Solutions for Health Care Organizations
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established security standards to safeguard protected health information (PHI) that is created, transmitted, or stored electronically. HIPAA also restricts the use and disclosure of PHI in any medium (electronic, paper, or oral) to protect patient privacy.
In 2009, the Health Information Technology Act (HITECH) mandated modifications to HIPAA rules to enhance patient privacy, increase patient rights to access their PHI, expand the definition of business associates, and toughen enforcement of health care privacy laws.
Global Relay Solution
Global Relay Archive helps health care organizations securely store and retrieve electronic communications for recordkeeping, eDiscovery, audits, and risk management.
Patients increasingly expect to communicate with their health care providers electronically – by email or even text message. Providers may also communicate with each other electronically. Electronic communications containing information related to a patient and his or her health care, or used to make a decision related to patient care, may be part of the patient’s medical record and therefore subject to retention requirements.
Global Relay Archive is an information governance solution for electronic communications. It captures and archives an authentic and complete record of your electronic business communications in a secure but easily accessible cloud repository.
- Automatically capture communications data, including email, instant messaging, mobile messaging, social media, and more.
- Preserve and index original metadata for each data type.
- Retain data for the required 5-10 year medical record term (or as defined by your internal policies).
- Store tamperproof copies of each archived communication.
- Replicate data between two mirrored, SOC-audited data centers in near real time.
- Full-text index and serialize each archived communication.
- Search for and retrieve any archived communication in seconds.
- Log all actions on each archived communication in unalterable audit trails.
- Migrate your legacy data with a clean and defensible chain of custody.
- Extend retention terms for Legal Holds and regulatory investigations.
EDISCOVERY & AUDIT FEATURES
Health care providers and related organizations face significant business and legal risks related to medical malpractice and other litigation, claims, and liability. They may also be subject to regulatory audits that can result in large fines for any violations. Electronic communications can supply valuable evidence in these cases to prove “who said what, when.”
- Proactively prepare for eDiscovery to reduce effort and costs.
- Quickly locate relevant communications amid large data volumes.
- Produce data online for regulators, external legal counsel, and other third parties.
- Produce data in a standard format for court.
- Extend retention terms for Legal Holds and anticipated investigations.
- Leverage our in-house Legal and Audit & eDiscovery teams to assist with audits, subpoenas, and other investigations.
- Use case management tools to identify, organize, and review data.
RISK MANAGEMENT FEATURES
Health care organizations are liable for all communications distributed through their corporate systems. With our set of flexible, turnkey supervision tools, your organization can efficiently enforce its communications policies for compliance, proper usage, and corporate governance.
- Establish supervisory controls to enforce usage policies, reduce legal risks, and improve employee awareness of potential legal exposure.
- Create and modify supervision policies and workflows with an intuitive interface and tools.
- Scan and monitor email, instant messaging, mobile messaging, social media, and more to identify what information is leaving the organization.
- Automatically flag communications based on flexible rules that identify prohibited content.
- View highlighted keyword matches for quick review.
- Conduct advanced analysis with Boolean logic, criteria lists, proximities, and more.
- Randomly sample data by percentage or number of communications.
- Build a multi-tiered review structure for escalation to senior compliance staff.
- Document supervisory activity in unalterable audit trails, with detailed histories of reviews and related actions taken.
HIPAA’s Security Rule sets national standards for the security of electronic protected health information (ePHI). It requires all covered entities and business associates to establish and maintain rigorous security controls to ensure the confidentiality, integrity, and availability of all ePHI they create, receive, maintain, or transmit. To meet these requirements, Global Relay enforces administrative, physical, and technical safeguards to protect customer data.
- Secure data delivery over encrypted, authenticated connections.
- Dual encryption of archived data at rest.
- Strong network security controls, including firewalls and intrusion detection/prevention systems.
- Tamperproof preservation of data with write-verification.
- Granular access rights managed and controlled by your administrators.
- Enforced user authentication over HTTPS, with the ability to authenticate against your Active Directory or corporate Identity Provider (IdP).
- Logging of all actions on archived data in unalterable audit trails.
- 24x7 monitoring by our Operations and Security teams.
- Integrity controls to ensure data cannot be modified or altered.