A New First Step: Do You Know Where Your PHI Data Is?

iStock_000062625124_SmallHealthcare CEOs and CIOs, their IT consultants, outsourced services and other vendors are investing considerable time and resources improving data security, with a sharp focus on protected healthcare information (PHI).  No surprise, since executives for all these organizations are accountable for the PHI data they touch, regardless of where a breach may surface along the chain of trust.

Do you know where to find the PHI your organization is accountable for under HIPAA and other federal and state regulations?  Do you know who has it and why?  If you don’t, that can be a huge problem, but the team at CloudVault Health recently introduced a new a SaaS product that finds and protects patient information, ultimately providing a level of PHI protection that could become the healthcare industry’s reliable first step in more effectively protecting sensitive healthcare data.

It’s a simple perspective—knowing where all your PHI data is, who has it, how it’s being used and when it’s duplicated is the logical first step in meeting HIPAA requirements and keeping information safe.

Technology that solves the PHI challenge
The new, fully patented CloudVault Health technology operates seamlessly across end-points as it discovers, categorizes and protects PHI based on key attributes and characteristics resulting in a dynamic analysis of risk associated with the data it scans.

It all starts on the endpoints where data is often most vulnerable.  Once identified, management can determine next steps to both protect the actual data at a file level and establish practices that support efficient yet secure information sharing when and with whom it’s necessary.  Highly sensitive information can be further protected by relocating it from vulnerable end points to a hardened centralized repository.  Leveraging this new technology provides the initial building block for understanding and protecting an organization’s PHI.

The top line features of CloudVault Health include:

  • Finding PHI through regular system scans inside a healthcare provider or associate business system, and automatically categorizing the information according to data attributes and risks. This is accomplished with little or no involvement of existing IT staff and resources, and without affecting normal system operations.
  • Protecting through encrypting PHI data it discovers, including data transferred to any outside authorized users or systems, allowing the accountable organization to make informed determinations about the extent to which its PHI can be accessed or shared.
  • Enabling healthcare organizations to more effectively identify and address overall PHI security risk, ultimately assisting in demonstrating compliance with HIPAA and other regulations.

CloudVault Health’s new technology is also a logical first step for large and small companies that do business with healthcare provider organizations.  Keep in mind that restrictive HIPAA regulations apply to every entity that’s part of the chain of trust when it comes to protecting PHI and meeting the increasingly rigorous business associate agreement language that hospitals, clinics and other provider organizations require.

Considering the growing importance (and expense) of protecting sensitive healthcare information, a strong, well-maintained security program is a must — but knowing where your sensitive information is, inside and outside your organization, certainly makes sense as a first step in truly protecting the PHI an organization is entrusted with—and accountable for.

Richard Nelli is President of Atlanta-based CloudVault Health.  His extensive background across the healthcare information technology landscape includes strategic leadership roles at healthcare software, technology, and professional services businesses in various stages of maturity, including Streamline Health and CareMedics Systems, as well as advisory and entrepreneurial roles in the industry.