Success Story

Protecting PHI Data and Improving Developer Efficiency

Problem: Noncompliance and Risk of Data Breach

Every single day, the healthcare industry moves massive amounts of data in a highly complex, technical environment. 

In the face of new and increased competition, health plans must move quickly to meet new market demands. As a result, they’ve had to retool the way they develop and launch new products, putting significant emphasis on the ability to virtualize and quickly move data downstream to new systems for testing and launch. 

Yet, to remain in compliance with HIPAA and other regulations, every health plan still has a contractual obligation to protect their patient’s privacy. This obligation extends to both production and nonproduction environments. 

With the advent of offshoring, managing test data privacy has taken on a whole new level of complexity. Product developers need rich data to properly develop and test code to ensure it will perform as required. In other words, they can’t properly determine if code is working when all the entries have been changed to “John Doe at 123 Main St.” 

So, why not just scramble the data? All data has relationships, and developers need these key relationships to ensure the code is functioning properly. In addition, data comes in all shapes and sizes, and it’s crucial to maintain the continuity of the data when it’s shared. 

As a result, full copies of data have been supplied to offshore developers. Not only is data being brought into nonproduction testing environments, but developers are also taking their own snapshots of the data. There is no line of sight as to what is happening with this information, which creates multiple areas of exposure and numerous opportunities for data breaches. Although production data is largely locked down in the U.S., a number of data breaches have been traced to nonproduction environments offshore. 

When the client approached us, they had fallen out of compliance with state and federal regulations and were at risk of a data breach. Our challenge was to deidentify the downstream data while maintaining both its key relationships and continuity.

Solution: Deidentified Data and Improved Efficiency

With more than 30 years of experience in the healthcare industry, we quickly identified the problem and went straight to the marketplace to find a solution.

Our solution works because its algorithms are applied across the board consistently, so the data is always scrambled the same in every system. No matter what comes in, developers can have confidence that the system will behave as if the data is real . . . even if it’s not. 

This was all accomplished using a platform called Delphix.

Delphix is a data masking and virtualization company that maintains data continuity and applies efficiencies in the way the data is managed, so the impact to the infrastructure and environment is significantly reduced. 

Most companies have four to five nonproduction environments. So, when the terabytes for every full copy of data are multiplied by four or five—that becomes a lot of data to share with developers! In addition, when multiple developers are contracted for a project, the data must be serialized (or put in order to avoid overlap) as it goes through development.

Since Delphix maintains continuity and also virtualizes data, one database can be created. Once massed, many copies of the data can be made in a matter of minutes. And, it only takes 50 megabytes, which significantly increases the speed and efficiency of the development team. The data can be spread across multiple developers at any given time because the copies don’t cost anything. 

With our solution, any developer can go in and create their own data environment. This gives them a tremendous ability to spin up databases! If they are testing code and find a defect, they can simply rewind the database—like a tape—back to the point in time where the data was unchanged. This can be done innumerable times until they get exactly what they are looking for.

Before our solution, developers would have to call and request a full refresh of the data each time a defect was found. This could take days. Now, developers have their own space to work, creating a very personal approach. As the code moves further down the development cycle, the same logic applies. If QA finds a defect, they simply rewind the data. 

This solution quickly brought the company into full compliance while improving the efficiency of their development process.

Outcome: Significant ROI

With virtualization technology there is a significant ROI due to the reduction in hardware storage costs. After all, a fraction of the size is equal to a fraction of the cost. 

In addition, masked and unmasked copies of the data can be run side by side. Since only two full copies are ingested, companies quickly see substantial savings.

Although there are other ways to get these efficiencies, it’s the combination that makes the difference.

SourcEdge’s Role: From Discovery to Delivery

SourcEdge was selected by the client due to its expertise with the Facets claims system, Oracle databases, virtualization and data replication, and security, HIPPA, and PHI requirements. We supported the client through full delivery and implementation of the solution, which provided data protection plus the ability to more efficiently manage developer and QA teams. 

Our team:

  1. Discovered the source of the problem.
  2. Selected the tool and provided proof of concept delivery to validate whether it was comprehensive enough to solve the compliance and efficiency needs of the organization.
  3. Planned and designed the entire masking / virtualization project.
  4. Implemented, integrated, and customized the Delphix software product as part of the overall solution.
  5. Developed a detailed plan for each of the impacted downstream subsystems with a technical plan for how to implement the solution for each specific system.
  6. Assessed and identified third party application impact with a plan to enable support going forward.
Protecting PHI Data and Improving Developer Efficiency workflow

This was all accomplished with fundamentally the same core team. The people who worked with the business administrators also served to architect and deliver the solution, providing efficiency and accuracy for the client. 

At SourcEdge, we’re not just a staffing company. Rather, we’re a trusted partner who delivers a turnkey solution for highly complex projects. We understand enterprise data modeling and the Delphix platform. With our highly trained team, we move from diagnosing the problems to implementing the solutions with precision and efficiency. 

PROUD SPONSOR & PRESENTER

2024 Cognizant Health Sciences Conference

SourcEdge, An Alivia Company, was Cognizant’s First Healthcare Certified Consulting Partner. During this four-day event, SourcEdge and Alivia Analytics will discuss its combined products and services for commercial and government health plans.