IBM Cloud Docs
HIPAA advisory

HIPAA advisory

Use of caching (CDN) for regulated data (for example, PHI, ITAR) is prohibited. All regulated data flows that use IBM Cloud® Internet Services must be set to not cache.

There are multiple ways to disable content caching by the CIS CDN.

  • The origin server can set no-cache in the Cache-Control header for the regulated content
  • Use the CIS page rules to disable caching for any content on a specified path, even if the origin does not send a no-cache Cache-Control header.