I've been asked about webdirect and HIPAA. In particular about stored data staying on the hard drive after a browsing session.
At the moment I believe I am compliant with HIPAA in that everything is encrypted, but my concern is that browsers can cache encrypted data from webpages in an unencrypted format.
- Does the browser cache even come under an area that HIPAA compliance cares about (I know... ask a lawyer).
- Does anyone have a solid answer about webdirect and data caching?