The AI-Powered Health Data Masking guidance helps healthcare organizations identify and mask health data in images or text. This guidance uses Amazon Comprehend Medical to detect health data in a body of text, Amazon Rekognition to identify text in an image, Amazon API Gateway and AWS Lambda to provide an API interface for this functionality, and AWS Identity and Access Management (IAM) to authorize API requests.
This guidance was designed as part of a set of mitigating controls in your environment, and does not guarantee alignment to any regulatory framework. It is your responsibility to ensure that the outputs generated by this guidance comply with any legal requirements applicable to your organization.
The diagram below presents the architecture you can build using the example code on GitHub.
AI-Powered Health Data Masking architecture
The AWS CloudFormation template deploys an Amazon API Gateway to invoke the microservices (AWS Lambda functions). The microservices provide the business logic to manage preprocessing configuration and logic, and identifying and masking health data. The microservices interact with Amazon Rekognition to identify text in an uploaded medical image, and the Amazon Comprehend Medical protected health information data extraction and identification (PHId) API to identify health data in text.
Additionally, the template deploys an Amazon Simple Storage Service (Amazon S3) bucket for storing raw and masked images, AWS CloudTrail to log API actions, and AWS CloudWatch Logs to log errors within the AWS Lambda functions. By default, log files are encrypted over HTTPS.
Health data masking
Browse our library of AWS Solutions to get answers to common architectural problems.
Find AWS Partners to help you get started.
Find prescriptive architectural diagrams, sample code, and technical content for common use cases.