UnitedHealth Group (UHG) provides health benefits and services to more than 85 million individuals worldwide including all 50 states in the United States and more than 125 other countries, with worldwide revenues of over $120 billion (Ranked #14 on Fortune 500). UHG’s core capabilities in clinical care resources, information and technology uniquely enable it to meet the evolving needs of a changing healthcare environment in order to help build a stronger, higher quality health system that is sustainable for the long term. UHG serves its clients and consumers through two distinct platforms: United Healthcare (UHC), which provides health care coverage and benefits services and Optum, which provides information and technology-enabled health services
Given UHC’s diverse subscriber base and global reach, member information needs to be shared and managed responsibly, and with fine grained security, by a variety of resources. In addition to mandatory health information protection laws such as HIPAA and HITECH, which mandate protecting this information from data breaches and fraud, it is imperative for the health of UHC’s business that members trust their personal information remains private and secure. UHC’s aggregate data lake contains data from a variety of sources:
- Transformed columnar structured data from a claims platform based on relational databases and enterprise data warehouses that includes claims data from individual, employee, and retiree members across various individual, group, and federal (Medicare) insurance plans, provider data from medical providers (doctors and hospitals).
- Unstructured data in file attachments with claims (pdf documents).
- Call center audio transcripts gathered from customer support interactions with members.
- Unstructured data in the form of clinical notes attached to claims.
Given its Big Data landscape with medical and insurance data, UHC needed an innovative security solution that protects its aggregate data lake holistically, while simultaneously minimizing breach risk and satisfying healthcare and privacy laws. Only then could it maintain a clean “bill of health” for its systems and infrastructure.
- Automatically locate and classify where PHI information resides on an on-going basis.
- De-identify member information to ensure privacy and compliance with HIPAA, HITECH and enable data sharing across different groups worldwide.
- Data-centric encryption for PHI elements to protect from insider and external threats.
- Provide authorized access (decryption) of sensitive data on a case-by-case basis for analytics applications that require access to plaintext data.
PKWARE suite delivered integrated discovery and protection services for PHI data within aggregate data lake platform built on MapR by UHC:
- UHC’s nuanced needs to accurately discover and visually present where sensitive PHI data resides and understand its protection status were perfectly matched by PK Discovery.
- UHC was able to encrypt or mask subscribers’ PHI information residing in HDFS with pinpoint accuracy utilizing PKWARE for Hadoop data centric protection.
- UHC shares de-sensitized data from aggregate data lake for analytics and other purposes across its worldwide teams utilizing PKWARE masking technologies.
UHC leverages PKWARE encryption technologies to fit its custom requirements for encryption and key management while providing seamless access to plain text data from a variety of data access contexts for authorized users utilizing flexible PKWARE decryption techniques.