|Client ||:||Access Health|
|Practice Area||:||Information Lifecycle Governance & Security|
Access Health CT is Connecticut’s official health insurance marketplace. It was established to meet the requirements of the federal Affordable Care Act. Their mission is to increase the number of Connecticut residents who are insured, retain current members, lower their costs, promote health, and eliminate health inequalities. Access Health CT operates at no cost to the state or its taxpayers.
A 14-member Board of Directors, chaired by the Connecticut Lieutenant Governor, oversees Access Health CT. Four advisory committees, which include a wide variety of stakeholders, provide the board with different perspectives on initiatives and operations.
Access Health CT maintains sensitive information about customers, and must protect confidentiality and avoid unauthorized disclosure of this information. The main drivers for implementing a data privacy strategy were to safeguard patient data and to avoid costly penalties for non-compliance.
Compliance requirements for Access Health CT were focused on protecting confidential patient information in the more vulnerable application testing environments. Access Health CT relies on several large applications for managing health insurance policies, patient records and financials to support daily business activities. The information collected in these applications is managed across DB2 databases and applications are upgraded and enhanced on a regular basis. This meant that much patient information was exposed to application developers and testers. Cloning databases also necessitated more disk capacity, and increased the time required to create and refresh test databases and conduct application testing. To avoid breaches of sensitive information and other types of security incidents, Access Health CT required a proactive, preventive approach with attention to future security and privacy needs.
Access Health CT needed a solution that:
Estuate helped Access Health CT adopt a policy-driven, on-demand masking approach that proactively protected data privacy and supported compliance needs. Estuate implemented InfoSphere Optim Data Masking Solution to allow users to mask data on demand. Real-time capabilities to de-identify sensitive data across the enterprise provided more flexible privacy protection in applications, databases, reports and more.
Data masking allows Access Health CT to protect patient privacy and preserve the referential integrity of test data across environments. Subsetting capabilities allow them to create smaller, more realistic test databases. Test data privacy helps avoid breaches and costly lawsuits. The solution:
We at Access Health CT knew that the sensitive data we held exposed us to risk of breaches and imposed stringent regulatory requirements. We needed to accomplish these goals without disrupting business processes and our speed of development. Estuate’s solution allows production data to be safely used for development, testing, and facilitated development on a global scale. We are now more assured that our customers’ data is protected and we will always be in compliance with the regulations.
Hari Prakash Venkatachalam,
IT Project Manager.