Access Health Ensures Data Security With Estuate

single image
         :  Access Health

Industry       :  Healthcare

Practice Area  :  Information Lifecycle Governance & Security



Access Health CT is Connecticut’s official health insurance marketplace. It was established to meet the requirements of the federal Affordable Care Act. Their mission is to increase the number of Connecticut residents who are insured, retain current members, lower their costs, promote health, and eliminate health inequalities. Access Health CT operates at no cost to the state or its taxpayers.

A 14-member Board of Directors, chaired by the Connecticut Lieutenant Governor, oversees Access Health CT. Four advisory committees, which include a wide variety of stakeholders, provide the board with different perspectives on initiatives and operations.

Business Challenge:

Access Health CT maintains sensitive information about customers, and must protect confidentiality and avoid unauthorized disclosure of this information. The main drivers for implementing a data privacy strategy were to safeguard patient data and to avoid costly penalties for non-compliance.

Compliance requirements for Access Health CT were focused on protecting confidential patient information in the more vulnerable application testing environments. Access Health CT relies on several large applications for managing health insurance policies, patient records and financials to support daily business activities. The information collected in these applications is managed across DB2 databases and applications are upgraded and enhanced on a regular basis. This meant that much patient information was exposed to application developers and testers. Cloning databases also necessitated more disk capacity, and increased the time required to create and refresh test databases and conduct application testing. To avoid breaches of sensitive information and other types of security incidents, Access Health CT required  a proactive, preventive approach with attention to future security and privacy needs.

Access Health CT needed a solution that:

  • Prevented loss or theft of sensitive information.
  • Protected access to sensitive information with strong authentication
  • Improved security and privacy policy compliance.

The Estuate Solution:

Estuate helped Access Health CT adopt a policy-driven, on-demand masking approach that proactively protected data privacy and supported compliance needs.  Estuate implemented InfoSphere Optim Data Masking Solution to allow users to mask data on demand. Real-time capabilities to de-identify sensitive data across the enterprise provided more flexible privacy protection in applications, databases, reports and more.

The solution:

  • Leverages Optim data masking services to mask data on demand, anywhere at any time.
  • Creates smaller, targeted test databases that can be refreshed much faster than clones of the production database.
  • Masks data in databases, warehouses and big data environments, in both production and nonproduction environments.
  • Replaces sensitive information, such as credit card or social security numbers, with fictitious, meaningful values to provide usable data for application developers, trainers and testers without exposing sensitive production data.

Business Impact:

Data masking allows Access Health CT to protect patient privacy and preserve the referential integrity of test data across environments. Subsetting capabilities allow them to create smaller, more realistic test databases. Test data privacy helps avoid breaches and costly lawsuits. The solution:

  • Prevents abuse of sensitive data in production environments, enhancing data security for outsourced application development.
  • Applies predefined masking techniques to speed time to delivery.
  • Preserves the referential integrity of the data, while protecting privacy.
  • Improves flexibility for masking data in existing non-production databases.  
  • Helps comply with data privacy mandates such as Payment Card Industry (PCI) Data Security Standard (DSS) and Health Insurance Portability and Accountability Act (HIPAA).

        We at Access Health CT knew that the sensitive data we held exposed us to risk of breaches and imposed stringent regulatory requirements. We needed to accomplish these goals without disrupting business processes and our speed of development. Estuate’s solution allows production data to be safely used for development, testing, and facilitated development on a global scale. We are now more assured that our customers’ data is protected and we will always be in compliance with the regulations.

Hari Prakash Venkatachalam,
IT Project Manager.