AgileThought Developed a HIPAA Compliant Solution to Simulate Production Environment PHI Data in a Non-Production Testing Environment
Update releases were causing system disruptions when pharmacy specialists were trying to access patient information in real-time, causing delays in patient care. AgileThought found that the underlying cause was a discrepancy in testing and production environments – namely the volume and quality of data in test environments.
The team developed a process to simulate real data within the testing environment. The result was a more stable release cycle, nearly eliminating delays caused by regular system updates.
Handling Sensitive Patient Information
When a patient calls their pharmacy and needs to schedule a prescription, or seek information, and the system is not up at that moment, that person’s health can be affected. This was the case for the world’s largest PBM when new releases were scheduled for their patient information system.
The customer support system, where a pharmacy specialist would assist customers, was being slowed by release updates and production issues. Moreover, there are strict regulations governing the use of patient health information (PHI). Any breech of said information is in violation of HIPAA and could result in fines as well as other legal penalties.
AgileThought, working alongside client teams, wanted to make sure that, when a patient calls, the system housing information was always available for customer representatives, that it was stable, and that patient information remained secure.
Challenge: Testing Apples and Releasing Oranges
An AgileThought team was designated to root out the underlying cause of system failures upon release updates. They discovered discrepancies between how data was treated in non-production testing environments, and how it was treated upon a production release.
The non-production environment would respond to updates within one second. The customer would sign off on the update and move it to release, where it would take hours to move the code and data. AgileThought found that the testing environment used hundreds of data points, whereas the production environment consisted of millions of customer information fields.
The team would need to create a testing environment that simulated the real number of data in production, but without displaying patient information. This would ensure a PHI compliant environment for developing future enhancements.
The challenge: How can we move millions of data files at the same speed and reliability as the smaller testing batch while also complying with PHI regulations?
Choosing the Digital Strong Path
The solution was to scramble and de-identify sensitive patient information when testing.
The AgileThought team, working alongside customer teams, would need to move PHI data from a production environment to a non-production environment. Moving that data, where just about anyone could access it, would normally violate PHI compliance regulations. It was decided that scrambling the data would create a similar testing environment without exposing patient information.
The new testing process would help the customer move out of a vicious release cycle – where the new code led to production issues that affected operations and patients – to having a clean release cycle.
The Project in Motion
The project team created procedures to identify PHI fields and then de-identify data. They then created algorithms to scramble the letters and numbers in all patient records. This would identify and classify certain records to be grouped similarly. All phone numbers, for example, would start with “555” in testing. To securely manipulate patient information, the testing team needed to refresh and secure the pre-production environment. This would set the stage to securely move the real data into the scramble process.
Improving Patient Services
The entire project took roughly thirty hours to complete, with the data scramble process taking eight hours. The result was a more stable release cycle – going from between ten and fifteen production issues per release, to one or two production issues every few months.
The new testing environment accurately simulated the production environment, and changed the game for testing teams. Everyone from QA to UAT was on the same page, and release updates were being pushed out faster. In addition, the added productivity and service meant that patients were having less problems.
Why More Healthcare Organizations Turn to AgileThought for Compliance
The AgileThought team understands healthcare and pharmacy businesses. The rapid solution turnaround was due to the team’s knowledge of PHI regulations. The team undergoes PHI, Medicare, and Medicaid training every year. They also understand the systems and processes that impact patients, and, due to years of experience, can pinpoint causes of system disruption. In this case, the team quickly found that the testing and production environments were disparate.