Skip to main content

Creating a remarkable health experience

Living Health Dynamic Platform: A Conversation on Security, Privacy, and Choice

Noting that Highmark Health’s strategic trajectory had put it in a unique position to lead industry change, CEO David Holmberg once remarked, “We’ve done what most people didn’t think our organization could do. Now we’re ready to do what’s never been done.”

“Never been done” now has a name: Living Health. An article by Karen Hanlon, chief operating officer, and Dr. Tony Farah, chief medical and clinical transformation officer, describes it as a bold reinvention of what a health model can look like, feel like, and do for customers and clinicians.

Highmark Health has entered a six-year strategic agreement with Google Cloud to build the new model’s state-of-the-art technology infrastructure and digital solutions: the Living Health Dynamic Platform. If you think about what Amazon’s platform does for consumers, it’s easy to get excited about what a new health platform could do to simplify and personalize the health experience. But such platforms also raise questions about customer data. Highmark Health is widely regarded as an industry leader in data security, privacy, and ethical use, so we asked Richard Clarke, chief analytics officer, and Omar Khawaja, chief information security officer, to explain how this highly innovative platform will also be kept highly trustworthy.

The right collaborators for a bold vision

Don Bertschman: What stands out about Google Cloud as a collaborator to help build the Living Health Dynamic Platform?

Richard Clarke: We had the luxury of looking at several potential partners, which showed how much interest there was in our vision, and how differentiated it is. However, Google Cloud and their Professional Services Organization really met what we were looking for — superior technical capabilities, commitment to the health care industry, and many existing assets in terms of health-specific advanced analytics solutions. The Google Cloud team brings us unparalleled cloud capabilities and expertise around artificial intelligence that we know will be a big part of our future.

Richard Clarke, chief analytics officer

Richard Clarke, chief analytics officer

I was also impressed by their collaborative mindset, both listening to us and pushing us. Our vision for Living Health and this platform is really bold. But there was no point at which anyone from their side tried to bring it down. Their reaction was more like, “wow, that sounds really hard, let's get started!” That's why they come to work every day, like we do — to do something transformational.

This agreement isn’t like a menu of standard services. We want to do something that has never been done before, and they said, perfect, and put time into working out a unique Business Associate Agreement to fit. So it’s a good match in their being energized by our aspiration, and also having the expertise to get to that aspiration appropriately, including incredibly thoughtful and granular details in how they think through issues like security and privacy.

Omar Khawaja: Given the increased sensitivity around technology like this, I was impressed that they weren't defensive — they have confidence that they are doing everything really well in terms of security and being forward-looking. As we walked through the controls they have and their ability to implement security across different applications, we were impressed with how well integrated security controls were.

Don Bertschman: What do we say to people who are fine with their insurer or provider having their data on a digital platform, but uncomfortable with other organizations being involved?

Richard Clarke: A key component of this agreement is that we are one team led by Highmark Health. Health plan members and patients ultimately own their health information, and we will continue to control all access to and use of customer information. Google Cloud is an extension of our team, and will comply with the same standards we do, including those set by the Health Insurance Portability and Accountability Act (HIPAA).

From a purely contractual perspective, we are very specific about things Google Cloud cannot do with our data. For example, there are specific statements around not using data to market additional products and services. We’re getting the ethical parameters and principles down at the start, so the good work can happen that will make our customers’ lives better, and we know it’s all within those parameters and principles.

Omar Khawaja: We should emphasize that Living Health Dynamic Platform will be built on Google Cloud — which is separate from Google search or Google as most consumers use it. To be clear, Google search isn't going to index your health records, no one will be able to find your records through Google, and if you Google dessert recipes some night, that information won’t jump onto our platform and trigger a call about your risk for diabetes.

Customer-centered with security, privacy and choice as top priorities

Don Bertschman: This is the start of a long-term project to build something that’s never existed, so I know we’re not ready to talk details. But could you compare the concept with something people may be familiar with, like a health plan member site or MyChart?

Omar Khawaja, chief information security offic

Omar Khawaja, chief information security officer

Omar Khawaja: We're taking a very people-centric approach. In the past, it may have been member-centric or patient-centric, but now we're saying that “member” and “patient” aren’t two different people who should have separate experiences. Let’s focus on the individual and give them the best experience across their entire health lifecycle.

Richard Clarke: Right, instead of using one app to schedule an appointment with your PCP, another app to check your claim status, another one for your health spending account, another one to track your fitness program, and on and on, the Living Health Dynamic Platform is about stitching that all together in one place to make it simple for you to be engaged in every aspect of your health.

Outside our industry, you could compare our platform with something like the Amazon marketplace, but in our case bringing together all the components for your health, and then personalizing and recommending solutions at our “store.” Importantly, the platform also means you and your physician can share more information in real time and engage in your health more proactively and without having to see each other face-to-face.

Don Bertschman: It’s easy to see the positives of getting all my health data in one place, but that also raises questions around security and privacy. Omar, could you start by giving us an overview of why Highmark Health and its affiliates are considered leaders in this area?

Omar Khawaja: The HITRUST common security framework (CSF) certification is the highest bar for security certification, period, and certainly the highest bar in health care. Our organization got its first HITRUST CSF certification five years ago, and we've expanded certification to multiple business units. We also go through AICPA SOC-2 examinations, another way for outside experts to validate our security controls. We do that for almost 200 applications every year, and we've done it without getting any exceptions from auditors. In addition, we have at least 40 or 50 third parties come in and look at different aspects of our security over any given 24-month period.

Our security program is taught as a model in Carnegie Mellon University’s CISO program, and they probably do more research and advancement on cybersecurity than any educational institution on the planet. The SANS Institute, a global leader in cybersecurity training, also teaches our program as a model. Gartner has done several case studies on us, including one in 2020 on data ethics decision-making, and another that will be highlighted at their annual CISO retreats. I sit on the boards of HITRUST and the FAIR Institute, two premier cyber controls and cyber risk organizations.

Don Bertschman: What are the starting points for making sure customer information will be safe on the Living Health Dynamic Platform?

Omar Khawaja: There are two aspects we focus on. First, how do we ensure we adequately protect the information — that's the security piece, the controls, the preventive and detective measures, and also asking, if anything does happen, how do we respond? One thing we’ll do with Google Cloud on a regular basis is have table-top exercises and cyber incident response war-gaming to play out scenarios and figure out exactly what we'd do.

Second, even when there isn't anyone malicious breaking in, no security breach, how do we make sure someone with valid access doesn’t misuse our data? For that, one thing we’ll have in place is a joint Data Ethics and Privacy Review Board. Richard can talk more about that.

Richard Clarke: If you’re a customer, your data on the new platform will be as secure as it is today. But when we entrust someone with data, there's also the concern around doing something with it that we wouldn't want them to do. As stewards of our customers’ data, we think very deeply about the distinction between “can do” and “should do” with how data is used. From our ethical perspective, “should do” means using data to make the world a better place and improve your experience, not to enrich ourselves or others.

The Data Ethics and Privacy Review Board that Omar mentioned includes Lisa Martinelli, Highmark Health’s chief privacy and data ethics officer, along with senior leaders in data ethics from Google Cloud. Dr. Farah, Highmark Health’s chief medical and clinical transformation officer, will also appoint a clinician to be part of the board. This collaborative, joint data review board focuses on demonstrable accountability in the use of Highmark Health data, and places ethics at its core. The operating framework of the board is reflective of the best industry practices and will incorporate Highmark Health’s principles of data ethics, and other best-in-class processes.

Don Bertschman: Some people are very comfortable with how online platforms collect and analyze data, because it gives them better choices and saves them time and effort. Others clear their browser history every day, turn off location tracking, and so on. How much user control will the new platform have? Will it have opt-in preferences, for example?

Richard Clarke: Just to be clear and transparent, let’s break that into two parts. First, part of what we’re talking about in this agreement is moving customer data to the Google Cloud platform. Highmark Health continues to control all access to and use of that data, but it will be moving onto Google Cloud’s secure, reliable infrastructure. That doesn’t involve any customer opt-in.

But now let’s talk specifically about what we’re going to build for our customers in the future — that’s the Living Health Dynamic Platform. Inherently we’re talking about a digital platform with a high degree of personalization, so yes, that raises the choices you’re talking about. I think opt-in will be a big deal for the Living Health Dynamic Platform, and there will be different tiers of use, as is true with apps and sites we already have, and with other platforms people use. Everything we do will meet the necessary standards when it comes to security, privacy and use. Also, as people opt in to download or use specific solutions that are part of the Living Health Dynamic Platform, there will be terms of use and conditions that are very transparent and follow our simplicity guidelines for customer communications.

I’ll add a related point — we will always do what we can to ensure that the data used is at the minimum necessary level. When we can make enhancements or provide value to the customer by using anonymized, pseudonymized or deidentified data, that is our preference. It is relatively rare to need identifiable information, and those cases will get the utmost scrutiny.

Omar Khawaja: There are specific privacy objectives we’ll adhere to. For example, the “right to know” means that an individual should be able to know what information we have and how we use it. The “right to be forgotten” means an individual can have their information erased when they stop using a platform.

I’d also go back to what Richard shared — our mindset is not, ok, what can we do with all this information? We will be guided by what we should do. If something aligns with our vision of creating a world where everyone embraces health, that’s a good reason to do it. If it doesn't align with that vision, even though we “can” do something with data, the Data Ethics and Privacy Review Board would likely say, no, this is not within our guardrails.

The power of advanced analytics and personalization

Don Bertschman: In that “should do” category, talk about the role of analytics in the Living Health Dynamic Platform.

Richard Clarke: A core tenet of the Living Health model is moving care upstream. In other words, let's not wait for something bad to happen and then treat it, let's look at what we can do, proactively, to prevent the bad thing from happening. The analytics we’re talking about are both predictive and prescriptive. We want to identify signals and situations that predict a potential problem, prescribe an engagement that could help, and personalize it to make sure we deliver a recommendation in the right way, in the right context, at the right time to ensure that it is received well, understood, and leads to action.

The relationship between a person and their clinician is typically episodic — it’s an annual checkup, or a visit for a specific problem. We want to change how that relationship works by filling in the spaces between visits. Instead of telling your clinician about something that happened months ago, or only getting a blood pressure reading when you come in for an exam, we want to move more information and analytics to real time. Wearable devices and biometrics will have an important role. And all of this will be embedded into the platform — it’s not data and analytics done separately in different places, it’s done inside the platform to drive real-time, next-best-action recommendations for the customer, their clinician, or another part of their health team.

Omar Khawaja: Here’s an example. I’ve had back pain for a year. I know it could continue getting worse, but that hasn't been enough for me to take action.

Well, we don’t have to wait for someone like me to let problems get so bad that they finally schedule an appointment. Information exists to predict this situation and prescribe an action. Anyone over age 50 — statistically, good chance they may have some back pain. Now add clinical data — maybe a person had an MRI, saw a back specialist a year ago, but never followed up with recommended physical therapy. Many factors could prevent someone from seeking care or following up, so that’s where the platform’s prescriptive analytics, including the person’s preferences, can make a recommendation. Maybe it’s a text from a health coach, maybe it’s a simple question to rate pain level repeated over a period of time to establish whether there’s a worsening trend, maybe it’s stretching tips, but the point is we’re doing something now to improve the condition, not waiting for it to get worse and require more extensive treatment.

That’s moving care upstream. I could think about making an appointment for months and not do it, but send me a text saying, “Click here if you’d like to chat with a health coach,” and now I have something actionable: I will click here and discuss this! Meet me where I am — we understand you may have back pain, here are things you can do, watch this video, click here to make an appointment, we can send this stretching device to your house — all of a sudden, I’m embracing health, because you’re making it about me, and you’re making it simple to engage.

Follow Highmark Health on social:

Highmark Health and its subsidiaries and affiliates comprise a national blended health organization that employs more than 35,000 people and serves millions of Americans across the country.

Questions or comments?