Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Molina Healthcare Uses Data Masking To Protect Patient Information

It's the sort of problem that keeps IT managers awake at night. Your company is using service providers for critical data analysis or processing but is required by regulations to keep portions of individual data records confidential. How do you make sure both things happen? If you're Molina Healthcare, a managed-care organization based in Long Beach, Calif., you turn to software that replaces sensitive, patient-identifying information with fake data when the database is replicated for shipment to an outside agency, then remaps the fake data back to the real information when the processed database is returned.

Nitin Gotmare is Director of IT for Molina. He says that the company had used home-grown apps and manual data redaction for databases that needed to be sent to outside service providers. The problem Gotmare faced was growth; the company was expanding its Medicare/Medicaid-based service business quickly and could no longer depend on manual redaction to keep up with the necessary work flow. He says, "We've grown a lot in the last three years, and we needed to automate processes while staying compliant."

When the company began to think about solutions to replace the manual and home-grown processes, they turned to staff memory and recommendations. Gotmare says that nearly everyone had a recommendation in common. "All of us heard about Dataguise in some context somewhere, so we got in touch with them when we needed a solution. We didn't want to spend a ton of money in this environment, and there are other products that cost a lot of money. We wanted to be managing something in a reasonable limited way and achieve the results we wanted," he says.

Allan Thompson is EVP of Operations at Dataguise. He says that Dataguise has a pair of products that, together, can provide data masking for sensitive data in production and non-production databases. According to Thompson, "We can find [sensitive data] under Oracle, SQL Server, and MySQL and tell the production team where the sensitive data is, then apply templates to hide the sensitive information. This way, when you pull databases for testing, migration, et cetera, we can define the sensitive portions and allow for data masking on those parts." He continues, "Over 90 percent of organizations we talk to use sensitive data for testing and shipping to partners. We say we'll tell them where the information is, and anytime the information is pulled out we can mask the data making sure that customers, partners, and employees are protected. The data we replace it with is realistic data, but it's meaningless, and will not allow the identities to be known or stolen."

Thompson says that Dataguise has been offering software since May 2007. The basic premise is that the software can go after and discover all the large-volume sensitive data, both on the production and non-production side, that an organization must keep in order to do business. The discovery of the sensitive information, through DG Discover, allows an organization to understand which databases contain sensitive data. The data masker, DG Masker, can then make the data going into non-production databases useless in terms of personal information, either by filling the fields with single characters or by generating realistic-looking but meaningless data to go into the field.

  • 1