Page 28 - index
P. 28
o Data storage should not be located outside of the USA;
o System should not allow physical removal of the protected health information (PHI)
records. Just mark these records as inactive instead of deletion
Secure data transmission:
o Client-server communication should be performed via secured channel
(SSL/HTTPS);
o Client should not pass any protected health information (PHI) data in URL
parameters when sending a request to the server;
o All data transmission outside of the system should be done via secure protocol
(HTTPS, Direct Protocol, etc.).
About the Author
An industry leader and innovator, Kyle F. Kennedy is a Senior Executive who focuses within the
areas of Information Security, Risk Management, Audit, Disaster Recovery, IT Solutions, Business
Process Management (BPM), and Information Technology Governance-Risk-Compliance (GRC).
Kyle is a leading expert on identity management, access management, user account provisioning,
entitlement management, federation, privileged identity management, role design and management,
and identity management as a Service. Kyle also covers enterprise fraud management, which has
many synergies with identity and access management when an organization needs to protect
against risk and wants to manage fraud appropriately.
28 Cyber Warnings E-Magazine – February 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
