Track where ePHI is stored, how it’s encrypted (at rest/in transit), and who controls keys. Enforce rotation, escrow, and separation-of-duties across databases, file stores, object storage, and messaging.
Functions
- Inventory of PHI data stores with algorithm/cipher and TLS posture.
- Key lifecycle: creation, rotation, expiration, revocation, and custody chain.
- Drill-downs for cloud KMS/HSM, app-level encryption, and tokenization.
Reporting
- Rotation SLAs and breach-safe posture checks.
- Evidence bundles for auditors (configs, rotation logs, approvals).
Governance & Compliance
- Aligns to HIPAA §164.312(a)(2)(iv) and NIST 800-111 controls for encryption and key management.
- Enforces dual control and separation-of-duties on key access.
- Supports automated attestation workflows for key custodians.
Value
- Security: Prevents stale or compromised keys and ensures complete encryption coverage.
- Compliance: Provides defensible audit evidence and continuous monitoring.
- Operations: Simplifies visibility across multiple cloud and on-prem KMS solutions.


