How Health tech companies ensured Data Safety

Image credit: DNA

Till date over 720 million Indians have been tested for COVID19 and the government of India is highly relying on the latest technologies for spreading awareness about COVID19 and vaccination drives.

The latest technologies are being adopted by various organisations of different sectors in order to accelerate their process of digital transformation. But this also comes with various cybersecurity issues which are important for companies to address.

The sudden shift to a work from home setting led to various challenges faced by organisations in terms of managing their work remotely. W.Media spoke to Ninad Raje, Director & CIO, HealthAssure to get an idea on how HealthAssure provided the services to its customers during the COVID19 pandemic along with managing the huge flow of data and ensuring the security of the data of its customers.

Healthcare has become one of India’s largest sectors, both in terms of revenue and employment. Healthcare comprises hospitals, medical devices, clinical trials, outsourcing, telemedicine, medical tourism, health insurance and medical equipment. The Indian healthcare sector is growing at a brisk pace due to its strengthening coverage, services and increasing expenditure by public as well private players.

The healthcare market can increase three-fold to Rs. 8.6 trillion (US$ 133.44 billion) by 2022. In Budget 2021, India’s public expenditure on healthcare stood at 1.2 per cent as a percentage of the GDP, an India Brand Equity Foundation report added.

Providing Services to the customers during COVID19 Pandemic

With the coronavirus pandemic forcing large numbers of staff to work from home, customer service and CX leaders must ensure that their teams remain engaged, healthy, effective and productive in their new working environment, despite having to manage them remotely. At the same time customers need to be provided with hassle free & on time services. 

“Being in the healthcare sector, our organisation is at the centre of providing better, faster & most appropriate services to all our customers. We brought about & implemented several changes within the entire customer service eco-system. We obtained and deployed security-sensitive technology solutions for work at home options. Adapted to eLearning and remote learning options, tools, and technology for effective ongoing support and training,” said Ninad Raje, Director & CIO, HealthAssure.

Ninad Raje, Director & CIO, HealthAssure

Like all other businesses, even HealthAssure was forced to rethink the ways in which they run their business. Even amid such a crisis, the company set the foundation for a continual & successful business whenever things return to normal. 

“We gave without any expectations in return. We made it personal, remembering the fact that emotions are running high, and we need to make them feel they are not a number but a person who may be scared, stressed, and anxious so we connected with them on an emotional level,” added Raje. 

The company opened all channels of communications online, offline, something we never thought before could be the answer for our customers. They also mindfully listened to what the customers wants and needs.

“We were transparent, honest with every situation. We taught ourselves to be exceed expectations, go the extra mile,” added Raje. 

Managing the flow of data

“The current COVID-19 pandemic has raised important questions about opening, sharing, and using data, and has highlighted the challenges associated with data use. To address the ongoing need for data-driven decision making, we organised our data by the stages of the data value chain: availability, openness, dissemination, and use and uptake,” said Raje.

He further explained that data & information, especially during the pandemic times is quite important. Moreover, it is extremely critical for data & information to be available when required. One of the primary changes we brought about in dealing with data is that we ensured it is available to the correct audience in a timely manner. Data & information was made available to various stakeholders on a need-to-know basis, when it was required and, in the manner, it was required. Although data was made available, it was ensured this data was accessed by rightful stakeholders over secured channels of communication, maintaining its integrity & confidentiality.  

In addition to making data available, it was ensured that we were transparent & open about the veracity & integrity of the data. It is akin to adopting the principle of ‘calling a spade – a spade’. 

“We adopted the doctrine of circulating the right data to the right audience at the right time. This resulted in accessibility, availability, security & confidentiality of data & information which further aided in building customer faith & confidence. Appropriate channels of communication were utilised for disseminating information,” added Raje.

Once data is made available in all its transparency & disseminated appropriately to the correct audience & knowledge gained from it, it is important these outputs or services are absorbed and applied to institute or implement changes. Thus, the company collaborated with various stakeholders to ensure optimal Use & Uptake of data.

Securing Customer data 

Protecting customer’s data is important for one reason, the businesses depend on it. Cybercrime is big business. In fact, research shows that cybercriminals bring in yearly revenues around $1.5 trillion which is equal to the GDP of a mid-sized country. Cybercriminals make their money through data they hack systems, steal data, resell it, or sometimes hold it for ransom. 

With cybercrime showing no signs of slowing down, protecting customer data is more important than ever. Something as simple as an email address is a piece of customer data that needs to be protected. Almost any piece of data that is collected and stored from customers is something that a cybercriminal might find valuable. 

“That’s why we need to take extra precaution to protect customer data. It’s too important to leave data protection up to the tools and processes being used because those are vulnerable, too,” said Raje.

HealthAssure adopted the following to ensure security of our customer’s data: 

  1. Collecting only vital data: The Company focused on only collecting data that is actually vital to our efforts, which helped in: 
  • Reducing the external value of the data. 
  • Increasing consumer confidence. 

Reducing the external value of data helps data security because hackers are less likely to steal low-value data. If all a hacker must gain from us is a list of email addresses, they might not put forth the effort. 

“But, if we are collecting names, phone numbers, location data, household income, etc., then your data becomes more valuable. The greater number of data points that a company collects, the more valuable it likely is to outsiders,” said Raje.

Only collecting vital data can increase consumer confidence, too. When you’re collecting data that doesn’t seem necessary to the consumer, they might place less faith in your company. 

  1. Limit access to data: Not everyone in a team needs access to all the data. Employees also likely don’t need the same level of access to the tools they use. Limiting access to data means there are fewer points of vulnerability for an organisation. Each access point where someone physically logs into a data analytics tool is a point of weakness. If a company has 25 user accounts for the website analytics tool, that’s 25 points of vulnerability. If one of those twenty-five accounts has a weak password, the entire system is open to a brute-force attack. 

Having fewer employees with access to customer data also reduces the risk of internal data abuse. For example, let’s say employees are exiting an organisation, but they have access to so many SaaS tools, you’re not even sure what tools they have access to. You cut off their use to ten tools, but you forgot one. They go home and access that tool from their home computer because the data is stored in the cloud. Now, they can do whatever they want with that data. 

Had you just limited their access to only the tools they needed, you would have had a better understanding of which tools you needed to cut off. 

Hence, HealthAssurep limited access to data on a need-to-know basis only. 

  1. Use password management tools: Login points are always going to be a vulnerability.

“We boosted our cybersecurity and reduced the risk of hacks happening here by requiring all employees to use a password management tool. 

These tools create and store complex passwords for all of the tools and software that our team uses. Typically, people won’t use complex passwords because they’re too hard to remember. Password management tools make that much simpler by encrypting and storing each password. That way, when someone needs to log in to a tool, they’ll be able to easily pull the login information from the password manager, Raje explained.

Good password management tools use complex encryption for the passwords they store. Encryption makes the password unreadable to anyone without the encryption key. That means if a hacker breaks into your password management tool, all the passwords will be unusable because they’ll be unreadable to the hacker. 

  1. Avoid Data Silos: Data silos aren’t just bad for data analysis; they can also lead to significant data vulnerabilities. 

Data silos often mean that different pieces of data are being stored in different places. This often leads to data being stored in non-approved, unsecured applications. It also might result in you losing track of where certain data is stored. If you lose track of where certain data is stored, you might not even realise when you have a data breach. 

When you break down data silos, you’ll develop a customer data management strategy. That data management strategy will detail exactly where and how data is handled. That prevents you from storing data in multiple tools and losing track of what tools you use to handle data. When you work to eliminate your data silos, you’re also going to use a data tracking plan. This plan helps you keep track of what data you’re collecting and why you’re collecting it. That’ll make your data collection audits much simpler. The company completely avoided this Data Silos environment.  

  1. Set minimum security standards: Our data is only as secure as the tools you’re using. If you’re using a SaaS tool that handles some of your data, but that tool isn’t secure, your data could be vulnerable. 

Anytime you’re considering adding another tool to your stack, evaluate that tool’s security standards. If the tool isn’t as secure as possible, your data isn’t as secure as possible. Make sure any tool you use complies with either SOC 2 or ISO 27001. Both of those standards require companies that comply with them to continuously monitor and upgrade their data security protocols. We implemented security tools that fully comply with SOC 2, or ISO 27001 standards.

Personal data of thousands of people in India has been leaked from a government server which includes their name, mobile number, address and COVID test result, and the information can be accessed through online search.

Digital Transformation journey of HealthAssure

“We were early adopters of digital transformation, and our digital footprint is quite widespread. However, no organisation can truly say that it has completed its digital transformation since it is a long journey. Similarly, although we have fairly progressed & evolved into our digital transformation, the journey still continues, and it will continue for a long time. 

Our digital transformation journey can be better described via one of the many projects that were implemented,” said Raje.

He further explained that the company conceptualised, designed, implemented & executed a market changing digital innovation & transformation platform including multiple mobility apps, real-time instantaneous tracking & round the clock monitoring. This also includes medical centre discovery and real time data analytics for all stakeholders within the ecosystem – viz. doctors, patients, customers, hospitals & clinics, emergency providers like ambulances etc. This included end-to-end automation of data transfers, workflows, confidential health records etc. between multiple systems in various disparate external stakeholders. This platform is now used by millions of customers. In India itself, this platform is integrated with thousands of medical establishments in more than 1,400 cities and being used by hundreds & thousands of doctors. 

Prior to its implementation all the above aspects were carried out manually. In addition to the time consumed, productivity and efficiency loss, it also resulted in high costs due to manual processing. 

Technologies used for this innovation: Specialised Medical Algorithms, Sophisticated AI, AWS & Google Cloud, IOT, RPA, BI & Analytics, Data Lakes etc. 

This state-of-art, dynamic & interactive platform has entirely disrupted the medical ecosystem bringing in huge benefits across the board. We have also built data lakes around this and have deployed sophisticated analytical tools to get deep insights into the data. 

“This proved to be a game-changer and enabled a complete transformational turnaround for our company from being a manpower heavy person dependent company to a manpower lean systems automated company. With this digital innovation with systems integrations our company is now able to process millions of transactions a day entirely in an automated mode without any manual intervention. This is an almost 10 times upside in transaction processing from its earlier state,” concluded Raje.

Publish on W.Media
Author Info - W.Media
Share This Article
Other Popular Posts