How Can You Protect ePHI if You Aren’t Aware of It?

Not so long ago, the idea of sharing ePHI outside of your EMR or firewall was absurd.  If you let the data out, how could you protect it?  Today distributed care, social norms and government mandates, like the Cures Act are forcing information sharing between providers, organizations, patients, payors and applications.  This needs to happen if we want to significantly improve the cost and efficiency of care, and the overall health or our population.  Yet, it introduces new and unfamiliar risks.

This new information-sharing paradigm requires a fundamental shift in how we detect and manage ePHI.  Traditional security solutions were not designed to protect data (structured and unstructured) at the edge, or beyond.  Tausight was founded to provide healthcare with the “who, what, when, where and how” around all ePHI and its related activity (created, maintained, processed, received, transmitted) inside and outside of the organization. That is Situational ePHI Awareness, or SePHIA (like Sophia with an e in place of the o) as we refer to it.

We’ve leveraged IoT and Natural Language Processing technology to develop our software sensor for detecting and classifying ePHI on Windows endpoints, file servers, cloud shares and email servers. Telemetry generated by the IoT sensors is collected in our cloud server to provide real-time awareness on how ePHI is being secured, used and moved. Our cloud analytics ingest all the data to determine how well the organization conforms to best practices put forth by the 405(d) Task Group and other recognized security standards.  This ePHI-centric view provides an unprecedented level of awareness and visibility into the use of all ePHI, wherever it may be.  If you aren’t aware of ePHI, how can you protect it?

Healthcare organizations need to be able to:

  • Track the use of all ePHI activity, and associate that activity with specific devices, applications and users.
  • Update ePHI activity 24x7x365, consistent with the real-time nature of user and application activity.
  • Aggregate data related to all ePHI activity across internal and external endpoints, while being able to provide one consolidated view that includes details for context around events and configuration.

Interested in situational awareness around your patients’ ePHI? Sign up for a free trial….

profile photo of David Ting

David Ting

Founder and CTO, Tausight

Related Articles