Hadoop has the potential to dramatically accelerate insights, drive cost savings, and improve service delivery across the healthcare industry. And with an estimated 80% of all health data in unstructured formats, Hadoop’s flexible data processing and streaming technologies can revolutionize healthcare providers’ decision-making and organizational efficiency.
Using Hadoop, healthcare organizations are able to:
- Streamline and analyze healthcare billing to dramatically reduce costs and fraud incidents.
- Digitize patient records to make decisions faster, manage costs better, speed payments, and modernize their systems.
- Incorporate a growing set of sensor and Internet of Things (IoT) health monitoring data that will fundamentally accelerate health tracking and health information gathering to improve medical diagnosis and quality care.
Across all of these opportunities, companies are interacting with patients, partners, and regulators and sharing information that typically includes tremendous amounts of private, sensitive data — personal health information (PHI), personal identifiable information (PII), and financial and privacy data related to billing and payments (PCI and financial data). At the same time, hackers are eager to pounce on health-related information that can be extremely valuable as a means to create a false identity or implement
complex insurance fraud schemes.
As the number and cost of breaches continues to rise, the healthcare industry is coming under fire for lagging industries such as financial services and retail in implementing adequate data security strategies. Healthcare organizations must take the right precautions to ensure their sensitive data remains private in Hadoop, and is compliant with the federal Health Information Portability and Accountability (HIPAA) and hundreds of state, federal, and industry compliance and privacy rules and mandates.
More than 29 million U.S. health records were compromised in data breaches between 2010 and 2013, most of which involved electronic data.
-Journal of the American Medical Association (JAMA)
Security incidents among healthcare payers and providers jumped 60% over 2013 — almost double the increase reported by all industries.
The average financial losses from security incidents soared to $2.9 million in 2014, a 282% increase over the prior year.
-PwC, The Global State of Information Security® Survey 2015
THE DATAGUISE SOLUTION:
- Using a robust and deep list of pre-defined HIPAA security policy definitions to protect Personal Health Information (PHI) attributes including default values and extendible, customizable elements for members’ health plan beneficiary IDs, social security numbers, medical record numbers, date of birth, date of admission/discharge, claim payment information, medical procedure information, and more.
- Automatically locating and classifying where PHI information resides on an ongoing basis.
- De-identifying member information to ensure privacy and compliance with HIPAA and HITECH, and enable data sharing across different groups worldwide.
- Delivering data-centric encryption for PHI elements to protect against insider and external threats.
- Providing authorized access (decryption) of sensitive data on a case-by-case basis for analytics applications that require access to plain-text data.
- Offering multi-cluster and high availability features to support the global, high-scale, and widely distributed nature of large healthcare organizations.
CASE STUDY: A Healthcare Payment Integrity Leader
Discovering and safeguarding Protected Health Information
(PHI) in an aggregate data lake with structured and
unstructured data from heterogeneous sources such as
claims, provider, and subscriber management applications,
enterprise databases, and data warehouses.
THE DATAGUISE SOLUTION:
DgSecure for Hadoop automatically discovers PHI data in a multi-tenant aggregate data lake providing seamless data protection (masking or encryption) of sensitive data.
CASE STUDY HIGHLIGHTS:
- Data discovery to ensure 100% coverage.
- Encrypts inside ID profiling system.
- Extensible IDs to discover and protect unique provider-specific data sets.
- Operates continuously in high available, distributed architecture (<1min recovery).
- Operates in close tandem with Hortonworks security.
A Healthcare Payment Integrity Leader
A healthcare payment integrity leader combines clinical expertise and analytical technology inside Hadoop to identify and reclaim excessive and inaccurate healthcare charges with a 99% success rate. The company needed to take the next step of sharing and making this data available to clients, partners, and government health agencies in a secure, private, HIPAA — compliant format. The company’s new big data cloud uses sensitive data encryption to ensure sensitive records — including names, health records, addresses, and billing amounts — can be selectively protected.
Locking Data from Unauthorized Access with Military-Grade Encryption
The company’s most important contribution to the data science of its customers is SACIE (Security, Assembly, Cleansing, Integrity, Enrichment and Security – SACIE). This proprietary approach takes customer data sets and ensures they are cleaned, enriched, and secure before any processing or analytics are applied to that information. Dataguise data-centric protection allows the company to serve and analyze sensitive patient and billing data across health plans, providers, and employers while locking data from unauthorized access with military — grade NIST 256 BIT AES encryption.
A Healthcare Revolution through PaaS (Platform as a Service)
The company provides breakthrough innovations with their first-of-its-kind healthcare Paas (Platform as a Service) delivery method. This simplifies a customer’s path to rapidly deploy and use their products to meet their business and clinical objectives. Customers can efficiently provide data feeds and relevant data sets via the company’s secure data ingestion protocols. The data is then cleaned and enriched. Regardless of what modules a customer has contracted for, the company delivers results in a timely and confidential manner using Dataguise protection. Customer data sets only reside in the company’s secured data center, and no data is shared, transferred, or accessed without explicit compliance to regulatory and customer contractual provisions.
- Consistent output values: AES encryption creates a unique, one-way, referential output value that ensures coding accuracy as well as proper consistent bindings to diagnosis and procedure codes.
- Sophisticated and flexible encryption policies: The company has the toolset to meet and match both Federal (HIPAA) and 38 State Privacy laws across the U.S.
- Full-scale access to billing data: for fraud, cost optimization, and care improvement with cleansed data available for data sharing back to network subscribers.
The Solution Environment