Change Healthcare Gives Payers and Providers the Keys to Cloud Security

Jul 17, 2018, 10:00 AM

Las Vegas, July 17, 2018, Microsoft InspireChange Healthcare is providing healthcare leaders the keys to cloud security with Change Healthcare Security Management, unveiled today, which includes an innovative “Bring Your Own Key” (BYOK) service now offered as part of the company’s cloud-based HealthQx® value-based care analytics suite.

“Hospitals, payers, and providers are under constant attack from a global network of cybercriminals using advanced and evasive techniques to penetrate networks, steal data, extort healthcare organizations, and capitalize on the personal health information of patients,” said Haddon Bennett, Chief Information Security Officer at Change Healthcare. “It is of paramount importance that sensitive data be protected by proper encryption that is fully controlled by the payer or provider, so they can mitigate both insider and external threats on their own terms. This is a significant advancement that reduces the risk profile for all healthcare stakeholders, including health plan members and patients.”

Change Healthcare HealthQx is an episode analytics suite that helps payers and providers accelerate value-based payment innovation, and uses the Microsoft Azure cloud. HealthQx collects, analyzes, and reports claims and other information to help healthcare stakeholders design, develop, scale, and improve their value-based care programs.

As part of Change Healthcare’s approach to enabling payers and providers to have immediate, granular control over their cybersecurity profile, customers using the HealthQx value-based care analytics suite can now make security changes without involvement by Change Healthcare personnel, and have their cloud-based systems re-encrypted and operational without service interruptions.

Full control is in the customer’s hands, including audit and monitoring checks that flag changes. This agile capability is in stark contrast to traditional key management, which is error-prone because it requires planning, training, communication, and orchestration with a team of people manually working across multiple organizations.

Prior to today’s release of this new Change Healthcare Security Management BYOK service, cloud encryption keys in healthcare were traditionally the responsibility of solution vendors to manage. Providers and payers had to contact their vendors to respond to requirements large and small, including routine key updates, revocation of employee clearances, perceived threats, or actual attacks and breaches. This outdated, manual process costs payers and providers valuable time and can have an impact on data being compromised or remaining secured.

This new BYOK capability in the Change Healthcare Security Management suite lets payers and providers create, update, or revoke encryption keys on demand, enabling rapid responses when potential or active threats to sensitive data in the cloud are anticipated or encountered. Payers and providers can invoke a virtual “kill switch” that instantly stops access to protected data and services and can re-enable access within minutes using a new encryption key—effectively blocking active threats.

Here’s how easy it is for customers using the HealthQx suite to control cybersecurity using the new BYOK capability provided by Change Healthcare Security Management:

  1. The customer generates 2048-, 3072-, or 4096-bit encrypted public and private key sets. These key sets are protected by a master password unknown to anyone outside of the customer’s organization, including Change Healthcare. They can be changed at any time, on demand, by the customer. allowing them to remain in control of their cybersecurity.

  2. Without further human intervention, the keys and master password are encrypted, cut into multiple parts, and transmitted over multiple secure channels to the Change Healthcare Intelligent Healthcare Network, where they’re decrypted, reassembled, and added to the customer’s key vault.

  3. The new key pair is rotated into the customer’s infrastructure within the Change Healthcare Intelligent Healthcare Platform, leveraging the Microsoft Azure Data Lake, Microsoft Azure SQL Data Warehouse, Microsoft Azure SQL Database, ETL VM disk, SFTP VM disk, and any other storage areas—essentially anywhere the customer’s data within the HealthQx suite is in motion or at rest.

  4. Customers can instantly revoke access to data using a virtual kill switch. To do so, two of the customer’s authorized operators must issue a revocation order, which can be performed from anywhere in the world. No involvement of Change Healthcare personnel is required. When the order is issued, their system is locked down and no longer available to anyone.

All of these processes are automated, fast, and invisible to anyone appropriately authorized to use the HealthQx suite within the Change Healthcare Intelligent Healthcare Network, and encompasses all current operations: jobs, applications, and user interfaces. Now the power to control access and security with agility is entirely in the customer’s hands.

“Transparent data encryption with Bring Your Own Key capabilities helps organizations better protect sensitive data and meet regulatory and industry-specific compliance obligations which require specific key management controls,” said Lindsey Allen, Partner Group Program Manager, Azure SQL Database R&D at Microsoft. “We integrated this technology in Azure SQL Database so that we could help ensure that the sensitive data of users was protected in a compliant manner.”

Change Healthcare HealthQx BYOK ArchitectureChange Healthcare HealthQx Key Management

About Microsoft

Microsoft (Nasdaq “MSFT” @microsoft) is the leading platform and productivity company for the mobile-first, cloud-first world, and its mission is to empower every person and every organization on the planet to achieve more.

About Change Healthcare

Change Healthcare is inspiring a better healthcare system. Working alongside our customers and partners, we leverage our software and analytics, network solutions, and technology-enabled services to enable better patient care, choice, and outcomes at scale. As a key catalyst of a value-based healthcare system, we are accelerating the journey toward improved lives and healthier communities. Learn more at


Contact Us - Press Only

Available Downloads