This story is part of our client success series. It showcases Fortune 100 and 500 customers across various industries that turned to Privacera to solve their tough data security, access, and governance challenges. Check out all the stories in this series.
Business and Business Risks
This customer is a key player in a diversified healthcare payer plus provider, navigating the complex terrain of healthcare data, merging medical, insurance, and claims information to refine health system performance. Their strategy focuses on harnessing advanced analytics and deep healthcare insights, aiming to enhance access, affordability, and patient outcomes. This approach not only caters to individual healthcare needs but also drives innovation in products and services for a broad spectrum of stakeholders, including patients and governmental bodies. By integrating data-driven solutions with healthcare expertise, the company can advance the quality and efficiency of healthcare services, ensuring a seamless and cost-effective healthcare journey for all involved.
However, the bedrock of the company’s operations—data integrity and system functionality—is under constant threat. Their success hinges on the ability to maintain the accuracy and availability of its data, along with the seamless performance of its technology platforms. Facing the challenges of managing vast amounts of sensitive information, the company must ensure privacy and security compliance by adhering to stringent regulations such as the Health Information Technology for Economic and Clinical Health Act (HITECH). Regular audits by both internal and external entities underscore the company’s commitment to upholding these standards, reflecting its ongoing effort to mitigate risks and safeguard its operational backbone in the ever-evolving healthcare landscape.
The Business Issue
Transitioning to the cloud presented a dual-edged sword for the company: It offered the promise of scalability, enhanced performance, and support for diverse data types; yet given they are a healthcare provider, cloud migration demanded meticulous control over data access to maintain security and confidentiality. The crux of the challenge lay in striking a balance between empowering data scientists and analysts with efficient data access while enforcing stringent access restrictions down to schemas, tables, and columns. This granularity in access control was not just a technical necessity but a regulatory imperative, especially to align with standards like Health Insurance Portability and Accountability Act (HIPAA). Ensuring comprehensive auditing and access tracking is paramount to reconciling the often conflicting demands of data governance, highlighting the intricate dance of maintaining robust security measures without impeding the fluidity of data exploration and analysis.
The Solution
To navigate the intricate landscape of data management and security, our customer adopted Snowflake as its central data warehouse, leveraging Snowflake’s scalability and robust support for various data types. Snowflake’s architecture proved to be a fitting backbone for the company’s multifaceted data needs, accommodating the vastness and diversity of their information assets. Snowflake proved an ideal choice for handling the company’s complex data ecosystem.
To complement Snowflake’s capabilities, the company integrated Privacera to bolster their data governance framework. This integration via the Snowflake PolicySync Connector enabled fine-grained access control, allowing the IT team to to define and manage access policies at a granular level, controlling access to schemas, tables, and columns within Snowflake.
Privacera’s utility extends beyond mere access management, playing a crucial role in ensuring compliance with HIPAA. Privacera’s comprehensive auditing and tracking functionalities create clear oversight of data usage and access patterns, aligning with the regulatory demands of the healthcare sector.
To streamline their data access processes, our healthcare customer implemented an innovative, automated framework via GitHub. This system allowed data scientists and analysts to request access efficiently, specifying their data needs with precision—their required tables, schemas, roles, and desired access levels. Typically, requests involve read permissions for conducting data analysis and modeling. Upon submission, the automated framework processed requests efficiently, granting access based on predefined policies and permissions. The automated process then vetted these requests against policies, ensuring access was granted swiftly and securely, while the IT team maintained oversight to enforce security and compliance rigorously.
Business Impacts
The company’s strategic deployment of Snowflake and Privacera, complemented by an automated access request system, catalyzed a transformation in data accessibility and security. This integration enabled swift, secure access to vital datasets, facilitating the rapid development of analytical models for billing, claims analysis, and health-trend monitoring. The centralized control over data access streamlined operations but also fortified compliance with stringent regulatory standards, substantially reducing the risk of data breaches or misuse. This approach underscores a commitment to both efficiency and security, marking a significant stride in data management within the healthcare sector.
The confluence of these technologies and processes at the company resulted in a robust framework for data governance and access control. Enhanced operational efficiency and tightened security protocols emerged as key benefits, engendering a culture of trust and reliability in data management. This strategic initiative not only elevated the company’s data management capabilities but also enabled the organization to meet rigorous data security governance standards for the handling of sensitive healthcare data. This not only enhanced operational efficiency but also strengthened data security measures, fostering trust and confidence in compliant data handling practices within the healthcare industry.
Background on Privacera
Privacera works for customers at the intersection of data governance, security, and data privacy. Privacera’s unified data access governance platform maximizes the value of data by providing secure data access control and governance across hybrid- and multi-cloud environments. The Privacera platform centralizes access and natively enforces policies across multiple cloud services—AWS, Azure, Google Cloud, Databricks, Snowflake, Starburst and more—to democratize trusted data enterprise wide without compromising compliance with regulations such as GDPR, CCPA, LGPD, or HIPAA. Trusted by Fortune 500 customers across finance, insurance, retail, healthcare, media, public and the federal sector, Privacera is the industry’s leading data access governance platform that delivers unmatched scalability, elasticity, and performance. Privacera was founded in 2016 to manage cloud data privacy and security by the creators of Apache Ranger™.
See what data compliance, privacy, and security looks like for your healthcare data. Request a demo today.