This story is part of our client success series. It showcases Fortune 100 and 500 customers across various industries that turned to Privacera to solve their tough data security, access, and governance challenges. Check out all the stories in this series.
In the highly competitive insurance industry, this Fortune 500 healthcare payer relies on its data to help design and price its products and ensure profitability. As part of a new clinical initiative, the company aimed to provide a better healthcare experience to customers, while reducing costs. By improving its data, it could better manage claims payments, payment capitation to providers, and future payments to hospitals and other medical providers.
With the need to ensure strict industry compliance and data security, especially for sensitive data, the company turned to Privacera. Read on to learn how it secured its data estate to enable greater access control across its complex, siloed environment.
Business Risks
As an increasingly digital business, the integrity and timeliness of this healthcare company’s data impacts how it runs its business and the quality of customer experience it delivers to customers.
The specific requirements for the initiative included:
- Building new data products for members and providers
- Having timely data for product and service pricing to provide effective and efficient service to customers and to timely and accurately report financial results
- Being able to rapidly adapt to customer preferences
- Remaining compliant with ever-evolving industry and regulatory standards
The company also needed to protect sensitive data—including proprietary, confidential, and personally identifiable information (PII)—because a data breach would disrupt operations, incur penalties, and cause reputational risk. In turn, this risk would materially impact operations, financial position, and cash flows. While securing this data, the company needed to process, store, and transmit large volumes of data safely. It relied on its third-party service providers to do the same.
Business Issues
Innovating the healthcare payer’s data usage while protecting against adverse business outcomes was critical to the company. As it transformed into an increasingly digital business, it needed to invest continually in innovating its information systems to provide members and providers with easy-to-use digital products.
To succeed, the company made significant investments in the latest technology for on-premises and cloud computing, resulting in a more complex enterprise architecture. It housed its data in three different environments, supported by an architecture that included Docker, Microsoft Azure, and Streamsets.
To avoid adverse outcomes from its complex environment, the company needed to ensure consistent and seamless data accessibility and security of its growing data estate. To protect its data, it deployed coarse-grained security controls. And to distribute risk, it created many datasets with duplicate data elements across them, including distinct rights and privileges per dataset. While this type of coarse-grain security limited risk to a degree, the all-or-nothing security approach left each data set exposed to internal and external threats.
The challenges of this approach included:
- Increased compute, storage, and management costs due to data duplication
- Increased workload on already stretched IT resources
- Increased security and audits cost due to data proliferation
- Inability to ensure consistent application of data security and privacy policies
In general, the company needed to eliminate complexity, better secure its environment, and refocus time and resources to ensure greater business innovation.
Solution
This healthcare payer looked to Privacera for a new approach to manage its healthcare data, access, and security. By adopting a single platform to manage its data security, the company eliminated the complex and siloed patchwork of governance and access control offerings. In doing so, it has enhanced its data security, made its data more accessible and easier to manage, and as a result, reduced its IT team’s workload.
Business Impact
By using Privacera, the company gained:
- Automated sensitive healthcare data discovery to protect its entire data estate.
- The ability to create datasets on a per-business function basis, reduce excessive datasets and resulting data proliferation.
- Fine-grained access controls with masking and encryption to protect its data for improved, more transparent data security.
- A comprehensive view of its data security and access policies, simplifying the audit process.
- The ability to implement and automate:
- Data classification methodology
- Sensitive data to classification-level mapping
- Tag and classification rules
- Data protection based on classification and user access level
No matter how unique your data ecosystem, products, and processes are, Privacera can help future-proof your data security, access, and governance for greater scalability, connectivity, and competitive opportunities. Learn more in our ebook How to Drive Data Value and Innovation with Unified Data Security Governance. Read the ebook.