AgeTak Enabling Secured Data Sharing
Date: Wednesday , April 01, 2009
How efficiently and securely one is able to share data with customers, business partners, and among employees will determine how successful his or her business will be in today’s legislative environment and competitive market. The most illustrative example of this is found in the healthcare sector where a patient’s confidential medical information is created in many different places and has to be shared among many different healthcare professionals under the scrutiny of strict health information privacy regulations such as HIPAA. Another example is found in the financial sector where financial information, also protected by regulations such as Sarbanes-Oxley Act (SOX), has to be shared among many different financial institutions in the course of day-to-day business operations.
The traditional approach has been to solve the problem of ensuring data security by limiting access either at the database end or at the application level. This approach is becoming more and more impractical as data scattered across diverse systems has to be shared among different stakeholders – say a patient’s medical records, prescriptions, and billing information that have to be shared among different clinics, pharmacies, and insurance companies.
AgeTak, founded by Rakesh Verma, an alumnus of IIT-Bombay with a proven track record of developing innovative technologies and converting them into successful software products, has a different approach to the problem. “We intercept the data request just before it enters the database and provide for real-time privacy enforcement logic on-the-fly, we don’t have to modify thousands of applications and hundreds of databases of diverse technologies under the control of various agencies,” says Rakesh Verma, CEO. Founded in 2004, this Minneapolis based company’s response is based on the Access Right Control (ARC) technology that provides a mechanism for accessing data present in multiple places as if they were at one place and for implementing who-gets-what-data-for-what-purpose level of security and privacy at one place.
To meet the needs of secure data sharing in business intelligence and business-to-business applications one has to integrate many technologies and this is estimated to be a $2 billion annual market. Existing technologies cater to security needs but not the privacy and availability needs, they are also cost prohibitive in most of the cases. ARRA American recovery and reinvestment act provides for $20 billion towards making the electronic medical records portable across agencies without compromising privacy, and majority of this money will go to the above-mentioned market.
Consider, for example, the problem of sharing of patient’s medical records, billing information, or prescriptions among a clinic, the insurance company, and a pharmacy each with its own way of accessing these records. The conventional approach would be to modify each of the health information systems and copy the data from each place for use at the other institution. With ARC technology, all three places would be able to access the combined data from the three places as they have been doing their own data. Since this is done in a ‘virtual’ manner, the problems and costs associated with conventional data warehouses such as data integrity and lag time are avoided. In addition, each of the places would continue to access all the data as they did before because there is no modification in their own applications and the problems and costs associated with coding and re-training users are avoided. Furthermore, the original creator of the data, say the diagnostic lab at the clinic, would be able to control specifically what part of their data is allowed to be open to the insurance and pharmacy information systems and to audit what data is being accessed by whom at what time in real-time for compliance with privacy regulations. “A really sleek implementation of ARC technology allows the ultimate owner of the data – the patient – to specify what part of their data they want to be accessible to whom”, explains Verma. An even sleeker implementation of ARC technology allows on-the-fly masking of certain parts of sensitive information, as the first 12 digits of a credit card number or the first five digits of a social security number, for specific user roles, say the customer service representative at the insurance company who needs just the last four digits in each case, to drastically improve the privacy of data without affecting productivity.
Competition and Differentiation
AgeTak set out to prove the ARC technology first in the healthcare sector where the problem of ensuring privacy of the patient’s healthcare information while sharing the same for medical and billing reasons is particularly acute. AgeTak released the ARC technology in 2007 and soon after secured a multi-million dollar licensing deal with a fortune 50 healthcare firm based in a large part on an independent audit of ARC technology by Pricewaterhouse Coopers. Says Verma, “According to reports, the technology is superior to that of the players like the Guardium and technologies provided by Microsoft, Oracle.”
Adindu Uzoma, Chief Scientist at the Ingenix, a UnitedHealth Group company, a client of AgeTak says, “ARC technology from AgeTak is one of the only two available world-wide that can virtually de-identify aspects of any data-set that an owner wishes to hide in real time, while at the same time implementing virtual aggregates of identified data across remote sources.” The other is the HDB technology currently being pursued by IBM, and when the time to choose between the two came Ingenix chose the ARC technology.
Today’s regulatory environment also provides ample opportunities for companies like AgeTak that have innovative solutions to address the secured data-sharing issues. While on the one hand regulations like HIPAA and SOX have forced businesses in the healthcare and financial sectors to specifically address data security issues, on the other hand moves such as the electronics health records plan in the American Recovery and Reinvestment Act (ARRA) have set aside $20 billion of the $59 billion healthcare funds specifically to improve the way health care information is electronically created and shared.
In addition, this act drastically expands the coverage of privacy issues previously unaccounted for by the HIPAA regulations. Investments in IT infrastructure is expected to increase, particularly among business associates of controllers of health care data such as billing and medical transcription services, as these businesses face steeper civil fines and penalties if found to be negligent in protecting healthcare data.
“ARC technology products do not need any change in existing applications or database. The Federation of databases through virtual schema provides a powerful mechanism that eliminates the need of the physical data warehouse as the privacy issue is already taken care of at the individual data sources. It can also virtually aggregate databases across different organizations crossing the Internet protocol, which is our key differentiating factor,” explicates Verma.
A competitive analysis by an independent auditing firm states that AgeTak’s product integrates a number of database security functions in which encryption is just a component of the security suite and provides more of a value-add component rather than a market leading function. Today AgeTak has proven itself and ARC technology in the healthcare sector and the challenge for AgeTak in the coming years will be to replicate the success of its healthcare model in other sectors such as the financial, insurance, pharmacy, and retail sectors. “In future, AgeTak would seek partnership with the established players to meet its goal,” says Verma.
The company also has an offshore research and development center in Indore, India where the company has a good mix of experienced technocrats with over 20 years of experience as well as the young talents that they recruited off the campus. “While recruiting we selected not the highest scorer but the students with aptitude for innovation, the zeal to try new things, and those having got there fundamentals right,” points out Verma. AgeTak promotes the research and development culture and provides the required ambiance for their employees. With around 14 high profile customers in its kitty, the company is now geared up to conquer the next set of security challenges.
Founder: Rakesh Verma
Products: ARC Lite, ARC Enterprise, ARC Virtual Data Source