My requirement is to use Patient ID (PHI) in Storage Blob object key.
Example - "/storagename/Z360A1109/report.html" where "Z360A1109' is Paient ID.
If I query this object WITHOUT VNet Service Endpoint for Blob Storage enabled, then its a clear violation and my Patient ID can be intercepted over the internet.
But, WITH VNet Service Endpoint enabled for Blob Storage, where the traffic is routed over Microsoft Backbone Network. Can we use it without violating HIPAA regulations? And does BAA covers this?