A healthcare organization is using Amazon Bedrock to analyze medical images and generate radiology reports. They need to comply with HIPAA regulations and ensure patient data is not used for model training. Which configuration should they use?
Provisioned throughput ensures data is not used for training and meets compliance requirements.
Why this answer
Option B is correct because Provisioned Throughput with data isolation in Amazon Bedrock ensures that the customer's inference data (including patient medical images and reports) is not used for any model training or service improvement, and it provides a dedicated, isolated environment that meets HIPAA compliance requirements. This configuration guarantees that patient data remains within the customer's AWS account and is not shared with other customers or used to improve the base model.
Exam trap
The trap here is that candidates often assume fine-tuning (Option A) is the only way to customize models for healthcare, but they overlook that HIPAA prohibits using PHI for training, making Provisioned Throughput with data isolation the correct choice for compliant inference.
How to eliminate wrong answers
Option A is wrong because fine-tuning a model with a custom dataset would use patient data to train the model, which violates HIPAA requirements that patient data must not be used for model training. Option C is wrong because the on-demand model through Amazon Bedrock does not provide data isolation; inference data may be used for service improvement and model training, which is not HIPAA-compliant for protected health information. Option D is wrong because using a third-party model hosted outside of AWS would require the healthcare organization to manage HIPAA compliance independently, and it does not leverage AWS's HIPAA-eligible services or the data isolation guarantees provided by Bedrock's Provisioned Throughput.