Building Health Technology Infrastructure for Consumerism, Security and Interoperability

Today’s health consumers have high expectations about the interactions they have with plans, providers and third-party vendors. And, when it comes to health care, the areas of security, reliability, quality and compliance are paramount. HealthSparq is continuously investing in our applications and infrastructure to ensure the security and compliance of our systems and data, so that we maintain the trust of our health care partners and users. We’re also designing to support the changing needs of consumers and deliver personalization and performance at scale, while supporting growing demands for API-based data interoperability.

To manage all of this at once, we designed our technology infrastructure to be a highly available and secure multi-tenant cloud-based offering. This allows us to use a standard data model and consistent management practices for our health plan clients and the flexibility to support multiple configurations, all while securely partitioning each client’s data. This approach provides significant value to clients, while giving us maximum efficiency. We wanted to share more about how this provides value. I thought I’d take a moment to highlight just how we do that.

Securing Data from End to End

Everyone at HealthSparq understands that the confidentiality, integrity and availability of health plan and member data is vital to our clients’ operations. They must have trust and confidence in their service providers, and we take this commitment seriously. Security and privacy are embedded in HealthSparq’s operations—in our people, products, development cycle and SaaS operations practices—so our clients’ data remains theirs and secure—both in transit and at rest. We strictly limit access to servers and networks. And, our HealthSparq One® application is encrypted to protect data in transit.

Making Access Reliable and Available at Scale

HealthSparq One is based on a balanced and scalable microservices architecture that follows best practices for application availability and scalability. So, whether it is during open enrollment or the new benefit year rush, we’re able to support the tens of millions of users that visit our application. We do this with a microservices approach, and a focus on quality and performance testing of services. All inter-process communication must happen at the API level, with no direct access to lower-level classes or data. Our secure, reliable API approach also lets us deliver data out to health care organizations to support their data interoperability initiatives with external, RESTful APIs.

Ensuring Data Quality and Compliance

Regulations are constantly changing, and quality and compliance are important to supporting our health plan clients. So, HealthSparq works to ensure our products and services meet industry and regulatory requirements and expectations. To us, this means more than just HIPAA compliance.

HealthSparq holds NCQA’s Health Information Product (HIP) 4 (Physician and Hospital Directories) certification. Our HealthSparq One-based provider search capabilities were awarded an overall total of 100.0 points (maximum possible score). HealthSparq is also compliant with the SOC 2 Type 2 specification with no issues with our SaaS-based security. This means our health plan clients, as well as their members, employer groups and provider partners, can trust the security operation of our cloud infrastructure for HealthSparq One.

I’m very proud of HealthSparq’s ongoing commitment to quality, security and reliability—from SOC 2 to NCQA to our security and internal operational excellence initiatives. If you want to read more about the details of our approach to security, you can read more in our HealthSparq Security Paper.