Cyber Risk

PHI and PII Identification

We'll work with you to extract relevant PHI and PII and give you and your legal counsel the best possible guidance around regulation and breach notification.

When a data breach event occurs, one of your company’s most pressing concerns is deciding exactly who you need to notify, especially if sensitive PII and PHI data have been breached. With more than a decade of experience helping businesses manage data breach events, Kroll is uniquely positioned to assist your company with identifying precisely what PII and PHI may have been impacted by an event.

If your company had a data breach, how simple would it be to compile your notification mailing list based on the data that was exposed? The data related to your breach population is not always organized in neat columns and rows. At times it’s difficult to determine what was lost, which in turn makes it difficult to determine who, exactly, you need to notify. Over-notification can lead to unnecessary costs, but under-notification may run afoul of regulatory compliance concerns.

As well as securing data from digital sources, we can scan video and audio files, and also complete a physical document review, aggregating and consolidating the impacted data. We’ll work with you to develop a plan and approach to understanding the data at hand, isolate the PII and PHI data from various file types, organize it into logical categories, and provide guidance to you and your legal counsel on our findings. These efforts will not only provide you with a master notification list, you’ll know the types of PHI or PII involved so that you can provide targeted messages and identity monitoring services to those affected.

The master list is presented to you and your legal counsel so that you can make informed decisions about exactly who to notify, saving you money and putting you in the most defensible legal position. Our advanced data analytics, combined with our years of experience in forensic analysis, will help secure the best possible outcome for your organization.

/en/services/cyber-risk/investigate-and-respond/phi-pii-identification /-/media/kroll/images/banners/services/cyber-risk.ashx service

Related Services

Cyber Risk

Cyber Risk

End-to-end cyber security services provided by unrivaled experts.

Cyber Risk
Cyber Risk

Remediate and Restore

Call center and breach notification services across myriad industries and geographies.

Remediate and Restore
Cyber Risk

Investigate and Respond

Identify vulnerabilities, intrusions and data ex-filtrations and provide recommended solutions.

Investigate and Respond
Cyber Risk

Prepare and Prevent

Internal and external assessments to evaluate clients' systems, applications, and facilities.

Prepare and Prevent