PHI/PII

When your organization’s Information System contains data that is considered private, such as Personally Identifiable Information (PII) or Protected Health Information (PHI), you are obligated by specific laws and regulations to protect that information from individuals and entities accessing the data without authorization. This task can be daunting when you must navigate and implement the proper security controls. We can assist your organization with making sure you apply the controls needed along with auditing the controls to validate they are implemented in the appropriate method.

When you are dealing with PHI, your organization must adhere to the regulations that the Department of Health and Human Services developed, which are known as the Privacy Rule and the Security Rule. The Privacy Rule establishes that organizations must protect all Individually Identifiable Health Information. This data is considered protected health information (PHI). The Security Rule established these rules for electronic PHI.

Not all organizations deal with healthcare information, but they do contain Personally Identifiable Information (PII). Some entities call this Sensitive Personal Information (SPI), but they are one in the same. This information is considered sensitive since it can identify, contact or locate an individual. There is a large list of information considered to be PII, so it is crucial that your organization understands and protects this data.

Regardless of the data that your organization contains and utilizes, it is imperative that you protect it with the appropriate controls which show Due Care. SLATE can help develop a strategy to implement these controls and properly evaluate their effectiveness, whether we implement a CISO, Audit or Vulnerability Assessment.