Talk:End-user device encryption (MU3)
From OpenEMR Project Wiki
Revision as of 01:08, 6 November 2021 by Peter J Liepmann MD FAAFP MBA (talk | contribs) (End user device does not store PHI)
This refers to data that remains on a user's device after they log out of the program. Breaches have occurred when users had laptops stolen that were not encrypted and stored the entire database on the laptop. Since the usual access to OpenEMR is by HTTPS connection, I think all that's required is that data from the session not be cached.
There's a technical discussion of this on Stack Overflow https://stackoverflow.com/questions/49547/how-do-we-control-web-page-caching-across-all-browsers
Basically puts this on each page:
Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0