HIPAA and caching PHI
Last updated February 12, 2017
You can configure the Fastly CDN service to cache and transmit protected health information (PHI) in keeping with Health Information Portability and Accountability Act (HIPAA) security requirements. Use the following features to ensure secure handling of cache data that contains PHI:
beresp.hipaavariable to objects containing PHI to keep that data out of non-volatile disk storage at the edge.
Contact firstname.lastname@example.org for more information on how to enable the
beresp.hipaa feature for your account. For accounts that have this feature enabled, Fastly will enter into a HIPAA business associate agreement (BAA) as an addendum to our terms of service.
Fastly's security and technology compliance program includes safeguards for the entire Fastly CDN service, independent of using the
beresp.hipaa variable. The Fastly security program and technology compliance guides provide more information about these safeguards.