The Paytient Challenge: Maintaining the Privacy of Complex Data
Paytient works with employers and health plans to offer employees and members a fee-free, interest-free line of credit to pay out of pocket medical, vision, dental, pharmacy, and veterinary expenses. Paytient integrates with payroll systems as well as automated payment methods. Their customers entrust them with highly sensitive data, such as credit card information, medical expenses, and other PII (SSN, etc.) needed to apply for the line of credit.
Paytient cares deeply about their customers’ privacy and isn’t willing to put it at risk of exposure in their lower environments, creating a challenge when it comes to getting safe and accurate test data to their global engineering workforce. “We don't want to expose people's actual salary and actual expenses to our test dataset,” explained VP of Engineering Jordan Stone.
At the same time, because the data they work with is so complex, Stone recognized the time and energy it would take to build their own de-identification solution. As a fast growing start-up they are constantly making changes to their database and are sensitive to the impact of these changes on their development cycle. “As a company that's dealing with a lot of PII data, there are a lot of complex scenarios that we can't recreate manually, or the time and energy it would take for us to recreate those scenarios manually would be prohibitive.”
Further complicating Paytient’s needs is the fact that their product support team requires a way to work securely with sensitive data living in flat files. Building a system to protect the data stored in their relational databases was one thing, but dealing with these additional file type data sources exacerbates the existing obstacles. “The level of effort for us to build something with this kind of complexity, to make our test data as real as possible, far exceeded what we have the capacity to do,” said Stone.
The Paytient Solution: Secure Data De-identification in the Cloud
Given the size of their engineering team, Paytient knew they wouldn’t have the resources either to build a solution in-house or to implement and maintain a self-hosted platform. They found the straightforward solution they needed in Tonic Cloud. “Having the cloud version of Tonic made it a very easy decision for us when we looked at what the cost would be for us to build even a basic version of Tonic, plus the cost of hosting that basic version ourselves," said Stone. “There’s an opportunity cost to build versus buy. Our engineering team manages infrastructure, security, application development, the whole thing. So having something that was super turnkey like Tonic Cloud, with no infrastructure to manage, was really important for us.”
With Tonic Cloud they were able to seamlessly integrate Tonic into their workflows with minimal additional resource investments. Put simply, “the onboarding process itself was relatively straightforward because it was in the cloud so there was nothing for us to install.” Paytient also had to carefully consider the security of going with a cloud-based solution. Tonic’s SOC2 Type II and AWS Qualified Software certifications gave the engineering team confidence in trusting Tonic with their data. “With most things security related, there’s a risk profile,” elaborated Stone. “The risk profile of the cloud version of Tonic was far lower for us than the operational risk of either not having Tonic or of having the burden of managing a self-hosted version ourselves.”
In addition to Tonic’s own security certifications, the features within Tonic Cloud, including its thorough privacy scan, automated generator recommendations, and schema change notifications, have helped Paytient with their SOC2 audits two years in a row. These strengthened data privacy measures allow Paytient to better enable their offshore developers. As Stone explained, “We're globally distributed, so there are limits on who can access data, what data they can access, and where data is transferred and stored. Having Tonic generate production-like data for us has simplified the compliance restrictions while allowing us to leverage our global workforce.”
Regarding their specific needs tied to de-identifying sensitive data in flat files? The new flat file capability of Tonic Cloud has enhanced its long-term value proposition for Paytient as a solution that “supports our members in a way that protects their information, making sure that we're adhering to our compliance and security policies,” Stone emphasized.
The Paytient Results: a Strong ROI, with Significant Time Savings and Security Assurances
Tonic Cloud streamlines access to quality test data for Paytient’s global engineering team so they can focus on building their products rather than managing the infrastructure of their data pipeline. “Tonic's Cloud product easily saved our Engineering team hundreds of hours of development time over several months,” Stone shared. By accelerating software development, enabling customer support, and reducing total cost of ownership, the company has achieved an estimated 3.7x ROI on Tonic.
“Anyone who is faced with the challenge of needing to move quickly and to be laser focused on their mission to provide value for their customers, go with the cloud hosted version of Tonic,” stated Stone. “It’s the best way to support that mission more broadly for your organization and to make sure that you're able to leverage the time and talent of your team in a way that is in support of that goal.”
With Tonic Cloud, they were able to generate data within two days of implementation. Stone recognizes that it “takes software to build software. Every time we bring a new vendor on, I'm always thinking, how often am I going to have to think about this thing after we've onboarded it? Onboarding is one piece, but maintenance is the hidden cost of software development.” His conclusion at the end of the day? “We’ve been fortunate that the amount of time I’ve spent thinking about Tonic is very low. It does what it needs to do, and that’s what we want out of a tool like this.”