Properly managing a variety of applications across a large healthcare organization while staying HIPAA compliant can be done in a number of different ways, but each IT decision sends ripples through the organization. With the end goal of keeping costs down as much as possible while maintaining a productive, secure environment, many organizations have a mix of technologies in place.
These hybrid environments include both on and off-premises applications and Bharani Krish, Director of IT Enterprise Infrastructure Services at Molina Healthcare, and his team manage all applications via Platform as a Service (PaaS) and support the daily operation of any software that runs on the server. The Molina Infrastructure as a Service (IaaS) team, according to Krish, handles the server operating system (OS) and network and when they work with him and his team, they will provision any Software as a Service (SaaS) model.
Krish said he and his team made a pledge to assure Molina that by next year it will turn all internal applications into various forms of an “as a service” model so that most of our provisioning will be “as a service.” But this provisioning work, which includes monitoring and tracking access rights and privileges, must be done in a secure, HIPAA compliant fashion and Krish said automation is a big key. “Based on our type of provisioning, it’s kind of automated because we have a standard security template that comes along with operations,” he said. “In the healthcare industry, security is important and we take it very seriously.”
Because of new healthcare reform and developments, Krish said the challenge when he first started was every time his team received a request, it took time to provision the database.
I looked at our environment and found that our production was 400 terabytes and non-production was closer to 2 petabytes. Depending on the size, it may be a terabyte or 10 of them, so it takes time to take the backup and move across to development with the security template masking everything. It may take a few hours to a day and the development cycle was slowing down.
To help Molina with provisioning and managing massive amounts of data, Krish said the organization chose the Delphix Compliance Engine to efficiently deliver that masked data (based on individual policy) while rolling out new applications and remaining compliant with federal regulations. Krish said Molina was able to transfer the transactional log, which was very small, and then provision it within less than ten minutes, irrespective of size.
We had a separate solution for mapping the data, that’s in a compliance requirement – they don’t want to expose the correction data to the development team or even the functional team. So we had a separate module. We had a separate software that tied up to the Delphix virtual database and once that database is published we could use that module to map the data based on our internal policy, which modeled very well, but again, that’s a delay in provisioning that solution.
Sign up to receive our newsletter and access our resources
Join 30,000 of your peers and stay up to date on HIPAA, BYOD and IT Security.