Case study

Ensuring HIPAA compliance

Customer

A leading healthcare organization

Challenge

Get a new off-shore development team running and compliant

Solution

Installation and roll-out of SQL Provision

Results

Saved 15 to 20 hours a week in provisioning processes, and reclaimed terabytes of disk space

The customer

KEPRO is a leading healthcare quality improvement and care management organization based in the US, which helps 20 million members lead healthier lives. KEPRO offers innovative and outcome-focused solutions to reduce the unnecessary use of resources and optimize the quality of care for public and commercial clients.

As the database administrator at KEPRO, Joe Rivera is responsible for the overall performance of the entire estate, including over 85 servers, 850 databases, and 40 terabytes of data.

There has been massive growth across the company in recent months, including a new CTO and the acquisition of another company, almost doubling KEPRO’s infrastructure and introducing a new offshore development team.

With the adoption of the offshore team, protecting PHI was vital to the company. Redgate SQL Provision was introduced to meet those HIPAA requirements. As Joe advised "We wanted to be able to mask the PHI in our development systems in a repeatable fashion. We wanted to do it reliably and we wanted the data to look real. We didn’t want it to have any tieback to the actual real data."

850 databases 20 million members 40 terabytes of data

"We wanted a situation where we would not have any PHI exposed and we've accomplished that with SQL Provision."

The challenge

The largest driver for KEPRO was alignment with HIPAA legislation, specifically, ensuring that PHI was not accessible to unauthorized users and that the organization was fully compliant with regular audits.

As a result of the rapid expansion, the development teams were also pushed to tight deadlines, meaning there was added pressure on Joe to make sure a solution for compliance was found in only a matter of weeks.

"There’s such a push with the development cycles to get things out as quickly as possible. We all have deadlines, and sometimes, to be honest, I think some security aspects fall through the cracks. It falls onto the people who are working directly with the data to stop it, even if there isn't that directive push down from above."

In order to provide up-to-date data for the dev team, the existing method of backup and restore was no longer suitable with the growing organization. The process was taking over 20 hours a week, limiting these data refreshes to once a quarter, and slowing down test and development work.

"SQL Provision has given us the ability to mask data and push it out to multiple locations almost instantly."

The solution

An initial look into the market found that some masking solutions could be expensive, with quotes reaching six figures. Having a decade of experience as a DBA, Joe was extremely familiar with Redgate as a thought leader and solutions provider, which had provided support throughout his career. He reached out to see what Redgate could offer.

“Redgate understood what we were looking for and they worked with us to get the solution set up in time for the deadline”

Working with KEPRO’s account manager at Redgate, Joe was able to address not only the compliance requirements of HIPAA but also the unconsidered time and space challenges faced in their existing provisioning processes.

There was a tight deadline set by the CTO for a solution to be implemented and with the support of the team, SQL Provision was able to be installed, and rolled out across the teams.

"The database is not sitting there exposed, it never goes out with the PHI in it."

The results

Since purchasing SQL Provision, KEPRO have been able to get the new off-shore development team running and compliant, as well as saving between 15-20 hours a week in provisioning processes and terabytes of disk space.

"The developers really haven’t noticed any difference performance-wise. They don’t even realise it’s a clone. They think it's just a regular database which just tells you that its working as intended."

And importantly, PHI has been successfully masked without jeopardizing the integrity or volume of the data for development and testing purposes. Security numbers, addresses, email address all behave as they should, in the volumes expected. KEPRO is also able to demonstrate to potential customers without breaking compliance rules. They are continuing to deliver the high standard and services their customers expect while complying with HIPAA requirements.

Whitepaper

Test data provisioning for development

As database teams grapple with shortening release cycles and tightening data protection laws, the need to deliver realistic and compliant test data to development quickly and safely is greater than ever.

Review the most common approaches and their pros and cons in this free whitepaper.

Get the whitepaper

We're here to help 01223437921

Whether you want more details about SQL Provision, a demo, or to know about best practice – get in touch.

The industry standard tools for 20 years

Redgate has specialized in database software for 20 years. Our products are used by 804,000 IT professionals, in more than 100,000 companies.

World-class support

Redgate offers comprehensive documentation and a friendly, helpful support team. An average 87% of customers rate our support 'Excellent'.