Insuranceciooutlook

Healthcare Security: Three Trends Driving Efficiency and Personalization

Hugh Tower-Pierce, Chief Security Officer, Oscar

Hugh Tower-Pierce, Chief Security Officer, Oscar

U.S. healthcare has long been a complex system, with numerous hoops to jump through in order for each patient to receive the medical care they need at any moment in time. My background is in finance, which is often regarded as a highly regulated industry. However, since joining tech-driven health insurance company Oscar, I’ve found that healthcare is in a league of its own, with privacy and security requirements that can vary across the federal and state levels, as well as our business partners.

The advent of COVID-19 has further complicated our industry, acting as a pressure cooker for driving innovation: with Americans staying home, we’ve seen a spike in demand for virtual care.

Oscar is no stranger to scaling technology that is nimble. It has been core to our approach since our founding in 2012. We’ve built our own full-stack technology platform around the consumer journey, and related security processes and protocols each step of the way. The Security Team at Oscar incorporates top-level business considerations into everything we do as the company scales – over the past three years alone, our membership has tripled to approximately 420,000 members across 19 U.S. states.

As COVID-19 has accelerated timelines for cross-sector transformation, it has naturally created security challenges – as well as trends in opportunities for accelerating innovation that drives security efficiencies and a better patient experience. Here are three.

Balancing access and personalization

One of the greatest potential advantages of real-time access to data is the ability to tailor experiences and services down to the individual level. At the same time, this opportunity goes hand-in-hand with privacy regulations and fostering member trust.

See Also: Healthcare Business Review

Protecting patient privacy is critical: our health data is just about as personal as it gets, but ensuring the right people have easy access to information can literally mean life or death. One of Oscar’s core company values is remembering that what we’re doing is a big deal – we’re solving real world problems that can change peoples’ actual lives.

"We’ve built our own full-stack technology platform around the consumer journey, and related security processes and protocols each step of the way"

As the pandemic has evolved, Oscar has quickly scaled technology to meet member needs, such as by developing a COVID-19 risk assessment survey. We leverage the data from this survey to help guide at-risk members to the right virtual or in-person care, and support healthy members in getting care like prescriptions at home to help flatten the curve.

Naturally, these changes have come with shifting regulations and security practices. One way we’ve built our foundational technology to be adaptive to change is through our approach to identity and access management (“IAM”). We design our access controls so that Oscar Care Teams only have access to member information when it’s essential to their role. Part of the way we enable this is by assigning members dedicated Care Teams, including a few designated Care Guides and a nurse, and limiting access to member information to those teams. We’ve taken a similar approach to the launch of our new Virtual Primary Care product. A team-based approach facilitates efficient, ongoing care delivery and relationships while protecting patient privacy.  In our technology, we use a combination of well-understood open source and commercial solutions that we chose because they align with our goals to be adaptive.

Establishing data governance across varied systems and regulations

As I mentioned earlier, U.S. healthcare regulations can vary at the hyper-local level. There’s added complexity depending on what sector your company is in – from insurers like Oscar to providers and vendors – and what type of care is being delivered. Take the example of Oregon: a recent report found that there are over 2,000 regulations that apply to acute care inpatient hospitals in the state.

Data governance is a field that has increased in prominence over the past several years, and one that has exciting potential for healthcare. Governance enables security professionals to speak the same language as other key stakeholders both internally and externally, across product types and markets. We’re embracing this area at Oscar, creating dedicated headcount and work streams within the Security Team. As we continue to expand our lines of business and strategic partnerships, having a team that is dedicated to taxonomy will be critical to getting partners up-to-speed more quickly and scaling across the organization

Scaling privacy renewals along with user needs

As transformation makes its way across sectors of healthcare and the U.S. as a whole, scalable, consistent processes for renewed privacy and identity management will be essential. Oscar continues to expand to new markets each year, and we plan to significantly grow our geographic footprint for the fourth year in a row in 2021, pending regulatory approval. Expansions bring new partnerships, such as with hospital systems and pharmacies, that are critical to our success in each market. They also bring new requirements for how we handle member information.

Whether we’re onboarding a new provider partner or vetting a new tool like SMS messaging, we conduct third-party risk assessments on our stakeholders who may touch member data. We layer assessments on top of other security practices like access recertification and multi-factor authentication to ensure that we remain a trustworthy custodian of our members’ data as they receive care.

Healthcare is literally and figuratively a lifelong service. True innovation requires thinking about the lifelong cycle of patient experiences and data, and security professionals play a key role in understanding and predicting the risks at each phase of that lifecycle. As our industry changes at the current rapid pace, we work to create repeatable, efficient processes that can be both agile to unexpected change and scalable with growth.

Weekly Brief

Top 10 Risk Management Consulting/Services Companies - 2020
Top 10 Risk Management Solution Companies - 2020

Read Also

Data-Driven DecisionMaking Starts with Partnerships between Business Leaders and the Data Team

Data-Driven DecisionMaking Starts with Partnerships between Business Leaders and the Data Team

Ajaz Akhtar, VP - Chief Data & Analytics Officer Decision Sciences Center of Excellence (DSCOE) at Utica National Insurance Group
Is Technology Changing the Insurance Industry?

Is Technology Changing the Insurance Industry?

Greg Tacchetti, SVP/Chief Information & Strategy Officer, State Auto Insurance
Technology Enhancements Driving Innovation In Trade Credit And Accounts Receivable

Technology Enhancements Driving Innovation In Trade Credit And Accounts Receivable

Michael Kornblau, Marsh US Credit Specialties Business Development Leader at Marsh
Insurtech: Finding Its Place In Agency Management

Insurtech: Finding Its Place In Agency Management

Krista O’Rourke, Vice President, Agency Relations & Safety Services, Pinnacol Assurance
Think Of Successful Project Delivery As A Symphony

Think Of Successful Project Delivery As A Symphony

Aaron P. Mikulsky, SVP–Business Transformation & Operational Excellence, Employers Insurance
How CAT Modeling Is Improving The Customer Experience

How CAT Modeling Is Improving The Customer Experience

Diane Elrod, VP of Agency Operations, BXS Insurance