Modernize HR data strategy to address cybersecurity risks 

Most employers leverage health care claims data today to set budgets, monitor experience and understand key cost drivers. Many also draw on information from other parts of their benefit ecosystem such as clinical management and disability programs, and even incorporate work performance data to obtain a more holistic understanding of employee health and well-being and how it affects the organization.  

The value of data is growing rapidly with the thoughtful application of Artificial Intelligence and machine learning algorithms. In the benefits arena, these tools allow not only a deeper understanding of utilization and cost drivers, but a way to assess the impact of interventions designed to optimize investments in employee health. If you haven’t updated your Human Resources data strategy recently – very recently – you may be missing important opportunities. 

Explore the opportunities

Non-generative AI and machine learning can make data ingestion more efficient and help employers analyze historical and real-time data to forecast future events and behaviors – which can enhance decision-making and strategic planning. As employers make company-wide AI investments, benefits departments will want to position themselves to take advantage of these opportunities. Here are some ways to get started: 

• Take ownership of data across all your healthcare programs and services. Your carrier and solutions partners owe you the data you need at a level that allows you to utilize it for the benefit of your plan and its members. Recent transparency mandates, such as the gag clause ban and prescription drug data collection, should help dislodge previously unavailable data. 
• Integrate data beyond healthcare as next-generation analytics uncover previously unidentified opportunities for insights across disciplines.  
• Explore and implement machine learning techniques to answer questions about key cost drivers, vendor performance, and other factors that affect your strategy. You might try "unsupervised” learning techniques such as clustering to identify patterns in your data that can help inform strategy. 
• Stay on top of any guidance from regulators related to AI or machine learning, particularly algorithms that may potentially be biased. 

Support fiduciary responsibilities

While fiduciary risks for ERISA plan sponsors are not new, transparency requirements, high-profile lawsuits, and increased audit activity by the U.S. Department of Labor may heighten fiduciary risk. Now is an ideal time to assess the role data can play to help employers meet their fiduciary responsibilities.  

Employers can use data to: 

• Make data-driven decisions. Though many analyses require assumptions to be made, be sure to document the rationale behind your decisions, including relevant data points. 
• Monitor claims experience on a regular basis and take action when metrics indicate an opportunity to improve plan performance, or new solutions become available. 
• Audit programs to ensure oversight of plan payments. With emerging technologies, it’s now possible to audit 100% of claims to identify where payment errors, fraud, waste, and abuse may be occurring and inform mitigation strategies. 

As always, ensure that any use of data that is personal health information complies with HIPAA requirements. 

Address cybersecurity risks

As data becomes ever more valuable, employers should be mindful of new cybersecurity risks and regularly review their data management strategies, including under HIPAA’s security provisions. The growing number of threats – along with the DOL’s position that mitigation of cybersecurity risks is a fiduciary responsibility – merit increased attention.   

• Know where your data is being shared and what the data encompasses. Consider reviewing and documenting the data being shared among your various partners and with their sub-contractors. Are you sharing the minimum amount of data required to accomplish your goals? 
• Have consistent data usage rules. Make sure you understand how you and your partners are entitled to use data – and how you are not. 
• Ensure that industry-leading and HIPAA-compliant data security protocols, encryption, and other tools are consistently applied to protect your data. The DOL has provided a list of best practices. 
• Work with legal counsel so that contracts with vendors reflect these strategies. 
• Make sure that you are adequately insured for any cybersecurity risks and be prepared to respond quickly if a breach occurs. 

There are countless opportunities to use data appropriately and effectively in the HR space – in fact, not doing so will likely result in missing opportunities to improve your benefits offerings and, ultimately, your core business. Building secure data environments with trusted partners must be considered a fundamental part of your business – you’ll need to work with legal counsel to ensure that your data strategy complies with all laws and regulatory developments at the state and federal level, including HIPAA.  Don’t delay – now is the time to refresh your benefits data strategy to optimize program performance and minimize risks.