From providing quality patient care and correctly diagnosing medical issues, to developing vaccines and monitoring public health trends, efficient data use in the healthcare and life sciences industry could literally be a matter of life and death.
But data use in healthcare and life sciences is highly regulated, and patients are hyper aware of how their personal data is being used. HIPAA is the most well-known law protecting health data, but the GDPR, CCPA, FERPA, and 42 CFR Part 2 also dictate how personal health-related data can be accessed, analyzed, and shared. Violations could result in multimillion dollar penalties, in addition to reputational damages and losses of customer trust.
Snowflake was built to provide insights that drive positive outcomes for healthcare and life sciences companies. When combined with the Immuta Data Security Platform, this can happen more quickly, efficiently, and securely. As validation, Snowflake awarded Immuta with its Healthcare and Life Sciences Competency badge. What does that mean for you?
In this blog, we’ll explore a real world example of how Immuta’s integration with Snowflake strengthens healthcare data security.
What Is the Snowflake Healthcare and Life Sciences Competency Badge?
Snowflake’s Healthcare and Life Sciences Competency badge recognizes partners that demonstrate Snowflake expertise and a commitment to driving impact for joint customers across the Data Cloud ecosystem. This includes verifying a partner’s ability to deploy solutions for Snowflake that meet industry regulatory standards, such as HIPAA, without delaying speed to access.
The process of earning this competency badge requires thorough training and testing so that Snowflake customers in the healthcare and life sciences industry have a seamless, secure user experience that allows them to reach their data goals.
How Snowflake and Immuta Power Data Mesh for Healthcare
Data mesh is an increasingly popular approach that organizations across industries are adopting to gain agility, efficiency, and scalability. For healthcare and life sciences companies in particular, data mesh helps increase horizontal data sharing across departments and partner organizations – a key capability in unlocking analytics and insights in real time. In order to truly make data access self-service and reap the benefits of a data mesh, healthcare and life sciences organizations need federated governance and security.
Federated governance and security allow domain-specific policies to be layered on top of globally enforced policies.
1. Policy Ownership
A functional data mesh requires policy ownership delegation for both global enforcement and domain-specific owners. In addition to allowing data governors to write global policies, data owners whose data products are registered with Immuta are automatically assigned ownership rights and can layer on additional domain-specific vertical policies.
2. Common Taxonomy
A common taxonomy simplifies how data is described and represented through table and column tags, which avoids having to write policies for each individual table. Immuta’s sensitive data discovery automatically scans and tags data for streamlined policy enforcement, using pre-built and customizable classifiers, as well as classifiers from Snowflake and any data catalog.
3. Policy Authoring
Leveraging user metadata and tags, Immuta enables table-, row-, column-, and cell-level policies to be written in plain language, making them easy for non-technical stakeholders to understand. Since they are dynamically enforced using native Snowflake governance controls, users can query data directly in Snowflake with no impact to standard workflows.
Immuta monitors all data and user activity, including queries run by users against specific data products. Just as data governors and data product owners can create policies in Snowflake, they are also able to see how the data is being used, by whom, and how frequently. This provides invaluable insight that can help improve workflows, but also mitigate or avoid non-compliance.
Federated Governance and Security for Healthcare
Let’s consider the four key components of federated governance and security in the context of healthcare.
A medical practice must abide by HIPAA standards, so its data governor builds a global policy in Immuta that masks any data tagged as PHI or PII. The policy is automatically applied to all data products with a PHI or PII tag in Snowflake, as well as any other cloud data platform in the practice’s tech stack. This is made possible because of the common taxonomy defining PHI and PII that the data team built into its system. It’s worth noting that this common taxonomy also allows data teams in healthcare organizations to easily and clearly discover all 18 HIPAA Identifiers in their data sets, and tag them accordingly.
Let’s say a group of physicians studying heart disease wants to see if any correlation exists between heart disease diagnoses and other pre-existing conditions. The data engineer merges a table containing heart disease diagnoses with one containing patients’ pre-existing conditions, thereby creating a data product. This data product should only be accessible by the physicians studying this specific issue, so the data engineer – in other words, the data product owner – must write an additional, domain-specific policy that restricts access to Snowflake users that are in the group “Physicians.”
This is done through Immuta’s policy builder, which uses attribute-based access control (ABAC) to incorporate the “Physician” group attribute from users’ metadata. Since the policy authoring can be done in plain language, it’s easy to create, understand, and enforce.
The data product owner, along with legal, compliance, and data security stakeholders, can monitor queries against this data set, as well as who accessed the data, in what time frame, and whether changes occurred in user behavior and data classification, to detect anomalies and potential threats. Stakeholders receive alerts and notifications if Immuta identifies any discrepancies, and all data monitoring information is captured in audit logs to simplify the compliance process.
Snowflake and Immuta continue to work side-by-side to simplify operations, improve data security, and unlock more data in Snowflake. The Healthcare and Life Sciences Competency badge is validation of the strength of Immuta’s data security capabilities and our partnership’s ability to deliver fast, efficient, and secure outcomes for joint customers in the healthcare and life sciences industry. Delivering federated governance and security for these highly regulated organizations is key to maximizing the benefits of both Snowflake and data mesh architectures – one that promises to accelerate medical discoveries and developments, improve outcome-based care, and optimize operational efficiencies.
And to see how Immuta and Snowflake work together for yourself, request a demo today.
See it in action.
Experience for yourself how Snowflake and Immuta work together.Talk with our team