"Protecting Data in Motion", a March 2018 Risk & Insurance article, points to the fact that during the first half of 2017 alone, at least 2200 breaches—totaling over 6 billion records—were publicly disclosed. And those were the numbers prior to the reporting of the Equifax data breach.
As claims organizations improve operational efficiencies by using technology designed to eliminate paper-intensive, inefficient, and error-prone processes, it's critical that the vendors they work with monitor and address security vulnerabilities.
Origami Compliance is a forms solution that integrates with any claims management system to give adjusters immediate access to a single-source, up-to-date library of state and federal workers’ compensation claim forms. Without leaving the system, an adjuster can easily find forms based on state or category. When the correct form is selected, claim data is used to populate form fields and a PDF version generated.
In a recent post, we looked at how Origami Compliance can contribute to a reduction of costs associated with finding the correct version of state forms, the duplicative work of rekeying claim details previously entered, and the correction of errors that come with manual data entry.
But what about the safety of your customers' or employees' data? The following are the two general questions most commonly asked when it comes to ensuring Origami Compliance forms solution never exposes the personally identifiable information (PII) and protected health information (PHI) present in claims data.
Secure data transfer
Does the connection between our system and the Origami Compliance forms library expose our system and claims data?
Adherence to best practices in web application design and the data encryption of data are two of the methods used to prevent unauthorized access to claims management systems and the ability to view sensitive claimant information.
When an adjuster selects a form, behind the scenes a proprietary web application programming interface (API) facilitates a secure connection between your claims management software and the Origami Compliance forms library. Specifically, calls from your system to the forms library are made using a REST-type (or RESTful) API that is developed, tested, and maintained using best practices that address security issues. These include access validations and restrictions that ensure requests are legitimate and operations performed are properly protected from unauthorized use.
Claim data that will be used in the population of form fields is encrypted for transfer to the forms library. Once securely transferred and behind firewalls, the data is then decrypted to populate the form based on client-defined mappings. The completed document is then re-encrypted and returned to your claims management system.
Secure data handling
How and where is the PII/PHI data used in the population of forms stored?
Origami Compliance customer data is never stored in another system. Additionally, no claim information used in the population of forms are retained.
During the (virtually instantaneous) process during which claim data is decrypted and used to populate form fields, the data is held temporarily in random access memory (RAM). The Origami Compliance forms library is hosted in a Virtual Private Cloud (VPC) within the Amazon Web Services (AWS) environment, which allows both Origami Compliance and our customers to benefit from AWS security features, technology compliance, and certifications.
Simultaneous to the re-encryption and transfer of the completed document back to your claims management system, all claim data is completely expunged from RAM.
A seamlessly integrated forms solution that makes a day-in-day-out task required of claims adjusters easier and more efficient, Origami Compliance is committed to ensuring that your data is protected—both in transit and during the merging of private and sensitive information into workers' compensation forms.