hipaa-compliance-training
收藏魔搭社区2025-12-05 更新2025-11-03 收录
下载链接:
https://modelscope.cn/datasets/AI-ModelScope/hipaa-compliance-training
下载链接
链接失效反馈官方服务:
资源简介:
# HIPAA Compliance Training Dataset
## Dataset Description
The first comprehensive HIPAA compliance training dataset for LLM fine-tuning, covering the Security Rule, Privacy Rule, Breach Notification Rule, and implementation guidance from NIST and FDA.
### Dataset Summary
- **Total Examples**: 1,287 (1,029 train / 258 validation)
- **Source Documents**: 9 federal publications (~5.6 MB extracted content)
- **Format**: JSONL with chat-formatted messages
- **License**: CC0-1.0 (Public Domain)
- **Coverage**: Security Rule, Privacy Rule, Breach Notification, NIST implementation, FDA medical device guidance
### Why This Dataset?
Healthcare organizations need practical HIPAA compliance guidance, but most LLMs lack deep knowledge of:
- The distinction between **required** vs **addressable** implementation specifications
- **Covered entity** vs **business associate** obligations
- **Administrative**, **physical**, and **technical** safeguards
- **Breach notification** thresholds and procedures
- Practical implementation of **NIST SP 800-66** recommendations
This dataset fills that gap with 1,287 high-quality Q&A pairs derived from authoritative federal sources.
## Dataset Structure
### Data Fields
- `messages`: List of chat messages (system, user, assistant)
- `metadata`: Source attribution and HIPAA-specific classification
- `source`: Source document title
- `cfr_section`: CFR section number (e.g., §164.308) if applicable
- `safeguard_type`: administrative | physical | technical | unknown
- `implementation_spec`: required | addressable | both
- `entity_type`: covered_entity | business_associate | both
- `type`: Question type (cfr_section, safeguard, implementation, breach_notification, etc.)
- `nist_control`: NIST control ID (e.g., AC-1) if from SP 800-66
### Example
```json
{
"messages": [
{
"role": "system",
"content": "You are a HIPAA compliance expert with deep knowledge of the Security Rule, Privacy Rule, and Breach Notification Rule. You provide accurate, practical guidance on HIPAA requirements, implementation specifications, and compliance procedures. You cite specific CFR sections and distinguish between covered entity and business associate obligations."
},
{
"role": "user",
"content": "What's the difference between required and addressable implementation specifications?"
},
{
"role": "assistant",
"content": "According to HITECH Omnibus Final Rule (2013):\n\nUnder the HIPAA Security Rule, implementation specifications are either Required or Addressable. Required specifications must be implemented as written. Addressable specifications require a more flexible approach: covered entities and business associates must assess whether each addressable specification is a reasonable and appropriate safeguard in their environment. If reasonable and appropriate, they must implement the specification as written. If not, they must document why the specification is not reasonable and appropriate, and implement an equivalent alternative measure if reasonable and appropriate, or document why no alternative measure is reasonable and appropriate and accept the residual risk. This risk-based, scalable approach allows entities of different sizes and complexities to implement appropriate security measures."
}
],
"metadata": {
"source": "HITECH Omnibus Final Rule (2013)",
"implementation_spec": "both",
"safeguard_types": ["administrative", "physical", "technical"],
"type": "implementation"
}
}
```
## Source Documents
### Federal Register Preambles (5 documents)
These provide the **rationale and implementation guidance** behind HIPAA regulations:
1. **Security Rule Final Rule (2003)** - 344 KB
- Security standards rationale
- Administrative, physical, and technical safeguards
- Required vs addressable specifications
2. **Privacy Rule Final Rule (2000)** - 2.6 MB
- Privacy standards and uses/disclosures
- Individual rights (access, amendment, accounting)
- Minimum necessary standard
3. **Privacy Rule Modifications (2002)** - 672 KB
- Clarifications and corrections
- Business associate provisions
- De-identification standards
4. **HITECH Omnibus Final Rule (2013)** - 1.0 MB
- HITECH Act modifications
- Business associate direct liability
- Breach notification updates
- Enhanced enforcement
5. **Breach Notification Rule (2009)** - 228 KB
- Breach definition and risk assessment
- Notification requirements (HHS, individuals, media)
- 500+ individual threshold
### NIST Implementation Guidance (1 document)
6. **NIST SP 800-66 Rev. 2: Implementing the HIPAA Security Rule (2024)** - 497 KB
- Step-by-step implementation guidance
- Control mapping (NIST 800-53 → HIPAA)
- Risk analysis methodology
- Practical examples and recommendations
### FDA Medical Device Cybersecurity (2 documents)
7. **FDA Cybersecurity in Medical Devices: Quality System Considerations (2023)** - 211 KB
- Device security requirements
- Cybersecurity bill of materials (SBOM)
- Premarket submission requirements
8. **FDA Postmarket Management of Cybersecurity in Medical Devices (2016)** - 84 KB
- Vulnerability management
- Patching and updates
- Incident response for devices
### Documents Excluded (Extraction Failures)
The following 4 documents failed to extract properly and are not included:
- 45 CFR Part 160, 162, 164 (data format errors - extracted HTML navigation only)
- FDA Content of Premarket Submissions Draft Guidance (2022) (extraction failed - 71 bytes)
These will be added in v1.1 using alternative extraction methods.
## Q&A Generation Strategies
Examples were generated using 7 complementary strategies:
### 1. CFR Section-Based Q&A
Extract specific regulatory requirements by CFR section number.
**Example**: "What does §164.308(a)(1)(i) require?" → Security Management Process details
### 2. Safeguard-Based Q&A
Focus on administrative, physical, and technical safeguards.
**Example**: "What are the technical safeguards under HIPAA?" → Access control, audit controls, integrity, transmission security
### 3. Implementation Specification Q&A
Clarify required vs addressable distinctions.
**Example**: "How do I determine if an addressable specification must be implemented?" → Risk assessment process
### 4. Entity Type Q&A
Distinguish covered entity vs business associate obligations.
**Example**: "What are business associate obligations under HIPAA?" → Direct liability, security, privacy, breach notification
### 5. Breach Notification Q&A
Explain breach determination and notification procedures.
**Example**: "When must a HIPAA breach be reported to HHS?" → 60-day timeline, 500+ threshold, risk assessment
### 6. NIST Control Q&A
Map NIST 800-53 controls to HIPAA requirements (from SP 800-66).
**Example**: "How does NIST SP 800-66 recommend implementing control AC-2?" → Account management for HIPAA
### 7. Semantic Chunking
General content preservation with context.
**Example**: "What does [document] say about HIPAA compliance?" → Contextual excerpts
## Use Cases
### Healthcare Providers
- **Internal HIPAA chatbot**: Answer staff questions about compliance
- **Training assistant**: Onboard new employees on HIPAA requirements
- **Policy generation**: Draft security policies based on HIPAA guidance
### Health Tech Companies
- **Compliance review**: Check product features against HIPAA requirements
- **Risk assessment**: Identify gaps in HIPAA implementation
- **BAA review**: Understand business associate obligations
### Medical Device Manufacturers
- **Device security**: Implement FDA cybersecurity requirements
- **SBOM generation**: Create cybersecurity bills of materials
- **Vulnerability management**: Follow FDA postmarket guidance
### HIPAA Compliance Officers
- **Breach determination**: Assess if incidents require notification
- **Audit preparation**: Review requirements before assessments
- **Implementation planning**: Prioritize required vs addressable specs
### Legal & Consulting
- **Client advisory**: Provide accurate HIPAA interpretations
- **Incident response**: Guide breach notification decisions
- **Contract review**: Verify BAA compliance
## Dataset Statistics
```
Source Documents: 9 (5 preambles, 1 NIST, 2 FDA, 1 report)
Total Examples: 1,287
Training Examples: 1,029 (80%)
Validation Examples: 258 (20%)
Avg Example Length: ~400 tokens (estimated)
By Safeguard Type:
Administrative: 8 documents
Physical: 8 documents
Technical: 8 documents
Unknown: 3 documents
By Entity Type:
Both (CE & BA): 9 documents
Covered Entity: 2 documents
Breach-Related: 8 documents
By Implementation Spec:
Both (Required & Addressable): 5 documents
Required only: 6 documents
```
## Model Training
### Recommended Configuration
This dataset is designed for **LoRA fine-tuning** of 7B parameter models:
```yaml
base_model: mlx-community/Qwen2.5-Coder-7B-Instruct-4bit
lora_rank: 16
lora_alpha: 32
num_layers: 16
batch_size: 4
learning_rate: 1e-5
num_iterations: 500-1000
```
### Expected Training Time
- **7B model on M4 Max**: ~45-90 minutes (500-1000 iterations)
- **Memory required**: 15-20 GB
- **Tokens/sec**: 130-160
### Training Command
```bash
python -m mlx_lm lora \
--model mlx-community/Qwen2.5-Coder-7B-Instruct-4bit \
--train \
--data data/hipaa/training \
--iters 1000 \
--batch-size 4 \
--lora-layers 16 \
--adapter-path models/hipaa-expert-lora
```
## Quick Start
### Load Dataset
```python
import jsonlines
# Load training data
with jsonlines.open('train.jsonl') as reader:
train_data = list(reader)
print(f"Training examples: {len(train_data)}")
print(f"First example: {train_data[0]}")
```
### Filter by Metadata
```python
# Find all breach notification examples
breach_examples = [
ex for ex in train_data
if ex['metadata'].get('type') == 'breach_notification'
]
# Find technical safeguard examples
technical_examples = [
ex for ex in train_data
if 'technical' in ex['metadata'].get('safeguard_types', [])
]
# Find business associate-specific content
ba_examples = [
ex for ex in train_data
if ex['metadata'].get('entity_type') == 'business_associate'
]
```
## Limitations
### Coverage Gaps
1. **Missing CFR Regulations**: The actual 45 CFR Part 160, 162, 164 text failed to extract (data format errors). Dataset relies on preambles and guidance, which provide implementation context but not the bare regulatory text.
2. **Preamble-Heavy**: 5 of 9 documents are Federal Register preambles. These provide rationale and interpretation but may be verbose compared to concise regulatory text.
3. **No OCR Guidance**: HHS Office for Civil Rights FAQs and guidance documents are not included (would require web scraping).
4. **Limited Medical Device Coverage**: Only 2 FDA guidance documents vs comprehensive device security library.
5. **No State Law Extensions**: California CMIA, Massachusetts 201 CMR 17.00, etc. not included.
### Model Limitations
- **Not Legal Advice**: Outputs should not be considered legal advice
- **May Hallucinate**: Model may generate plausible but incorrect CFR sections
- **Context Window**: Limited to base model's context (typically 4K-8K tokens)
- **No Real-Time Updates**: Trained on documents up to 2024; regulations may change
### Recommended Mitigations
1. **RAG Integration**: Use with vector database of actual HIPAA regulations
2. **Citation Verification**: Always verify CFR sections in official sources
3. **Human Review**: Have compliance officers review model outputs
4. **Regular Updates**: Retrain annually as regulations evolve
## Roadmap
### v1.1 (Planned)
- **Re-extract CFR regulations** using alternative methods (PDF repair tools)
- **Add OCR guidance** via web scraping HHS.gov/hipaa
- **Expand FDA coverage** with additional medical device guidance
- Target: +500-1,000 examples
### v1.2 (Planned)
- **State-specific HIPAA extensions** (CA CMIA, MA 201 CMR 17.00, NY SHIELD Act)
- **CMS security standards**
- **FTC Health Breach Notification Rule**
- Target: +300-500 examples
### v2.0 (Future)
- **Full OCR guidance library** (200-400 FAQs)
- **Settlement agreement case studies**
- **Enforcement examples**
- **Synthetic scenario generation**
- Target: +1,000-2,000 examples
## Citation
If you use this dataset, please cite:
```bibtex
@dataset{hipaa_compliance_2025,
title={HIPAA Compliance Training Dataset},
author={Troy, Ethan Oliver},
year={2025},
publisher={HuggingFace},
note={Derived from federal HIPAA regulations and guidance (Public Domain)}
}
```
## License
**CC0-1.0** (Public Domain) - All source documents are U.S. Federal Government works not subject to copyright protection under 17 U.S.C. §105.
You are free to:
- Use commercially
- Modify and distribute
- Create derivative works
- No attribution required (though appreciated!)
## Acknowledgments
This dataset is built from publications by:
- **HHS Office for Civil Rights** (OCR) - HIPAA regulations and guidance
- **National Institute of Standards and Technology** (NIST) - SP 800-66 implementation guide
- **U.S. Food and Drug Administration** (FDA) - Medical device cybersecurity guidance
- **Federal Register** - Official regulatory preambles
## Contact
For questions, issues, or contributions:
- **GitHub**: https://github.com/ethanolivertroy/nist-tuned-model
- **HuggingFace**: https://huggingface.co/ethanolivertroy
- **Dataset Issues**: Open an issue on GitHub
## Version History
- **v1.0** (January 2025): Initial release
- 1,287 examples from 9 federal documents
- Coverage: Security Rule, Privacy Rule, Breach Notification, NIST SP 800-66, FDA guidance
- Known limitation: CFR regulations failed to extract (data format errors)
---
**Last Updated**: January 2025
# 健康保险流通与责任法案(Health Insurance Portability and Accountability Act,HIPAA)合规训练数据集
## 数据集概述
本数据集为首个面向大语言模型(Large Language Model,LLM)微调的HIPAA合规训练数据集,涵盖安全规则、隐私规则、违规通知规则,以及美国国家标准与技术研究院(National Institute of Standards and Technology,NIST)与美国食品药品监督管理局(Food and Drug Administration,FDA)的实施指南。
### 数据集摘要
- **总样本数**:1287条(训练集1029条 / 验证集258条)
- **源文档**:9份联邦出版物(提取内容约5.6 MB)
- **格式**:采用聊天格式消息的JSONL格式
- **许可协议**:CC0-1.0(公共领域)
- **覆盖范围**:安全规则、隐私规则、违规通知、NIST实施指南、FDA医疗设备指南
### 为何选用本数据集?
医疗机构亟需实用的HIPAA合规指南,但当前多数大语言模型缺乏对以下内容的深入认知:
- **强制实施**与**可选实施**规范之间的区别
- **覆盖实体**与**业务伙伴**的义务边界
- **管理类**、**物理类**与**技术类**防护措施
- **违规通知**的阈值与流程
- **NIST SP 800-66**建议的实操落地方法
本数据集通过权威联邦来源生成1287条高质量问答对,填补了这一认知空白。
## 数据集结构
### 数据字段
- `messages`:聊天消息列表(包含系统、用户、助手三类角色)
- `metadata`:源文件标注与HIPAA专属分类信息
- `source`:源文档标题
- `cfr_section`:联邦法规汇编(Code of Federal Regulations,CFR)章节编号(例如§164.308),如适用
- `safeguard_type`:防护措施类型(administrative | physical | technical | unknown)
- `implementation_spec`:实施规范类型(required | addressable | both)
- `entity_type`:主体类型(covered_entity | business_associate | both)
- `type`:问题类型(cfr_section, safeguard, implementation, breach_notification, etc.)
- `nist_control`:NIST控制标识(例如AC-1),若内容源自SP 800-66
### 示例
json
{
"messages": [
{
"role": "system",
"content": "你是一名HIPAA合规专家,精通安全规则、隐私规则与违规通知规则,能够提供准确且实用的HIPAA合规要求、实施规范及合规流程指导,并引用具体CFR章节,清晰区分覆盖实体与业务伙伴的义务。"
},
{
"role": "user",
"content": "强制实施与可选实施规范之间存在哪些区别?"
},
{
"role": "assistant",
"content": "根据《HITECH综合最终规则(2013)》:
根据HIPAA安全规则,实施规范分为强制实施与可选实施两类。强制实施规范必须按要求执行。可选实施规范采用更灵活的方式:覆盖实体与业务伙伴需评估每项可选实施规范是否为其环境中合理且恰当的防护措施。若合理恰当,则必须按要求执行该规范;若不合理,则需记录为何该规范不具备合理性与恰当性,并在合理恰当的情况下执行等效替代措施,或记录为何无合理替代措施并接受剩余风险。这种基于风险的可扩展方案允许不同规模与复杂度的机构实施适配的安全措施。"
}
],
"metadata": {
"source": "HITECH Omnibus Final Rule (2013)",
"implementation_spec": "both",
"safeguard_types": ["administrative", "physical", "technical"],
"type": "implementation"
}
}
## 源文档
### 联邦公报前言(5份文档)
此类文档提供HIPAA法规背后的制定依据与实施指南:
1. **《安全规则最终规则(2003)》** - 344 KB
- 安全标准制定依据
- 管理类、物理类与技术类防护措施
- 强制与可选实施规范区分
2. **《隐私规则最终规则(2000)》** - 2.6 MB
- 隐私标准与使用/披露规则
- 个体权利(访问、修改、核算)
- 最小必要标准
3. **《隐私规则修改(2002)》** - 672 KB
- 澄清与更正说明
- 业务伙伴条款
- 去标识化标准
4. **《HITECH综合最终规则(2013)》** - 1.0 MB
- HITECH法案修改内容
- 业务伙伴直接责任
- 违规通知规则更新
- 强化执法
5. **《违规通知规则(2009)》** - 228 KB
- 违规定义与风险评估
- 通知要求(向HHS、个体、媒体)
- 500+个体阈值
### NIST实施指南(1份文档)
6. **《NIST SP 800-66 修订版2:HIPAA安全规则实施指南(2024)》** - 497 KB
- 分步实施指南
- 控制映射(NIST 800-53 → HIPAA)
- 风险分析方法论
- 实操示例与建议
### FDA医疗设备网络安全(2份文档)
7. **《FDA医疗设备网络安全:质量体系考量(2023)》** - 211 KB
- 设备安全要求
- 网络安全物料清单(Software Bill of Materials,SBOM)
- 上市前提交要求
8. **《FDA医疗设备网络安全上市后管理(2016)》** - 84 KB
- 漏洞管理
- 补丁与更新
- 设备事件响应
### 未纳入的文档(提取失败)
以下4份文档因提取失败未纳入本数据集:
- 45 CFR第160、162、164部分(数据格式错误,仅提取HTML导航内容)
- 《FDA上市前提交内容草案指南(2022)》(提取失败,仅71字节)
上述文档将通过替代提取方法在v1.1版本中加入。
## 问答生成策略
本数据集的样本通过7种互补策略生成:
### 1. 基于CFR章节的问答生成
从CFR章节编号提取具体法规要求。
**示例**:"§164.308(a)(1)(i)规定了哪些要求?" → 安全管理流程细节
### 2. 基于防护措施的问答生成
聚焦管理类、物理类与技术类防护措施。
**示例**:"HIPAA下的技术类防护措施包括哪些?" → 访问控制、审计控制、数据完整性、传输安全
### 3. 基于实施规范的问答生成
澄清强制与可选实施规范的区别。
**示例**:"如何判断某项可选实施规范是否需要执行?" → 风险评估流程
### 4. 基于主体类型的问答生成
区分覆盖实体与业务伙伴的义务边界。
**示例**:"HIPAA下业务伙伴有哪些义务?" → 直接责任、安全、隐私、违规通知
### 5. 基于违规通知的问答生成
解释违规判定与通知流程。
**示例**:"HIPAA违规何时需向HHS报告?" → 60天时限、500+个体阈值、风险评估
### 6. 基于NIST控制的问答生成
将NIST 800-53控制映射至HIPAA要求(源自SP 800-66)。
**示例**:"NIST SP 800-66建议如何实施控制AC-2?" → HIPAA下的账户管理
### 7. 语义分块生成
保留上下文的通用内容生成。
**示例**:"[文档]中关于HIPAA合规有哪些说明?" → 上下文相关摘录
## 应用场景
### 医疗机构
- **内部HIPAA聊天机器人**:解答员工合规相关疑问
- **培训助手**:帮助新员工熟悉HIPAA要求
- **政策生成**:基于HIPAA指南起草安全政策
### 健康科技公司
- **合规审查**:对照HIPAA要求验证产品功能
- **风险评估**:识别HIPAA实施中的漏洞
- **业务伙伴协议(BAA)审查**:理解业务伙伴义务
### 医疗设备制造商
- **设备安全**:落实FDA网络安全要求
- **SBOM生成**:创建网络安全物料清单
- **漏洞管理**:遵循FDA上市后指南
### HIPAA合规官员
- **违规判定**:评估事件是否需通知
- **审计准备**:在审计前梳理合规要求
- **实施规划**:优先处理强制与可选实施规范
### 法律与咨询机构
- **客户咨询**:提供准确的HIPAA解读
- **事件响应**:指导违规通知决策
- **合同审查**:验证BAA合规性
## 数据集统计
源文档: 9份(5份前言、1份NIST文档、2份FDA文档、1份报告)
总样本数: 1287条
训练样本: 1029条(80%)
验证样本: 258条(20%)
平均样本长度: 约400个令牌(估算)
按防护措施类型划分:
管理类: 8份文档
物理类: 8份文档
技术类: 8份文档
未知: 3份文档
按主体类型划分:
两者兼具(覆盖实体与业务伙伴):9份文档
仅覆盖实体: 2份文档
违规相关: 8份文档
按实施规范类型划分:
两者兼具(强制与可选):5份文档
仅强制实施: 6份文档
## 模型训练
### 推荐训练配置
本数据集专为7B参数模型的**LoRA微调**设计:
yaml
base_model: mlx-community/Qwen2.5-Coder-7B-Instruct-4bit
lora_rank: 16
lora_alpha: 32
num_layers: 16
batch_size: 4
learning_rate: 1e-5
num_iterations: 500-1000
### 预计训练时长
- **7B参数模型在M4 Max服务器上**:约45-90分钟(500-1000次迭代)
- **内存需求**:15-20 GB
- **每秒令牌数**:130-160
### 训练命令
bash
python -m mlx_lm lora
--model mlx-community/Qwen2.5-Coder-7B-Instruct-4bit
--train
--data data/hipaa/training
--iters 1000
--batch-size 4
--lora-layers 16
--adapter-path models/hipaa-expert-lora
## 快速上手
### 加载数据集
python
import jsonlines
# 加载训练数据
with jsonlines.open('train.jsonl') as reader:
train_data = list(reader)
print(f"训练样本数:{len(train_data)}")
print(f"第一条样本:{train_data[0]}")
### 按元数据筛选
python
# 查找所有违规通知相关样本
breach_examples = [
ex for ex in train_data
if ex['metadata'].get('type') == 'breach_notification'
]
# 查找技术类防护措施相关样本
technical_examples = [
ex for ex in train_data
if 'technical' in ex['metadata'].get('safeguard_types', [])
]
# 查找仅针对业务伙伴的内容
ba_examples = [
ex for ex in train_data
if ex['metadata'].get('entity_type') == 'business_associate'
]
## 局限性
### 覆盖缺口
1. **缺失CFR法规原文**:实际的45 CFR第160、162、164部分文本因数据格式错误未能提取,本数据集仅依赖前言与指南内容,这些内容虽提供实施背景,但未包含简洁的法规原文。
2. **前言占比偏高**:9份文档中有5份为联邦公报前言,此类文档提供制定依据与解读,但相较于简洁的法规原文可能更为冗长。
3. **无OCR指南**:未纳入HHS民权办公室的常见问题与指南文档(需通过网络爬虫获取)。
4. **医疗设备覆盖有限**:仅包含2份FDA指南文档,未覆盖全面的设备安全库。
5. **无州级法规扩展**:未纳入加州CMIA、马萨诸塞州201 CMR 17.00等州级法规。
### 模型局限性
- **不构成法律建议**:输出内容不应被视为法律建议
- **可能产生幻觉**:模型可能生成看似合理但错误的CFR章节
- **上下文窗口限制**:受限于基础模型的上下文窗口(通常为4K-8K令牌)
- **无实时更新**:训练数据截止至2024年,法规可能发生变更
### 推荐缓解方案
1. **检索增强生成(RAG)集成**:结合实际HIPAA法规的向量数据库使用
2. **引用验证**:始终在官方来源中验证CFR章节
3. **人工审核**:由合规官员审核模型输出
4. **定期更新**:每年随法规演进重新训练
## 路线图
### v1.1(规划中)
- **采用替代方法重新提取CFR法规原文**(使用PDF修复工具)
- **通过网络爬虫HHS.gov/hipaa添加OCR指南**
- **扩展FDA覆盖范围**,新增更多医疗设备指南
- 目标:新增500-1000条样本
### v1.2(规划中)
- **州级HIPAA扩展**(加州CMIA、马萨诸塞州201 CMR 17.00、纽约SHIELD法案等)
- **CMS安全标准**
- **FTC健康违规通知规则**
- 目标:新增300-500条样本
### v2.0(未来规划)
- **完整OCR指南库**(200-400份常见问题)
- **和解协议案例研究**
- **执法示例**
- **合成场景生成**
- 目标:新增1000-2000条样本
## 引用
若使用本数据集,请引用:
bibtex
@dataset{hipaa_compliance_2025,
title={HIPAA Compliance Training Dataset},
author={Troy, Ethan Oliver},
year={2025},
publisher={HuggingFace},
note={Derived from federal HIPAA regulations and guidance (Public Domain)}
}
## 许可协议
**CC0-1.0**(公共领域) - 所有源文档均为美国联邦政府作品,根据17 U.S.C. §105不受版权保护。
您可自由:
- 商用
- 修改与分发
- 创作衍生作品
- 无需注明出处(虽感谢署名!)
## 致谢
本数据集基于以下机构的出版物构建:
- **美国卫生与公众服务部民权办公室(Office for Civil Rights, OCR)** - HIPAA法规与指南
- **美国国家标准与技术研究院(National Institute of Standards and Technology,NIST)** - SP 800-66实施指南
- **美国食品药品监督管理局(Food and Drug Administration,FDA)** - 医疗设备网络安全指南
- **联邦公报** - 官方法规前言
## 联系方式
如有疑问、问题或贡献建议:
- **GitHub**:https://github.com/ethanolivertroy/nist-tuned-model
- **HuggingFace**:https://huggingface.co/ethanolivertroy
- **数据集问题**:在GitHub上提交issue
## 版本历史
- **v1.0(2025年1月)**:初始发布
- 1287条样本,源自9份联邦文档
- 覆盖范围:安全规则、隐私规则、违规通知、NIST SP 800-66、FDA指南
- 已知局限性:CFR法规原文因数据格式错误未能提取
---
**最后更新**:2025年1月
提供机构:
maas
创建时间:
2025-10-29
