A 1996 American federal law designed to prevent disclosure of sensitive patient health information without the patient’s consent or knowledge. It allows American workers and families to continue health coverage by transferring their health insurance when they lose or change jobs. It requires confidential handling of Protected Health Information (PHI) and reduces healthcare fraud and abuse. It also establishes the standards for health care information on electronic billing and related processes.

Can you afford a $50,000 fine per violation?

HIPAA Non-Compliance includes penalties and/or enforcement rules (corrective action plans on covered entities who fail to comply), from the Department of Health and Human Services’ Office of Civil Rights (OCR) and the State’s Attorney General. These act as a deterrent to prevent any violations with a 4 tier structure for fines from $100 per violation up to $50,000 per violation (see image below). But fines can reach $1.5M/year!

Hipaa Journal 2018

Use case

HIPAA compliance for the Mainframe


Orion implemented end-to-end lineage for COBOL/JCL using the Orion Enterprise Information Intelligence Graph (EIIG) to ingest multiple COBOL/JCL systems, show cross-system lineage with SSIS, Informatica, for consumption by both IT and Business users.

Business Problem

Establish enterprise governance program for HIPAA (Health Information Portability and Accountability Act) compliance. Provide traceability of information flow for business critical data elements to auditors.

The Solution

Orion’s Enterprise Information Intelligence Graph (EIIG) ingested the Mainframe code and provided traceability for PHI (Personal Health Information) and PII (Personally Identifiable Information) across 3 large Mainframe systems in less than 30 minutes.

Business Benefits

The first fundamental step in governing your information assets incl. mainframe is: “know your data”. This engagement provided full visibility of information assets, enabling business users better understand the information available to make informed decisions. The Business was able to provide traceability of HIPAA data elements, when they were audited.

Cost Savings

The ability to generate near real-time traceability saved the customer hundreds of thousands of dollars in resource costs and offset penalties that would have otherwise arisen from non-compliance.