UnitedHealth Group (UHG) provides health benefits and services to more than 85 million individuals worldwide including all 50 states in the United States and more than 125 other countries, with worldwide revenues of over $120 billion (Ranked #14 on Fortune 500). UHG’s core capabilities in clinical care resources, information and technology uniquely enable it to meet the evolving needs of a changing healthcare environment in order to help build a stronger, higher quality health system that is sustainable for the long term. UHG serves its clients and consumers through two distinct platforms: United Healthcare (UHC), which provides health care coverage and benefits services and Optum, which provides information and technology-enabled health services
Given UHC’s diverse subscriber base and global reach, member information needs to be shared and managed responsibly, and with fine grained security, by a variety of resources. In addition to mandatory health information protection laws such as HIPAA and HITECH, which mandate protecting this information from data breaches and fraud, it is imperative for the health of UHC’s business that members trust their personal information remains private and secure. UHC’s aggregate data lake contains data from a variety of sources:
- Transformed columnar structured data from a claims platform based on relational databases and enterprise data warehouses that includes claims data from individual, employee, and retiree members across various individual, group, and federal (Medicare) insurance plans, provider data from medical providers (doctors and hospitals).
- Unstructured data in file attachments with claims (pdf documents).
- Call center audio transcripts gathered from customer support interactions with members.
- Unstructured data in the form of clinical notes attached to claims.
Given its Big Data landscape with medical and insurance data, UHC needed an innovative security solution that protects its aggregate data lake holistically, while simultaneously minimizing breach risk and satisfying healthcare and privacy laws. Only then could it maintain a clean “bill of health” for its systems and infrastructure.