Introducing Tausight®
The First Situational ePHI Awareness (SePHIATM) Platform
Built for the Modern Healthcare Ecosystem
“The foundation of HIPAA compliance is knowing everywhere within the organization where PHI or ePHI exists, on paper, or in digital form. With that understood, the organization must know how that PHI moves between those “at rest” locations. Creating maps that outline the following provides an easy-to-use mechanism for discovery and analysis:
- Where PHI enters an organization (from a transfer from an external party, entered into systems directly or written on paper)
- Where that PHI moves as the various workflows ensue.”
Gartner®, Top Healthcare Provider HIPAA Questions and Answers, Gregg Pessin, Refreshed 12 July 2022, Published 4 February 2021. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Traditional cybersecurity is not designed to protect ePHI and clinical workflows at the edge of decentralized, virtual healthcare. Securing healthcare has fundamentally changed.
Clinicians are the new security perimeter.
Unsecured, Private BA Clouds
(with unknown security standards)
Telehealth/Mobile
Cloud-based audio, video and data communications, telemetry data transmission, unsecure email and texts, smartphone apps and patient monitoring devices. All with limited IT security teams.
Hospital@Home
Patients at home create multiple new vulnerabilities via unsecure RPM, personal PCs/VPN, personal email, smart home devices, and unauthorized collaboration apps.
Interoperability & Data Exchange Outside Firewall
Shadow IT Apps & Personal Emails
Clinicians using personal email, messages, flash drives, cloud storage and unknown, unauthorized applications. 80% of employees create Shadow IT.
Remote First Care
Pandemic created an explosion of virtual endpoints, new attack surfaces and unknown, unsecure clouds.
Traditional cybersecurity is not designed to protect ePHI and clinical workflows at the edge of decentralized, virtual healthcare. Securing healthcare has fundamentally changed.
Clinicians are the new security perimeter.
Unsecured, Private BA Clouds
(with unknown security standards)
Hospital@Home
Patients at home create multiple new vulnerabilities via unsecure RPM, personal PCs/VPN, personal email, smart home devices, and unauthorized collaboration apps.
Shadow IT Apps & Personal Emails
Clinicians using personal email, messages, flash drives, cloud storage and unknown, unauthorized applications. 80% of employees create Shadow IT.
Telehealth/Mobile
Cloud-based audio, video and data communications, telemetry data transmission, unsecure email and texts, smartphone apps and patient monitoring devices. All with limited IT security teams.
Interoperability & Data Exchange Outside Firewall
Remote First Care
Pandemic created an explosion of virtual endpoints, new attack surfaces and unknown, unsecure clouds.
Traditional cybersecurity is not designed to protect ePHI and clinical workflows at the edge of decentralized, virtual healthcare. Securing healthcare has fundamentally changed.
Clinicians are the new security perimeter.
Unsecured, Private BA Clouds
(with unknown security standards)
Hospital@Home
Patients at home create multiple new vulnerabilities via unsecure RPM, personal PCs/VPN, personal email, smart home devices, and unauthorized collaboration apps.
Shadow IT Apps & Personal Emails
Clinicians using personal email, messages, flash drives, cloud storage and unknown, unauthorized applications. 80% of employees create Shadow IT.
Telehealth/Mobile
Cloud-based audio, video and data communications, telemetry data transmission, unsecure email and texts, smartphone apps and patient monitoring devices. All with limited IT security teams.
Interoperability & Data Exchange Outside Firewall
Remote First Care
Pandemic created an explosion of virtual endpoints, new attack surfaces and unknown, unsecure clouds.
Tausight uses machine learning and natural language processing
to automate ePHI detection and compliance.
An ePHI-centric way to simplify alignment and reporting on 405(d) Healthcare Industry Cybersecurity Practices (HICP)
Endpoint Protection Systems Reports:
Reports to support Endpoint Protection Systems include Audit endpoint encryption, Endpoint OS patch assessment, Local admin access, Fastest growing applications, Low usage applications. Some examples include: 
Identity and Access Management Reports:
Reports related to Identity and Access Management include: Users with privileged access and Change in privileged processes running. Here are samples… 
Data Protection and Loss Prevention Reports:
Reports to support Data Protection and Loss Prevention include PHI moving outside of the network, Audit location of external movement, Establish baseline for PHI emailed, Top users sending PHI, PHI movement to removable media, Audit file transfer URLs. Some examples include: 
IT Asset Management Reports:
Covering IT Asset Management is the report Endpoint activity 
Situational ePHI Awareness
The ability to know where ePHI lives, where it’s being moved to, who it’s being shared with, and having confidence that it is secured and well managed to minimize risk and exposure for your patients and organization.
- Reduced ePHI risk across the healthcare continuum — One consolidated, real-time view into structured and unstructured PHI as it is being created, copied, stored, moved and shared between providers, patients, third parties and applications.
- Continuous, omnipresent validation of cyber preparedness and compliance — 24/7 telemetry and reporting on PHI activity, including adherence to 405(d) Health Industry Cybersecurity Practices (HICP) to support qualifying for lower cybersecurity insurance rates and reduced OCR penalties in the event of a breach.
- Faster, less costly time to cyber recovery – Immutable, off-site audit trail provides forensic-level details across all endpoints; before, during and after a cyber incident, including the information needed to quickly reconstitute the system and reconstruct any incident.
Vulnerability Management Reports:
Reports to support Vulnerability Management include Endpoint patch assessment Summary, Endpoint patch assessment – Installation Lag, Endpoint patch assessment – Histogram, Endpoint patch assessment – Critical patches, Endpoint patch assessment – non-critical patches, Chrome patch assessment and Edge patch assessment. Some examples include:
Security Operations Center and Incident Response Reports:
Reports to support Security Operations Center and Incident Response include Lost / stolen laptop and User litigation. Some examples include:
An ePHI-centric way to simplify alignment and reporting on 405(d) Healthcare Industry Cybersecurity Practices (HICP)
Endpoint Protection Systems Reports:
Reports to support Endpoint Protection Systems include Audit endpoint encryption, Endpoint OS patch assessment, Local admin access, Fastest growing applications, Low usage applications. Some examples include:
Identity and Access Management Reports:
Reports related to Identity and Access Management include: Users with privileged access and Change in privileged processes running. Here are samples…
Data Protection and Loss Prevention Reports:
Reports to support Data Protection and Loss Prevention include PHI moving outside of the network, Audit location of external movement, Establish baseline for PHI emailed, Top users sending PHI, PHI movement to removable media, Audit file transfer URLs. Some examples include:
IT Asset Management Reports:
Covering IT Asset Management is the report Endpoint activity
Situational ePHI Awareness
The ability to know where ePHI lives, where it’s being moved to, who it’s being shared with, and having confidence that it is secured and well managed to minimize risk and exposure for your patients and organization.
- Reduced ePHI risk across the healthcare continuum — One consolidated, real-time view into structured and unstructured PHI as it is being created, copied, stored, moved and shared between providers, patients, third parties and applications.
- Continuous, omnipresent validation of cyber preparedness and compliance — 24/7 telemetry and reporting on PHI activity, including adherence to 405(d) Health Industry Cybersecurity Practices (HICP) to support qualifying for lower cybersecurity insurance rates and reduced OCR penalties in the event of a breach.
- Faster, less costly time to cyber recovery – Immutable, off-site audit trail provides forensic-level details across all endpoints; before, during and after a cyber incident, including the information needed to quickly reconstitute the system and reconstruct any incident.
Vulnerability Management Reports:
Reports to support Vulnerability Management include Endpoint patch assessment Summary, Endpoint patch assessment – Installation Lag, Endpoint patch assessment – Histogram, Endpoint patch assessment – Critical patches, Endpoint patch assessment – non-critical patches, Chrome patch assessment and Edge patch assessment. Some examples include:
Security Operations Center and Incident Response Reports:
Reports to support Security Operations Center and Incident Response include Lost / stolen laptop and User litigation. Some examples include:
An ePHI-centric way to simplify alignment and reporting on 405(d) Healthcare Industry Cybersecurity Practices (HICP)
Situational ePHI Awareness
The ability to know where ePHI lives, where it’s being moved to, who it’s being shared with, and having confidence that it is secured and well managed to minimize risk and exposure for your patients and organization.
- Reduced ePHI risk across the healthcare continuum — One consolidated, real-time view into structured and unstructured PHI as it is being created, copied, stored, moved and shared between providers, patients, third parties and applications.
- Continuous, omnipresent validation of cyber preparedness and compliance — 24/7 telemetry and reporting on PHI activity, including adherence to 405(d) Health Industry Cybersecurity Practices (HICP) to support qualifying for lower cybersecurity insurance rates and reduced OCR penalties in the event of a breach.
- Faster, less costly time to cyber recovery – Immutable, off-site audit trail provides forensic-level details across all endpoints; before, during and after a cyber incident, including the information needed to quickly reconstitute the system and reconstruct any incident.
Endpoint Protection Systems Reports:
Reports to support Endpoint Protection Systems include Audit endpoint encryption, Endpoint OS patch assessment, Local admin access, Fastest growing applications, Low usage applications. Some examples include:
Identity and Access Management Reports:
Reports related to Identity and Access Management include: Users with privileged access and Change in privileged processes running. Here are samples…
Data Protection and Loss Prevention Reports:
Reports to support Data Protection and Loss Prevention include PHI moving outside of the network, Audit location of external movement, Establish baseline for PHI emailed, Top users sending PHI, PHI movement to removable media, Audit file transfer URLs. Some examples include:
IT Asset Management Reports:
Covering IT Asset Management is the report Endpoint activity
Vulnerability Management Reports:
Reports to support Vulnerability Management include Endpoint patch assessment Summary, Endpoint patch assessment – Installation Lag, Endpoint patch assessment – Histogram, Endpoint patch assessment – Critical patches, Endpoint patch assessment – non-critical patches, Chrome patch assessment and Edge patch assessment. Some examples include:
Security Operations Center and Incident Response Reports:
Reports to support Security Operations Center and Incident Response include Lost / stolen laptop and User litigation. Some examples include:
Tausight Provides Situational ePHI Awareness (SePHIATM)
- SaaS service, self-updating sensor for Windows & VDI endpoints either inside/outside the firewall
- Real-time, full-stack ground truth telemetry for system, user, application, device, network, hardware, activity
- Content inspection detects PHI at rest (files), in use (apps) and in transit (network, cloud)
- Natural language processing identifies ePHI in structured and unstructured data without pattern matching complexity
- Forensic audit trail for all activity events tracing back to user accounts
Tausight Provides Situational PHI Awareness
- SaaS service, self-updating sensor for Windows & VDI endpoints either inside/outside the firewall
- Real-time, full-stack ground truth telemetry for system, user, application, device, network, hardware, activity
- Content inspection detects ePHI at rest (files), in use (apps) and in-transit (network, cloud)
- Natural language processing identifies ePHI in structured and unstructured data without pattern matching complexity
- Forensic audit trail for all activity events tracing back to user accounts
Start securing ePHI and protect clinicians at risk.
“Cyber resiliency is the new norm. Business continuity requires securing your ePHI clinical workflow.”
– Cybersecurity Task Force
Be the first to learn how Tausight can discover and protect ePHI at the point of risk. Connect with a Tausight platform expert to start your journey today: