Enhancing Compliance with Healthcare Insurance Portability
and Accounting Act of 1996
Orion Governance Use Case
Helping Clients Avoid $50,000 Fines
In 1996 the U.S. enacted a federal law designed to prevent the disclosure of sensitive patient health information without the patient’s consent or knowledge. The legislation also allows American workers and families to continue health insurance coverage by transferring it when they lose or change jobs. These provisions require the confidential handling of protected health information (PHI) to reduce healthcare fraud and abuse. They also establish standards for health care information on electronic billing and in related processes.
HIPAA non-compliance will result in penalties or monitored enforcement of corrective action plans. Enforcement may be imposed by the U.S. Department of Health and Human Services Office of Civil Rights or a state attorney general. A four-tier structure of fines from $100 to $50,000 per violation serves as a strong deterrent. But fines can total $1.5M per year!
![Hipaa Journal 2018 Hipaa Journal 2018](https://www.oriongovernance.com/dev-zone/wp-content/uploads/2021/12/hipaa-journal-2018_1-600x624.png)
HIPAA Compliance for the Mainframe
The Project
Orion implemented end-to-end lineage for COBOL/JCL using the Orion Enterprise Information Intelligence Graph (EIIG) to ingest multiple such systems. The implementation yielded cross-system lineages with SSIS and Informatica. This was a huge benefit for the business and IT users.
Business Problem
The client needed to establish an enterprise governance program for HIPAA compliance. Specific requirements included traceability of flows of business-critical data elements needed by auditors.
The Orion Governance Solution
Orion’s Enterprise Information Intelligence Graph (EIIG) ingested the mainframe code and provided traceability for PHI (personal health information) and PII (personally identifiable information) across three large mainframes in less than 30 minutes.
Business Benefits with Orion Governance
The fundamental principle for governing your information assets is, “Know your data”. The EIIG implementation provided full visibility of data assets. In turn, the company’s business users better understand the assets available for making informed decisions. As well, the company was able to provide traceability of HIPAA data elements for auditors.
Cost Savings
Complete real-time traceability saved the customer hundreds of thousands of dollars in resource expenses. In addition, the company avoided expensive penalties resulting from non-compliance.