The Health Insurance Portability and Accountability Act of 1996 is a law in the United States that defines requirements for safeguarding PHI and ePHI.

Solidatus helps organisations articulate the value of data governance by mapping together multiple parts of an organisation often maintained in different siloed environments. Not only does it reduce the time and cost involved in managing HIPAA requirements it provides a clear understanding of the impacts on an organisation, the shared responsibilities and promotes enterprise best practice and change.


Whether your organisation is a private health care provider managing the complexities of portable Protected Health Information (PHI) and Electronic Protected Health Information (ePHI) data, or a pharmaceutical company tracking the treatment of research patients, you will be required to provide evidence that you are complying with the HIPAA requirements. If not done correctly, there are serious organisational consequences, both financially and reputationally.


  • Solidatus improves organisations’ HIPAA risk assessments and documentation, and maps together ePHI, people, policies, procedures (including HIPAA requirements for encryption, retention, training, audit).
  • Organisations can reduce costs, time and effort by using Solidatus as the central tool for HIPAA compliance and assessments.
  • Solidatus enables the pinpointing of ePHI data wherever it occurs and is used within the organisation, allowing speedy and comprehensive risk assessments of data and regulatory breaches.
  • The chances of quickly and successfully containing an incident are massively improved if the data landscape of the enterprise is recorded and understood.
  • Solidatus facilitates the automation of regular tasks and can assist in alerting failures to comply with the regulations.
Solidatus for HIPAA


Most organisations are struggling to be truly compliant with HIPAA, as compliance typically requires a labour-intensive, high-cost compliance process. Solidatus changes the manual processes into an interactive automatic data operational model with built-in risk assessment and audit management capabilities.

Solidatus helps organisations simplify their adherence to HIPAA requirements by providing a tool that can map the flow of PHI and ePHI data through the organisation, visualising the mapping against their people, processes and data management capabilities. When compared to other data privacy legislation, HIPAA is particularly lengthy, multi-layered and detailed. Organisations can avoid inadvertently breaching one or more of its rules through day-to-day changes without due scrutiny. Solidatus further supports organisations by easily illustrating commonalities between all enterprise-relevant privacy regulations.

Creating an end-to-end holistic view of all information and data relevant to HIPAA provides an operational blueprint for audit and planning purposes, which helps to facilitate required training and associated actions to ensure ongoing compliance.

Company-wide collaboration

Through its collaborative and crowdsourcing model, Solidatus allows for quick and effective enterprise-wide identification of where PHI and ePHI data is held. Working with all teams across the organisation, a clear understanding can be achieved of exactly where data is and how it’s being used in business and IT processes.


Data flow can be clearly mapped out to visualise each contact point, and ownership can then be assigned. Once an organisation has this knowledge, they are able to quickly and confidently fulfil an ‘Insurance Portability’ request knowing that they have ported all the PHI and ePHI from every possible place it has been held.


Solidatus can quickly discover, document and share models, simplifying compliance, speeding information-finding and facilitating training. Data models can be leveraged for multiple initiatives and compliance requirements. The easy-to-use interface reduces time and cost: policies, processes and data can be mapped to the same model – efficiently re-using data to give a single source of truth.


Solidatus can demonstrate to the regulator how and when audits and risk assessments were conducted and prove how information is collected, stored, used, deleted, and who has access to it. It also clearly shows that HIPAA relevant data is a key consideration for future change.


By modelling the HIPAA regulation to the organisation’s data flow, Solidatus can display PHI and ePHI in a data lineage map. Having visualised where the ePHI data is used in the data landscape, the organisation can track its usage, risks and controls. The Solidatus web-based portal provides users with a clear understanding of their responsibilities when working with HIPAA-related data, and removes the resource-intensive office-based distribution of uncontrolled information.

Solidatus has the ability to support organisations that find themselves operating in a crisis situation, such as a data breach or a loss of data. Organisations utilising Solidatus can identify where critical data is located within systems and applications for rapid risk and impact assessments. It can also document and illustrate backup and recovery procedures, clearly showing in detail where data is backed up to and which data stores are necessary for the restoration of lost data.

Related content

Solidatus is used by some of the world’s largest institutions

Accelerate your HIPAA Compliance

Award-winning Solidatus is empowering enterprises globally to accelerate their understanding and optimisation of their data and organisational processes. The Solidatus methodology for digitally transforming organisations to be data-centric and lineage-enabled is changing how businesses discover, document, map and manage their data.

Solidatus is a member of the EDM Council.

© 2021. Threadneedle Software Holdings Limited trading as Solidatus | Privacy Policy