Aetna taps startup for broker encryption compliance

Aetna has signed on with AlertSec, an encryption startup, to deploy the AlertSec Ensure platform across about 300,000 broker partners.

The software scans the devices used by brokers for encryption capability, so that in case of a loss or breach customer data can be protected. Brokers register with Aetna to create a record that their equipment has adequate protections.

"One of the tenets of HIPAA is to encrypt data on a device, but we've done research that concludes that somewhere around 39% of brokers today use devices without encryption embedded," says Jim Routh, chief information security officer for Aetna. "That opens up liability for the consumer information on the laptop or other device."

DI-AetnaHQ_11302017
Signage is displayed at Aetna Inc. headquarters in Hartford, Connecticut, U.S., on Tuesday, Nov. 22, 2016. The Justice Department sued to block the union of Aetna Inc. and Humana Inc., saying they would reduce the number of large, national health care insurance providers, leading to increased costs for their clients. Photographer: Michael Nagle/Bloomberg

Routh says that Aetna works with several other health plans, which he declined to name, on standards for encryption that go beyond the HIPAA requirements. He added that he was happy to work with AlertSec, because early-stage companies are enthusiastic and are at the front end of innovation.

"AlertSec was very interested in making some investments to solve this problem because the size is pretty significant," he says.

“The challenge of un-secure devices at the broker and agent level is significant and requires attention by the industry,” said Ebba Blitz, co-founder of AlertSec. "Educating the broker community on the importance of data encryption for health care data and personal data is essential going forward."

Routh says that Aetna is working on a number of other initiatives around early-stage health and insurtech startups. He runs a monthly forum with about 1,000 attendees from across Aetna and new parent company CVS Health to look at a startup's business case, IT infrastructure and security capabilities.

"It's an exciting time for the evolution of the digital consumer experience," he says. "All of this is designed to inject innovation into everything we do: trying and failing fast in lockstep with our digital partners."

For reprint and licensing requests for this article, click here.