Oracle Health Insurance Webservices Access for External Client

It may be required to give external clients, that are not inside the company firewall, access to the Oracle Health Insurance web services. In that case, the following aspects have to be taken into account:

• Do not expose the Oracle Health Insurance web services directly, always make sure that the web services are fronted by a separate web server / load balancer.

• Messages exchanged between a web service and an external client may contain protected health information; as a minimum security requirement, message traffic must be accessed only through HTTP secured with SSL.

• Apply proper web services security policies to enforce authentication and to guarantee integrity and confidentiality of messages.