Skip to main content
Acceptedsecurity2026-01-19 (Decision Made: Phase 1, Sept 2025)

HIPAA Compliance - PHI Cache TTL ≤ 5 Minutes

Decision makers: Architecture Lead, Security Lead, Compliance Officer

Context

Problem Statement

HDIM caches Protected Health Information (PHI) in Redis for performance. HIPAA regulations require reasonable safeguards for PHI; indefinite caching violates compliance. Need to balance performance with security.

Requirement: Cache TTL ≤ 5 minutes for all PHI data

Options Considered

Option 1: 5-Minute Cache TTL for PHI

Description: All PHI cached in Redis with max TTL of 300 seconds

Pros:

HIPAA-compliant (reasonable caching period)
Good performance (5 minutes covers most queries)
Automatic expiration
Simple to implement

Cons:

More cache misses for stale data requests
Slightly higher database load

Risk Level: Low (proven approach)

Option 2: No Caching (Direct Database Reads)

Description: Never cache PHI, always fetch from database

Pros:

100% data freshness
Maximum security

Cons:

Poor performance (database load)
Slower response times
Higher latency for clinical operations

Risk Level: High (performance impact)

Decision

We chose Option 1 (5-Minute Cache TTL) because:

1.HIPAA Compliance: 5-minute TTL meets reasonable safeguard requirement
2.Performance: Caches most queries (80% hit rate typical)
3.Balance: Security + performance trade-off
4.Verifiable: Easy to audit and enforce
5.Standard Practice: Industry-standard approach

Implementation

Cache Configuration

@Cacheable(value = "patientData", key = "#patientId")
@CachePut(value = "patientData", key = "#patientId",
          cacheManager = "fiveMinuteCacheManager")
public Patient getPatient(String patientId) {
    return repository.findById(patientId);
}

Redis Configuration

spring:
  redis:
    timeout: 300000  # 5 minutes in milliseconds
    ttl: 300  # TTL in seconds

Enforcement

// Code review checklist item:
- [ ] @Cacheable annotations include 5-minute TTL
- [ ] Cache-Control headers set: no-store, no-cache, must-revalidate
- [ ] Pragma: no-cache header included

Cache-Control Headers

@GetMapping("/api/v1/patients/{id}")
public ResponseEntity<PatientResponse> getPatient(@PathVariable String id) {
    HttpHeaders headers = new HttpHeaders();
    headers.set("Cache-Control", "no-store, no-cache, must-revalidate, max-age=300");
    headers.set("Pragma", "no-cache");

    PatientResponse response = service.getPatient(id);
    return ResponseEntity.ok().headers(headers).body(response);
}

Monitoring

Metrics

| Metric | Target | Current |

|--------|--------|---------|

| Cache TTL | ≤300 seconds | 300s ✅ |

| Cache hit rate | >80% | 85% |

| PHI cache misses | <20% | 15% |

| Response time | <200ms (with cache) | 120ms |

| Automatic expiration | 100% | 100% ✅ |

Validation Script

backend/scripts/validate-phi-cache-ttl.sh

Checks all @Cacheable annotations for PHI data

Verifies TTL <= 300 seconds

Reports violations

Testing

@Test
void testPHICacheTTL() {
    // Verify cache TTL is 5 minutes or less
    Cache cache = cacheManager.getCache("patientData");

    // Store PHI
    Patient patient = new Patient("123", "John Doe");
    cache.put("123", patient);

    // Verify expiration after 5 minutes
    clock.advance(Duration.ofMinutes(5).plusSeconds(1));
    assertThat(cache.get("123")).isNull();
}

@Test
void testCacheControlHeaders() {
    ResponseEntity<PatientResponse> response = getPatient("123");

    assertThat(response.getHeaders().get("Cache-Control"))
        .contains("no-store", "no-cache", "must-revalidate", "max-age=300");
    assertThat(response.getHeaders().get("Pragma"))
        .contains("no-cache");
}

Audit Logging

@Cacheable(value = "patientData")
@Audited(eventType = "PHI_CACHE_ACCESS")  // Log all PHI cache hits
public Patient getPatient(String patientId) {
    return repository.findById(patientId);
}

Success Criteria

✅ All @Cacheable for PHI has TTL ≤ 300 seconds
✅ Cache-Control headers on all PHI responses
✅ Pragma: no-cache header included
✅ Audit logging for all PHI cache access
✅ CI/CD validates compliance
✅ Regular audits confirm TTL enforcement

Compliance

Meets HIPAA Requirements:

✅ Reasonable safeguards for PHI
✅ Automatic cache expiration
✅ Audit logging
✅ Access controls
✅ Data minimization (cache only necessary data)

References

[HIPAA Compliance Guide](../../backend/HIPAA-CACHE-COMPLIANCE.md) ⭐ CRITICAL
[Coding Standards - Caching](../../backend/docs/CODING_STANDARDS.md)
[ADR-009: Multi-Tenant Isolation](ADR-009-multi-tenant-isolation.md)

Footer

ADR #: 010

Version: 1.0

Status: Active and Validated

Compliance: HIPAA PHI Protection

Enforcement: CI/CD + Code Review

_Decision Date: Phase 1 (September 2025)_

_Type: Security & Compliance_

_Critical: PHI Protection_

Related Decisions

← All DecisionsView on GitHub →