A private health care exchange involves the sharing of multiple data points and technology platform security should be of utmost importance to companies that are utilizing, or considering, a private exchange. Ryan Keehn, Businessolver’s Assistant VP Information Technology, was recently interviewed by Brian Kalish, online managing editor for Employee Benefit Adviser, in a podcast tackling private exchange security. Ryan brought up five specific points that you should be discussing with your potential (and current) exchange providers to ensure that your data is secure.
1. Understand the technology
Chances are your exchange is being powered by a benefits administration platform. Take the time to truly get to know the underlying technology by asking detailed questions. How are you securing my data and keeping it safe?
2. Look at the track record
There are a lot of new companies in the private exchange arena—look for a vendor that has a long track record who has experience with providing exchange services for quite some time. The more expereinced the vendor, the less likely there will be kinks.
3. Testing, 1-2-3!
Testing is the most important thing a vendor can do. We recommend both internal and external testing, along with hiring third parties to come in and test against the technology to identify potential vulnerabilities or penetration points. There is no such thing as too much testing, especially with the technology's rapid pace of change.
4. Know where your information is going
Private exchanges receive information from a multitude of sources. It's important to know how your vendor is going to handle your information. Ryan suggests asking the vendor how they will be segregating your information and keeping it separate from everyone else’s.
5. Prepare for the worst
While no one plans on having a data breach, not having a plan in place could be your biggest risk. Ask your vendor the tough questions—what is the process if there ever was a breach? How would I be notified? How would my employees be notified? What types of cyber liability insurance and protective measures do you have in place if you were to have a data breach?
THE ONE THING: The information going into your private exchange is just that--private. It's real private data and real people's information at stake. Take care of your people and make exchange security a priority when evaluating exchange technology solutions.
To listen to the full podcast on Employee Benefit Adviser, click here.
