The Health Insurance Portability and Accountability Act of 1996 is a law in the United States that defines requirements for safeguarding PHI and ePHI.

Solidatus helps organizations articulate the value of data governance by mapping together multiple parts of an organization often maintained in different siloed environments. Not only does it reduce the time and cost involved in managing HIPAA requirements it provides a clear understanding of the impacts on an organization, the shared responsibilities and promotes enterprise best practice and change.

Simplifying HIPAA compliance

Whether your organization is a private health care provider managing the complexities of portable Protected Health Information (PHI) and Electronic Protected Health Information (ePHI) data, or a pharmaceutical company tracking the treatment of research patients, you will be required to provide evidence that you are complying with the HIPAA requirements. If not done correctly, there are serious organizational consequences, both financially and reputationally.

Avoid significant fines, reputational risk and possible imprisonment

  • Solidatus improves organizations’ HIPAA risk assessments and documentation, and maps together ePHI, people, policies, procedures
    (including HIPAA requirements for encryption, retention, training, audit).
  • Organizations can reduce costs, time and effort by using Solidatus as the central tool for HIPAA compliance and assessments.
  • Solidatus enables the pinpointing of ePHI data wherever it occurs and is used within the organization, allowing speedy and comprehensive risk assessments of data and regulatory breaches.
  • The chances of quickly and successfully containing an incident are massively improved if the data landscape of the enterprise is recorded
    and understood.
  • Solidatus facilitates the automation of regular tasks and can assist in alerting failures to comply with the regulations.
Data Privacy

Solidatus for HIPAA

Most organizations are struggling to be truly compliant with HIPAA, as compliance typically requires a labor-intensive, high-cost compliance process. Solidatus changes the manual processes into an interactive automatic data operational model with built-in risk assessment and audit management capabilities.

Solidatus helps organizations simplify their adherence to HIPAA requirements by providing a tool that can map the flow of PHI and ePHI data through the organization, visualizing the mapping against their people, processes and data management capabilities. When compared to other data privacy legislation, HIPAA is particularly lengthy, multi-layered and detailed. Organizations can avoid inadvertently breaching one or more of its rules through day-to-day changes without due scrutiny. Solidatus further supports organizations by easily illustrating commonalities between all enterprise-relevant privacy regulations.

Creating an end-to-end holistic view of all information and data relevant to HIPAA provides an operational blueprint for audit and planning purposes, which helps to facilitate required training and associated actions to ensure ongoing compliance.

Company-wide collaboration

Through its collaborative and crowdsourcing model, Solidatus allows for quick and effective enterprise-wide identification of where PHI and ePHI data is held. Working with all teams across the organization, a clear understanding can be achieved of exactly where data is and how it’s being used in business and IT processes.

Visualize and map metadata

Data flow can be clearly mapped out to visualize each contact point, and ownership can then be assigned. Once an organization has this knowledge, they are able to quickly and confidently fulfill an ‘Insurance Portability’ request knowing that they have ported all the PHI and ePHI from every possible place it has been held.

Cost-effective compliance

Solidatus can quickly discover, document and share models, simplifying compliance, speeding information-finding and facilitating training. Data models can be leveraged for multiple initiatives and compliance requirements. The easy-to-use interface reduces time and cost: policies, processes and data can be mapped to the same model – efficiently re-using data to give a single source of truth.

Demonstrate EPHI audit and risk assessments

Solidatus can demonstrate to the regulator how and when audits and risk assessments were conducted and prove how information is collected, stored, used, deleted, and who has access to it. It also clearly shows that HIPAA relevant data is a key consideration for future change.

Tracking data usage, risks and controls

By modeling the HIPAA regulation to the organization’s data flow, Solidatus can display PHI and ePHI in a data lineage map. Having visualized where the ePHI data is used in the data landscape, the organization can track its usage, risks and controls. The Solidatus web-based portal provides users with a clear understanding of their responsibilities when working with HIPAA-related data, and removes the resource-intensive office-based distribution of uncontrolled information.

Solidatus has the ability to support organizations that find themselves operating in a crisis situation, such as a data breach or a loss of data. Organizations utilizing Solidatus can identify where critical data is located within systems and applications for rapid risk and impact assessments. It can also document and illustrate backup and recovery procedures, clearly showing in detail where data is backed up to and which data stores are necessary for the restoration of lost data.

Related content

Solidatus is used by some of the world’s largest financial institutions

Accelerate your HIPAA compliance


Solidatus unlocks the true business value behind data. A lineage-first approach enables organizations to connect and visualize data relationships across the enterprise, simplifying how they identify, access and understand them. With a reimagined, sustainable data foundation in place, organizations can mine actionable intelligence and solve complex problems to deliver transformational business results.

Solidatus is a member of the EDM Council.

© 2022. Threadneedle Software Holdings Limited trading as Solidatus.  Privacy Policy | Modern Slavery Statement