top of page
  • Writer's pictureTony Zeljkovic
    • Sep 8
    • 4 min read

Smart Scaling: How to Govern Massive Healthcare Data Without the Headcount Headache

A Zelytics case study

 

Executive summary

Navigating HIPAA/HITECH compliance while managing large-scale healthcare data is a complex challenge. This case study details how Zelytics partnered with a U.S. healthcare provider to streamline their data governance, resulting in significant business value.


Zelytics implemented a tailored, automated data governance solution that integrated with the client’s existing Snowflake and dbt environments. This approach enabled the client to handle terabytes of sensitive data while ensuring continuous compliance with minimal manual intervention.


The business benefited in the following ways:


  • Cost Reduction: The automated system reduced the need for additional engineering resources, allowing the client to scale operations efficiently without increasing headcount or overhead costs.

  • Regulatory Assurance: The solution provided around-the-clock compliance, minimizing the risk of regulatory breaches and potential fines.

  • Increased Operational Efficiency: By automating data governance tasks, the client’s data team was able to focus on higher-value activities, driving strategic business initiatives and accelerating growth

  • Unlocking New Capabilities: The streamlined governance process enabled enhanced self-service analytics and platform development, allowing the business to leverage their data more effectively.


In just a few weeks, Zelytics’ data privacy solution transformed the client’s data operations, delivering not only compliance but also cost savings, operational agility, and new growth opportunities. This case study underscores how smart data governance can serve as a catalyst for both regulatory adherence and business success.


Context & Background


US healthcare companies are subject to stringent data protection requirements through several laws and regulations such as HIPAA/HITECH. 


For many mid to large cap companies, a central data platform team might maintain this data and expose it to a small set of data adjacent roles. 


These companies then can struggle significantly to scale their operations and the value proposition of their data without exponentially increasing engineering hour costs.


In this case study, we illuminate how Zelytics has helped a mid-size US healthcare client to address these challenges and successfully scaled their data governance operations to manage terabytes of sensitive healthcare data.


Pain Points & Challenges


  • Data team was being constrained by a high volume of requests but limited ability to scale headcount.

  • Engineering teams wanted more access but IT security and compliance teams had stringent compliance standards that gated access. .

  • It was only possible to constrain roles based on table access but would create enormous overhead of role management which is not possible given the current scope of the team.

  • Off the shelf SaaS solutions could possibly solve problem but very high price tag and still required engineering overhead

  • Team was budget constrained and needed solutions that could curb headcount growth while effectively servicing a rapidly scaling company. 

  • Lots of untapped potential for self service analytics and building out new platforms.


Scope


Through multiple scoping sessions with the client we came up with the following scope for this project:


  • The client is using snowflake and dbt heavily so any solution was preferred to work with these technologies.

  • Solution should be as automated as possible with minimal impact on engineering hours to manage the solution.

  • The data governance system to be put in place needs to have the ability to restrict access on all levels from database to schema to table to column.

  • The system should have a single source of truth and should have a clear way to provide compliance reporting for HIPAA/HITECH

  • The solution should be as native as possible to Snowflake.

  • Implementation and maintenance costs should be an order of magnitude smaller compared to buying off the shelf solutions.

  • Everyone on the data team should have an exceptional, intuitive and seamless experience to manage access to these assets.


Solutions


Objective: Set up data platform team with the tools to effortlessly deploy data governance solutions

The first step was enabling the data platform team to handle the technical requirements for this project.

As Zelytics is an experienced Snowflake Integration Partner, we achieved this by setting up the team with custom infrastructure as code and DBT macros to deploy a tag based dynamic data masking approach in Snowflake approach.

Within 2 weeks, their continuous integration and continuous development (CI/CD) process could start masking terabytes of data, >10.000 tables and >100,000+ columns of data in the warehouse based on database, schema, table and columns and tags in dbt yml files. 

Objective: Enable automated maintenance of dynamic data masking for 24/7/365 compliance

After this was set up, Zelytics addressed one of the major concerns by our client about the time it would take to maintain these systems.

Exceptional developer experience is one of the key pillars of our consultancy, so we set out to address this through a few ways. 

First, we started with the analytics engineers who would be mostly working with this. We built a fully customized and easily extendible VScode devcontainer development environment. This environment was customized to automatically add pre-commit messages, highlighting incorrectly defined policies.

Second, we focused on the data platform team to allow enforcement of masking. We extended their CI/CD process with a custom DBT application that would automatically enforce default policies, fix incorrect policies and as a bonus automatically add any missing assets that were not being actively tracked.

Within 4 weeks, all of these processes were set up and the data team at the client was trained in using these new tools.

Objective: Enable continuity of business while dynamic data masking was rolled out across applications

One critical component was the controlled, phased rollout of the dynamic data masking across the clients data warehouse and dependent applications and users. 

Our solutions are automatically configured to have tight levels of control to release in a phased manner. 

We sat down with the data team to uncover the applications that were interacting with the data and we configured the system to slowly start enrolling applications with each iteration of testing.

Within the end of the quarter, we were able to migrate all the systems fully and could confidently leave our client to their systems.


Closing remarks

Are you facing similar compliance challenges in your organization? Healthcare, finance, you name it. At Zelytics, we have dedicated consultants to set up comprehensive data governance solutions for your company.


Zelytics offers a complimentary consultation to help you gain clarity around your main challenges and develop a data-driven strategy to overcome them.


Let’s talk and get to know each other and see what we can do for your business.



13 views0 comments

Comentários

bottom of page