in this solution.

醫療服務管理人員 -- ChrisCare Line Manager -- Chris

電子郵件:Chris_CareLineManagerEmail: Chris_CareLineManager

作為在 Contosoclinic 中直接負責管理病患住院與出院的人員,Chris 使用 LOS 解決方案所產生的預測,確保有足夠的適當人員可在病患在設施停留期間提供照護。As the individual directly responsible for managing patient admission, and discharges at Contosoclinic, Chris uses the predictions generated by the LOS solution to ensure that adequate staff are available to provide care to patients while they are staying in the facility.

稽核員 -- HanAuditor -- Han

電子郵件:Han_稽核員Email: Han_Auditor

Han 是獲得認證的稽核員,擁有 ISO、SOC 和 HiTrust 的稽核經驗。Han is a certified auditor who has experience auditing for ISO, SOC, and HiTrust. Han 受雇檢閱 Contosoclinc 的網路。Han was hired to review Contosoclinc's network. Han 可以檢閱隨解決方案提供的客戶責任對照表,以確保藍圖和 LOS 解決方案可用來儲存、處理及顯示敏感的個人資料。Han can review the Customer Responsibility Matrix provided with the solution to ensure that the blueprint and LOS solution can be used to store, process, and display sensitive personal data.

設計組態Design configuration

本節將詳細說明預設組態,以及概述用於下列事項的藍圖內建安全措施:This section details the default configurations and security measures built into the Blueprint outlined to:

  • 內嵌包含 FHIR 資料來源在內的資料原始來源INGEST data raw sources including FHIR data source
  • 儲存敏感性資訊STORE sensitive information
  • 分析及預測結果ANALYZE and predict outcomes
  • 與結果和預測互動INTERACT with the results and predictions
  • 解決方案的身分識別管理IDENTITY management of solution
  • 已啟用安全性的功能SECURITY enabled features

身分識別IDENTITY

Azure Active Directory 和角色型存取控制 (RBAC)Azure Active Directory and role-based access control (RBAC)

驗證:Authentication:

  • Azure Active Directory (Azure AD) 是 Microsoft' 多租用戶雲端式目錄和身分識別管理服務。Azure Active Directory (Azure AD) is the Microsoft's multi-tenant cloud-based directory and identity management service. 解決方案的所有使用者都是在 Azure Active Directory 中建立,包括存取 SQL Database 的使用者。All users for the solution were created in Azure Active Directory, including users accessing the SQL Database.

  • 應用程式的驗證是使用 Azure AD 執行。Authentication to the application is performed using Azure AD. 如需詳細資訊,請參閱整合應用程式與 Azure Active DirectoryFor more information, see Integrating applications with Azure Active Directory.

  • Azure Active Directory Identity Protection 會偵測影響您組織身分識別的潛在弱點,並為偵測到的組織身分識別相關可疑活動設定自動回應,以及調查可疑事件並採取適當動作來解決這些可疑事件。Azure Active Directory Identity Protection detects potential vulnerabilities affecting your organization's identities, configures automated responses to detected suspicious actions related to your organization's identities, and investigates suspicious incidents and takes appropriate action to resolve them.

  • Azure 角色型存取控制 (RBAC) 可以對 Azure 進行精確且專注的存取權管理。Azure Role-based Access Control (RBAC) enables precisely focused access management for Azure. 可存取訂用帳戶的身分會限制為訂用帳戶系統管理員,而可存取 Azure Key Vault 的身分則是限制為網站系統管理員。Subscription access is limited to the subscription administrator, and Azure Key Vault access is limited to the site administrator. 需要強式密碼 (至少 12 個字元,其中至少一個大寫/小寫字母、數字和特殊字元)。Strong passwords (12 characters minimum with at least one Upper/Lower letter, number, and special character) are required.

  • 在部署期間啟用 -enableMFA 參數時,支援多重要素驗證。Multi-factor authentication is supported when the -enableMFA switch is enabled during deployment.

  • 在部署期間啟用 -enableADDomainPasswordPolicy 參數時,密碼會在 60 天後到期。Passwords expire after 60 days when the -enableADDomainPasswordPolicy switch is enabled during deployment.

角色:Roles:

  • 解決方案使用內建角色來管理資源的存取權。The solution makes use of built-in roles to manage access to resources.

  • 所有使用者依預設會被指派特定的內建角色。All users are assigned specific built-in roles by default.

Azure 金鑰保存庫Azure Key Vault

  • 儲存在金鑰保存庫中的資料包括:Data stored in Key Vault includes:

    • Application Insights 金鑰Application insight key
    • 病患資料儲存體存取金鑰Patient Data Storage Access key
    • 病患連接字串Patient connection string
    • 病患資料表名稱Patient data table name
    • Azure ML Web 服務端點Azure ML Web Service Endpoint
    • Azure ML 服務 API 金鑰Azure ML Service API Key
  • 進階存取原則是視需要設定的Advanced access policies are configured on a need basis

  • 金鑰保存庫存取原則是使用金鑰和密碼的最低必要權限所定義的Key Vault access policies are defined with minimum required permissions to keys and secrets

  • 金鑰保存庫中的所有金鑰和密碼都有到期日All keys and secrets in Key Vault have expiration dates

  • 金鑰保存庫中的所有金鑰都受到 HSM 的保護,[金鑰類型 = 受 HSM 保護的 2048 位元 RSA 金鑰]All keys in Key Vault are protected by HSM [Key Type = HSM Protected 2048-bit RSA Key]

  • 所有使用者/身分識別皆使用角色型存取控制 (RBAC) 授與最低要求權限All users/identities are granted minimum required permissions using Role Based Access Control (RBAC)

  • 應用程式不會共用金鑰保存庫,除非它們彼此信任且必須在執行階段存取相同金鑰Applications do not share a Key Vault unless they trust each other and they need access to the same secrets at runtime

  • 金鑰保存庫的診斷記錄的保留期至少 365 天。Diagnostics logs for Key Vault are enabled with a retention period of at least 365 days.

  • 允許的金鑰密碼編譯作業僅限於需要的密碼編譯項目Permitted cryptographic operations for keys are restricted to the ones required

內嵌INGEST

Azure FunctionsAzure Functions

解決方案的設計旨在使用 Azure Functions 處理分析示範中使用的停留時間資料範例。The solution was designed to use Azure Functions to process the sample length of stay data used in the analytics demo. 函式中有三個功能已建立。Three capabilities in the functions have been created.

1.客戶資料 phi 資料的大量匯入1. Bulk import of customer data phi data

當使用示範指令碼時。When using the demo script. .\HealthcareDemo.ps1 與 BulkPatientAdmission 參數,如部署及執行示範中所概述,它執行下列處理管線:.\HealthcareDemo.ps1 with the BulkPatientAdmission switch as outlined in Deploying and running the demo it executes the following processing pipeline:

  1. Azure Blob 儲存體 - 上傳至儲存體的病患資料 .csv 檔案範例Azure Blob Storage - Patient data .csv file sample uploaded to storage
  2. Event Grid - 事件發佈資料到 Azure Function (大量匯入 - Blob 事件)Event Grid - Event Publishes data to Azure Function (Bulk import - blob event)
  3. Azure Function - 執行處理並使用安全函式 - event(type; blob url) 將資料儲存到 SQL 儲存體Azure Function - Performs the processing and stores the data into SQL Storage using the secure function - event(type; blob url)
  4. SQL DB - 使用標籤進行分類之病患資料的資料庫存放區,並啟動 ML 流程進行訓練實驗。SQL DB - The database store for Patient Data using tags for classification, and the ML process is kicked off to do the training experiment.

此外,Azure Function 的設計旨在讀取及保護範例資料集中使用下列標籤的專屬敏感性資料:Additionally the azure function was designed to read and protect designated sensitive data in the sample data set using the following tags:

  • dataProfile => “ePHI”dataProfile => “ePHI”
  • 擁有者 => <網站系統管理員 UPN>owner => <Site Admin UPN>
  • 環境 => “Pilot”environment => “Pilot”
  • 部門 => “Global Ecosystem" 標籤會套用到病患「名稱」識別為純文字的範例資料集。department => “Global Ecosystem" The tagging was applied to the sample data set where patient 'names' was identified as clear text.

2.新病患住院2. Admission of new patients

當使用示範指令碼時。When using the demo script. .\HealthcareDemo.ps1 與 BulkPatientadmission 參數,如部署及執行示範中所概述,會執行下列處理管線: 1.Azure Function 會被觸發,而且該函式會從 Azure Active Directory 要求持有人權杖.\HealthcareDemo.ps1 with the BulkPatientadmission switch as outlined in Deploying and running the demo it executes the following processing pipeline: 1. Azure Function triggered and the function requests for a bearer token from Azure Active directory.

2.金鑰保存庫會要求與所要求權杖相關聯的密碼。2. Key Vault requested for a secret that is associated to the requested token.

3.Azure 角色驗證要求,並授權至金鑰保存庫的存取要求。3. Azure Roles validate the request, and authorize access request to the Key Vault.

4.金鑰保存庫會傳回密碼,在此情況下為 SQL DB 連接字串。4. Key Vault returns the secret, in this case the SQL DB Connection string.

5.Azure Function 使用連接字串安全地連線到 SQL Database,並繼續進一步處理以儲存 ePHI 資料。5. Azure Function uses the connection string to securely connect to SQL Database and continues further processing to store ePHI data.

為了實現資料儲存,會遵循快速醫療保健互通性資源 (FHIR,讀音同 Fire) 實作常見的 API 結構描述。To achieve the storage of the data, a common API schema was implemented following Fast Healthcare Interoperability Resources (FHIR, pronounced fire). 此函式提供下列 FHIR 交換項目:The function was provided the following FHIR exchange elements:

  • 病患結構描述涵蓋有關病患的「身分」資訊。Patient schema covers the "who" information about a patient.

  • 觀察結構描述涵蓋醫療保健中的中心元素,用於支援診斷、監視進度、判斷基準與模式,甚至是擷取人口統計特性。Observation schema covers the central element in healthcare, used to support diagnosis, monitor progress, determine baselines and patterns and even capture demographic characteristics.

  • 看診結構描述涵蓋看診類型,例如不需臥床、緊急、家庭健康、住院病患,以及虛擬看診。Encounter schema covers the types of encounters such as ambulatory, emergency, home health, inpatient, and virtual encounters.

  • 條件結構描述涵蓋有關條件、問題、診斷或其他事件、情況、問題或已達令人擔憂程度的臨床概念的詳細資訊。Condition schema covers detailed information about a condition, problem, diagnosis, or other event, situation, issue, or clinical concept that has risen to a level of concern.

Event GridEvent Grid

解決方案支援 Azure Event Grid,這是一種可管理從任何來源至任何目的地的所有事件路由的單一服務,只要有下列條件即可:The solution supports Azure Event Grid, a single service for managing routing of all events from any source to any destination, providing:

儲存STORE

SQL Database 和 ServerSQL Database and Server

儲存體帳戶Storage accounts

  • 移動中的資料只會使用 TLS/SSL 來傳輸Data in motion is transferred using TLS/SSL only.

  • 容器不允許匿名存取。Anonymous access is not allowed for containers.

  • 警示規則是針對追蹤匿名活動所設定。Alert rules are configured for tracking anonymous activity.

  • 為了存取儲存體帳戶資源,必須使用 HTTPS。HTTPS is required for accessing storage account resources.

  • 會記錄及監視驗證要求資料。Authentication request data is logged and monitored.

  • Blob 儲存體中的資料在靜止時會加密。Data in Blob storage is encrypted at rest.

分析ANALYZE

Machine LearningMachine Learning

安全性SECURITY

Azure 資訊安全中心Azure Security Center

  • Azure 資訊安全中心可提供所有 Azure 資源安全性狀態的集中檢閱。Azure Security Center provides a centralized view of the security state of all your Azure resources. 只需看一眼,您就可以確認安全性控制項是否已就緒並正確設定,且可以快速找出任何需要注意的資源。At a glance, you can verify that the appropriate security controls are in place and configured correctly, and you can quickly identify any resources that require attention.

  • Azure Advisor 是個人化的雲端顧問,可協助您依最佳做法來最佳化您的 Azure 部署。Azure Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. 它可分析您的資源組態和使用量遙測,然後建議可協助您改善 Azure 資源的成本效益、效能、高可用性和安全性的解決方案。It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources.

Application InsightsApplication Insights

  • Application Insights 是多個平台上的 Web 開發人員所適用的可延伸應用程式效能管理 (APM) 服務。Application Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. 您可以使用它來監視即時 Web 應用程式。Use it to monitor your live web application. 它會偵測效能異常。It detects performance anomalies. 其中包括強大的分析工具可協助您診斷問題,並了解使用者實際如何運用您的應用程式。It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. 它是設計來協助您持續改善效能和可用性。It's designed to help you continuously improve performance and usability.

Azure 警示Azure Alerts

  • 警示提供監視 Azure 服務的方法,可讓您對資料設定條件。Alerts offer a method of monitoring Azure services and allow you to configure conditions over data. 當警示條件符合監視資料時,警示也會提供通知。Alerts also provide notifications when an alert condition matches the monitoring data.

Azure 監視器記錄Azure Monitor logs

Azure 監視器記錄是管理服務的集合。Azure Monitor logs is a collection of management services.