Customer Detail

Thales e-Security Helps Delta Dental of Missouri be a Good Ombudsman of Patients’ Data

Delta Dental of Missouri – a member of the nation’s leading dental benefits organization, Delta Dental Plans Association –offers dental and vision benefits in the states of Missouri and South Carolina. It is the carrier of choice for over 2,000 companies and has more than 1.5 million members.The company places a strong focus on prevention and evidence-based oral health quality measures, which has earned it the participation of 96 percent of all practicing dentists in Missouri.

BUSINESS CHALLENGE

Delta Dental of Missouri stores many terabytes of information in its claims system – member demographics and eligibility, claims, provider information, contracts, payment information, notices of benefits, statements, etc. – approaching “big data” classification. Bound by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) standards for electronic health care transactions, all data must be encrypted both while in transit and at rest.

Karl Mudra, Delta Dental of Missouri’s CIO, stated, “One of our corporate values is to be good stewards of the data we care for on behalf of patients, providers and the groups we serve. In our view, it was a sound practice – irrespective of the HIPAA mandates – to find a best-in-class security solution. With data encryption, I believe it’s essential to be prepared ahead of time, instead of trying to react after there’s been a data breach.”

TECHNICAL CHALLENGE

Database-level encryption proved challenging: “When we first started looking, not all of the alternatives to encrypt our SQL data were viable,” recalled Mudra. “Because of our database version, many of the products necessitated rewriting our whole application, changing user-level processes and procedures, creating new reporting routines, and making modifications to our production and back-up environments.”

Mudra had additional criteria for any viable encryption technology. He noted, “We wanted a policy-based encryption solution, so we could grant permissions at both the user and/or application levels according to pre-defined rules, similar to how most firewall products are configured. We also needed comprehensive key management, centralized administration, and the ability to leverage the solution across both the production and disaster recovery environments. Finally, the option we selected had to be invisible to our users, with zero impact on productivity.”

SOLUTION

After rejecting multiple vendors, Mudra’s team brought in Thales e-Security to demonstrate the Vormetric Data Security Platform. “We were very impressed,” he recalled. “The Thales e-Security Platform gave us the policy-based approach we needed, and it didn’t matter if we were running Microsoft Windows® or Linux, handling files or folders, storing data in a SQL database or dealing with a storage area network. The data-centric approach took care of all our issues and didn’t require users to do anything different, which was a huge positive for us.”

Delta Dental of Missouri has a lean IT infrastructure team, and one of Mudra’s concerns was the burden of an overly demanding installation process. The staff spent about half a day doing pre-installation planning and opted to deploy file-level encryption. A Thales e-Security consultant was engaged for two days to train the team onsite, while completing encryption of the development environment. Installation was staged over three weekends, and the team was able to handle the last two installations without assistance. Mudra observed, “You define everything and set it up, and it does what you need without any headache. As always, we planned for the worst, but this time got the best. It was one of the easiest implementations from decision to production that I’ve experienced. I expected a painful install; thank goodness it was painless.”

RESULTS

After originally struggling to find a solution to support HIPAA compliance, Mudra has been pleased with Thales e-Security’s healthcare solutions. He commented; “The encryption overhead is pretty close to zero. Backup windows increased a little, however as that isn’t part of the user experience, it’s a good tradeoff for the protection. Most importantly, our users have no idea that each data request is coming and going to an encrypted source. My team is impressed with how self-sufficient the Thales e-Security appliances are: If we ever need to take one offline, we have automatic failover to the other. The management of those devices is very straight forward too, as the appliances handle the majority of activities for us. The Vormetric Data Security Platform has supported everything we’ve wanted it to do. We’re all very happy with the choice.”

THALES E-SECURITY’S HEALTHCARE SOLUTIONS MAKE ENCRYPTION EASY

Mudra concluded, “For us, the protection we now have is definitely worth the investment. By comparison, a single fine for failing to be HIPAA compliant would be much greater per occurrence than our total investment to date. With the Thales e-Security platform, it’s so nice to be able to set-it-and-forget-it and be assured of our compliance. It’s perfect for us because it is platform agnostic, so I have no worries that as our infrastructure evolves, it will scale with us.”

THALES E-SECURITY’S SIMPLE SOPHISTICATION

BUSINESS NEED

  • Comply with HIPAA
  • Ensure security of clients’ data

TECHNOLOGY NEED

  • Platform agnostic
  • Rules based
  • Minimize installation and operational overhead
  • Transparent encryption for users
  • Fail-over and fail-back to support replication
SOLUTION
  • Healthcare Solutions from Thales e-Security
  • Vormetric Transparent Data Encryption
  • Vormetric Data Security Manager
RESULT
  • Full rules-based security as well as HIPAA compliance
  • Imperceptible to users
  • Simple install with no infrastructure changes needed
  • Supports high-availability functions

ABOUT THALES E-SECURITY

Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group.

Download