How to Implement Data Governance Through PaaS
A provider of managed care services adopts a more robust IT and data management platform to support its growing business.
Today's business and IT environment serves up a mind-boggling array of challenges. But, increasingly, at the center of everything lies data governance. According to a Deloitte survey conducted in 2014, only one-half of respondents had a high degree of confidence in the metrics they use track data, and 18 percent weren't confident that their IT systems captured and reported all the compliance data necessary. Many compliance tasks still rely heavily on spreadsheets and desktop software apps that struggle to keep up with expanding data requirements.
One organization bucking the trend is CareWorks, a group of companies that provide managed care services, including workers' compensation administration, for more than 115,000 employers throughout Ohio. For years, the company had relied on a data management and audit strategy heavily focused on spreadsheets and manual processes. In 2010, CareWorks made a decision to fundamentally revamp the way it manages IT, including ending IT outsourcing.
"We had to adopt a Greenfield approach and build everything new," said Chief Technology Officer Bart Murphy.
Assembling the right mix of IT systems and introducing an efficient set of processes was no simple task, however.
"We operate in a highly regulated environment," Murphy said.
Revamping IT meant tackling more than 30 major projects ranging from enterprise applications to a new email system. As a result, the firm turned to Platform-as-a-Service (PaaS) provider ServiceNow to integrate systems, resolve technical issues and provide data management and governance tools.
"We required a robust and comprehensive approach to governance, risk and compliance," he said.
CareWorks introduced a single system of record to track critical GRC and audit processes involving private health data. That was essential, Murphy said, because the company must conduct a new and separate audit every day, while adhering to HIPAA and a host of other requirements. In the past, spreadsheets meant that the process was slow, cumbersome and prone to errors. The PaaS soffering allows the organization to manage frameworks and controls in a far more robust way. This includes locking down IP addresses so they are not accessible from outside the company and blocking certain types of data from an internal ticketing system.
For example, within human resources, the technology streamlines onboarding, offboarding and other touch points. It ensures that required events take place within a prescribed time frame–and it provides alerts and reports that allow auditors to drill down and view specific time stamps and other data about hired or terminated employees. "We can see exactly what took place in the prescribed time frame," Murphy said. In addition, the company uses the controls to manage mobile devices and access, in conjunction with BYOD. "We have the ability to ensure that data from mobile access points isn't available over the Internet."
CareWorks has already saved hundreds of thousands of dollars using the ServiceNow platform. More importantly, it has transformed data management and auditing practices. "We can identify technical debt within our organization and engage in fact-based discussions about how to manage the business and IT operations more effectively," he said. "We've reduced manual processes and greatly reduced the number of delayed tickets and other issues. Because we are no longer fighting fires, we have been freed up to achieve a higher level of innovation."