Is there any documentation on how AWS Bedrock can be HIPAA eligible in more detail?

Question

I have found documentation that AWS that Bedrock has achieved HIPAA eligibility https://aws.amazon.com/about-aws/whats-new/2023/09/amazon-bedrock-generally-available/

Does that mean the instance of LLMs Bedrock is running and is within AWS walls and has been altered to make sure data that goes to the LLM doesn't get saved or shared to other customers?

Accepted Answer

Hi John

You're right in that data doesn't leave the AWS service or go back to the model vendor. [To quote the documentation](https://docs.aws.amazon.com/bedrock/latest/userguide/data-protection.html):

*"Each model provider has an escrow account that they upload their models to. The Amazon Bedrock inference account has permissions to call these models, but the escrow accounts themselves don't have outbound permissions to Amazon Bedrock accounts. Additionally, model providers don't have access to Amazon Bedrock logs or access to customer prompts and continuations."*

There is also [this resource for compliance validation](https://docs.aws.amazon.com/bedrock/latest/userguide/compliance-validation.html).

Hopefully this helps!

Is there any documentation on how AWS Bedrock can be HIPAA eligible in more detail?

관련 콘텐츠