pVerify Deploys Moesif HIPAA-Compliant API Analytics for COVID Testing
Building solutions that safely handle Protected Health Information (PHI) is complicated, time consuming and involves special engineering knowledge. Over the last fifteen years, pVerify has built a HIPAA-compliant API platform that checks patient eligibility for 1,000s of healthcare providers.
While the system in place could determine when an API call was made, the CTO & COO Rob Dejournett, wanted more information about what his customers were doing, where they might have problems and what vulnerabilities might be out there. And he wanted that without compromising the integrity of patients’ PHI.
As a scientist, I’m all about data analytics. Finding, displaying and sharing API metrics like 400/500 errors, when you have thousands of customers and millions of API calls, is very difficult,Rob Dejournett, CTO, COO
To develop a system internally to provide insights into his API calls, he projected it would take his team of four developers six months tweaking the data infrastructure. He’d rather purchase a turnkey analytics platform and have his devs build features that customers want to pay for.
pVerify’s product manager short-listed API Management solutions, red-hot start ups (with “ridiculous feature promises”) and cloud providers to provide — none offered the features, flexibility and above-all security that Moesif offers.
The Challenge of HIPAA Security
Since pVerify is all about determining patient eligibility for a medical service, much of their API data they deal with is super personal, such as DoB, medical condition, insurance plan specifics, etc. So when looking at technology partners, whether it’s in analytics or other SaaS vendors, a key requirement for pVerify is strong data security and access control.
Since the majority of SaaS vendors are designed as a multi-tenant solution, a healthcare company pVerify would be exposed to additional compliance risk making most consumer-grade SaaS a nogo. Yet to develop and deploy an on-premises or private cloud solution, Rob projected it would take his team of four developers six months and lot’s of time spent tweaking the data infrastructure. He’d rather purchase a turnkey existing analytics platform and have his devs build features that customers want to pay for.
Feature-Rich API Analytics for Healthcare Apps
Sharing Key Metrics In Embedded Dashboards Keeps Customers Happy
Once pVerify was able to analyze their date; see who was sending it, how much was sent, where it was coming from and what errors occurred; they shared it with their customers through Moesif’s embedded dashboards.
Quickly ID and Geofence Suspicious Actor
It’s completely pointless if you cannot pass your analytics data onto your clients. Embedded dashboards solved that for us.Rob Dejournett, CTO, COO
Seamlessly Scaling a COVID Testing Company to 120K API Calls
Customers sometimes don’t inform pVerify ahead of time that they’re going to increase their API usage, even when they plan to dramatically scale their volume by 10x or 100x. When multiple customers scale usage at the same time, instance clusters could break. What’s needed is the ability to see who’s using pVerify, when they are using them and what types of volumes are to be expected.
Recently, pVerify found that a major group was using them every morning at 5am, with enormous volume and in a very short period of time. It turned out that a COVID testing company was regularly submitting 120K requests, having gone from the 10th or 20th largest customer, to one of the biggest during the pandemic.
By identifying this customer with Moesif’s help, pVerify was able to get additional resources for them and make sure their volume could be handled. Like many API companies, three to four of pVerify’s customers represent 50% of their volume. By segregating those high-volume users to their own instance clusters, everything’s become a lot more stable.
Geolocation Identifies Fraud
Keeping a tight lid on fraud and bad actors is even more important when you’re dealing with PHI. pVerify has observed that sometimes customers have shared their login credentials, perhaps unwittingly, and someone unauthorized has used their system. Through Moesif’s geolocation capability they’re able to quickly review where users are coming from on a global basis and turn off suspicious users coming from East Asia and Eastern Europe.
Share Actionable Insights With Your Customers
Leveraging Zero-Knowledge Security
Moesif’s Secure Proxy enables zero-knowledge security with on-premises client-side encryptionThe security and privacy benefits of an on-premises installation are gained, without the complexity of building and scaling your own data infrastructure. The secure proxy is a stateless Docker container which makes scaling simple compared to maintaining data infrastructure designed for real-time processing.
With Bring Your Own Key (BYOK), not even Moesif employees can access the data. pVerify leveraged Moesif’s plugin with AWS Key Management Service (KMS) which handles key rotation automatically.
Secure Proxy from Moesif Maintains ePHI Confidentiality
By having data encrypted through the proxy, Moesif only deals with garbled strings of text. In my weekly vendor security audits when I’m asked ‘What are you guys doing with my data’, ‘Are you sending it offsite’, ‘Who are you sharing it with’, ‘How are you protecting it’, by having a secure proxy we’re completely secure. It’s a very unique thing,Rob Dejournett, CTO, COO
Building HIPAA-compliant technology is complicated. Hiring devs who understand the moving goalposts of patient confidentiality and vendor requirements can be prohibitively expensive. With Moesif’s Secure Proxy Server your PHI remains secure at all times, even during analysis.
Moesif’s API Analytics Platform identified who was using pVerify’s APIs, at what time, by how much and from where. Through this data pVerify was able to: optimize their server clusters leading to a more stable solution, geofence nefarious users, and share data with vendors solidifying their relationships.
pVerify works with patient healthcare information and complies with HIPAA and HITECH requirements. They wanted to identify customer trends over their APIs, such as when call volume increased by 10x, where 400/500 errors occurred, or who might be illegally using their platform. And all the while, ensure the PHI they handled was secure.
eligibility verification solution that provides contextual information for a patient’s insurance coverage and benefits. Used by 1,000s of providers worldwide, the API solution can scale to support the largest healthcare providers.