Established in 1996, the Health Insurance Portability and Accountability Act (HIPAA) stipulates, among other things, how personally identifiable information (PII) and protected health information (PHI) maintained by the health care and health care insurance sectors should be protected.
All hospitals, clinics, doctors’ offices, insurance agencies, and other health care entities must adhere to very specific guidelines around storing and sharing information. Despite the strict need to ensure patient privacy, data sharing among health care organizations and health research groups is crucial to understanding disease, development of new treatments, and ensuring sound public health practices.
According to a World Health Organization editorial on best practices for sharing information using data platforms, “The public health benefits of data-sharing have been widely recognized over the past decade. A recent statement signed by over 30 research funders, nongovernmental organizations, and publishers highlighted the importance of rapidly sharing information in public health emergencies.”1.
1 “Best practices for sharing information through data platforms: establishing the principles,” World Health Organization, April 2016, https://www.who.int/bulletin/volumes/94/4/16-172882/en/
Cybercrime rates and data breaches have skyrocketed among health care organizations.
Patients are more concerned than ever about the security of their personal health information and other sensitive data.
At the same time, increased public health threats and ongoing critical medical research require health organizations to work together to solve problems using real-world patient data.
While HIPAA regulations help define how patient data can be stored and handled, ensuring that these guidelines are followed during the normal course of providing care and doing business is complicated.
Titus Configuration for HIPAA Compliance is a preconfigured data protection solution, providing automated controls that make it easy for health care professionals to protect patient privacy, safely share files with colleagues, apply data classifications to email and documents according to HIPAA regulations and best practices, and prevent data leaks due to human error.
Titus helps health care professionals ensure that sensitive heath data is protected where it resides on servers, when it is being used in health care settings, and as it travels between health care organizations.
The Titus Configuration for HIPAA Compliance solution helps organizations generate a culture of security awareness and empower health care employees at all levels to classify sensitive data according to HIPAA standards and internal information-handling policies.
The preconfigured solution has been calibrated to solve data protection challenges commonly found in the health care business.
This drastically reduces the time required for hospital IT staff to deploy the solution to employees, and empowers physicians, therapists, nurses, administrators, and technicians to focus on the job of keeping patients healthy.
Titus scans files, email messages and their attachments, as well as documents in transit to the cloud to identify PII such as names and addresses, payment card industry (PCI) details, and PHI, including diagnosis codes, Medicare Beneficiary Identifier (MBI) numbers, and other health-related data
Add a layer of classification schema based on HIPAA regulations and your organization’s data security policies, and Titus will enforce email classification according to the level of sensitivity in the message or attachments.
Users have three ways to identify sensitive information and enforce classification.Show me how
Health care workers can use the Titus classification tools in the toolbar to apply one-click classification to a patient intake form, medical record or any other type of file.
When users hover over the toolbar ribbon within a document, a guidance popup appears to help them choose the appropriate classification. Windows users can also right-click a file on their desktop to add a classification without opening it if it has not already been classified.
When saving a new document, Titus offers suggestions for how to classify the document based on either step-by-step “help me choose” questions in the user interface or intelligent machine learning technology.
Users are not forced to use the suggested classifications but must add a classification before completing the save.
Health care organizations can configure the Titus solution to automatically enforce HIPAA regulations and information handling policies.
When users create a new document, Titus leverages its machine learning technologies to automatically apply the appropriate classification based on organizational data security policies.
Over time, Titus’ automatic classifications become more and more accurate as the technology learns the similarities and differences between insurance explanation of benefits (EOBs), general intake forms, and other health content.
You can even create a policy within Titus that will automatically apply email classification to match the classification level of any document attached.
When a user hits send on an email with a restricted attachment, such as patient test data or a medical record, a Titus alert indicates which attachments include PHI and other sensitive data.
Users can either adjust the recipient list, remove the sensitive document, or allow Titus to automatically classify the email at the same restriction level as the strictest attachment classification.
Titus Configuration for HIPAA Compliance integrates seamlessly with encryption technologies to automatically encrypt emails or files containing PHI.
If a health care worker attempts to send an email outside of the organization with a patient intake form attached, Titus alerts the user before allowing it to be sent.
Users can either remove the attachment, ensure the email is encrypted before sending it, or remove the outside email address from the To: line, among other security precautions.
These alerts can help build data security awareness among users and enforce applicable policies as required.
The Titus Patrol feature keeps tabs on users’ Downloads folder and scans files for sensitive health-related content, automatically classifying documents according to security policies.
For example, if a doctor downloads a patient’s medical record shared by another health care provider, Patrol would scan the file, embed persistent metadata, and give it an appropriate classification immediately.
Based on preconfigured policy requirements, Titus can also automatically add watermarks and any required information or category markings into the header and footer of a document.
Titus Configuration for HIPAA Compliance can scan locations where health organizations store patient health records, financial data, and other sensitive information, including on-premise shares, Box, Dropbox, OneDrive, Microsoft SharePoint, and SharePoint Online.
Files are automatically classified according to HIPAA regulations and internal information handling policies.
During the scanning process, the solution builds a data inventory containing file details that can be used to generate reports and identify risk areas.
Titus Configuration for HIPAA Compliance uses machine learning to understand context and automatically apply or suggest increasingly accurate data classifications to help ensure that your organization follows HIPAA guidelines.
As the Titus solution encounters repeat document types, such as patient intake forms or insurance claim documents, it begins to understand the similarities between documents and can more and more accurately apply automatic classifications.
HIPAA standards require organizations to protect individuals' privacy around personal health information, including setting limits and conditions on the uses and disclosures of PII without patient authorization.
Titus enables secure record-sharing between clinics and hospitals, external labs, physicians’ offices, and patients.
Built-in security awareness mechanisms help health care staff understand the necessity for proper data handling protocols.
Integration with encryption solutions means digital health records are secure during transit to patient portals in the cloud as well as when they are sent via email.
The secure recipient checking feature in Titus helps health care administrators and billing departments by alerting users when restricted documents are about to be shared externally and enforces classification or appropriate application of visual markings.
HIPAA also requires that PHI and other patient information be kept only for a set amount of time.
Titus allows users to set retention dates in a file’s metadata, triggering automatic alerts to admins when that date approaches. Titus can also put a legal hold alert on documents as required by HIPAA regulations.
The HIPAA security rule requires health care organizations to protect patients' electronically stored, protected health information (ePHI) by using appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity and security of the information.
Titus Configuration for HIPAA Compliance features an easy-to-use and flexible reporting feature that allows health care organizations to generate a Health Care Data Risk Assessment Report demonstrating compliance with HIPAA security requirements.
The report also brings to light any areas in your IT infrastructure where sensitive data may be at risk. Reports can be generated from the Titus administrative console and distributed automatically to key stakeholders.
One stipulation under the HIPAA security rule is that all ePHI is deleted after a certain time period.
You can designate data retention dates and storage requirements within a document’s intelligent metadata, and the Titus solution will automatically follow that direction, alerting your IT admins when files have reached their retention expiration dates.
Meet with one of our experts to assess your needs, and we'll walk you through our solution.Request a Demo
Join us on Monday, August 32nd where we talk about this, that, and the other thing.Details + register