Customer: A non-profit health maintenance organization (HMO) servicing 979,000 members with over 90 hospitals and 25,000 healthcare providers in its network.
Industry: Healthcare, Non-Profit
Headquarter: Massachusetts, USA
Solution: The Vordel API Server was deployed to manage, deliver, and secure APIs that enabled mobile applications connect securely to HealthPlan’s systems via the internet.
HealthPlan handles a tremendous amount of data, ranging from patient health records, insurance and payment information, to human resources. This data needs to be collected from the field and made available to patients, care providers, and administrative staff on a highly available but need-to-know basis. The secure collection, maintenance and delivery of this data has consequences in HealthPlan’s ability to earn member’s trust and its ability to meet compliance requirements such as HIPAA.
Historically HealthPlan’s processes were paper based. Data was first recorded on paper then keyed into systems. This approach was both prone to errors and difficult to control. Errors lead to higher costs and processing delays, which negatively impacted the quality of care and member experience. HealthPlan wanted to leverage new mobile technologies such as Android and iOS powered tablets to streamline data collection, control data distribution, and improve overall process efficiencies.
- Scalable Multi-Platform Support
Patients and doctors have personal preferences for the type of mobile devices they use. With almost a million members and 25,000 healthcare providers across 90 hospitals, HealthPlan had to support all popular mobile platforms. The applications running on these platforms have unique requirements. Different hospital and medical groups can have their own mobile applications that must have access to Health Plan’s data and backend applications.
- Legacy Backend Systems & Lack of Vendor Support
HealthPlan’s commercial and custom enterprise applications were created before the dawn of the iPad, Facebook, and the Cloud. These applications did not have the required REST interfaces for mobile and Cloud computing. Historically, healthcare software vendors have been slow to adopt new technologies. Thus, upgrading or rewriting these mission critical applications was either too expensive or simply not feasible.
- Consistent And Flexible Security Framework
Data security and privacy was priority one at HealthPlan. Therefore, HealthPlan needed a flexible platform that was capable of supporting the various security requirements from the new mobile and Cloud applications, as well as the legacy backend systems. This meant support for a broad range of security standards and schemes, such as SAML, OAuth, API keys, certificates, username password, and proprietary tokens from leading identity management systems such as CA, IBM, and Oracle. To meet compliance mandates, HealthPlan also needed extensive auditing, monitoring, and reporting of its API usage.
HealthPlan deployed the Vordel API Server to manage, deliver, and secure APIs that enabled mobile applications from different platforms and built by different partners to connect securely to HealthPlan’s systems through the Internet. Vordel provided:
- Comprehensive threat protection against all API attacks such as denial of service and injections.
- Flexible authentication options, including support for multi-factor strong authentication such as smart cards.
- Fine grained authorization to control data access based on need-to-know policies, user roles, and situational context.
- Protocol mediation to transform legacy backend interfaces in SOAP, XML, WS-*, to new REST, JSON, OAuth style APIs.
- Support for multiple mobile platformsplatforms including iOS and Android without modifying or upgrading backend systems.
By enabling the secure and scalable adoption mobile computing, Vordel has helped HealthPlan increase time spent with members and reduce time spent on administrative tasks. This has led to more efficient decision-making and improved member services.