Protect Member Data with Security Focus in Your RFP


The flow of data from members to your organization is key to meeting performance goals and many federal requirements. Health plans need to be able to ensure members – and regulatory bodies – that data is valued and protected. Finding a digital health partner who can protect your member’s data is an important part of your request for proposal (RFP).

With the right questions and planning, an RFP can address technical infrastructure and security protocols so you can choose a digital health partner that offers protection with the highest privacy standards.

Begin with the Basics

As technology evolves, discussions about Protected Health Information (PHI) and HIPAA have to evolve as well. Data security is an important topic and a productive conversation requires subject matter experts (SMEs) from the plan and potential vendor are at the table. Use your RPF to guide the conversation and set expectations for cyber security.

Begin by outlining your plan’s security requirements. If a vendor doesn’t meet those standards, it’s better to discover that early in the process. Ask if the vendor is Health Information Trust Alliance (HITRUST) certified. Following HITRUST ensures your partner keeps systems compliant and up to date and ensures your vendor’s staff are also screened for data security purposes. The certification will guide the partner in applying security protocols for third-party subcontractors as well. This knowledge and action plan builds the framework to keep your organization HIPAA compliant.

Assess Risk All the Time

The efforts of computer hackers can’t be underestimated and neither can the importance of routine risk assessment. A digital partner needs a rigorous prevention plan to anticipate and manage new technology threats. Talk with vendors about how they monitor threats or uncover firewall vulnerabilities to stop unauthorized access to your systems.

Encryption is the basic building block of data security. The encryption software your vendor partner uses lays the groundwork for your organization’s protection. With the plan and vendor SMEs in the discussion, ask about data encryption processes – does it offer security for everything stored in the cloud?

Combine Records

Once the security boxes are checked, explore record management. Has the vendor demonstrated the ability to integrate data and platforms? Member information comes into your organization in multiple ways - an app, claim or spreadsheet upload for example. Since your plan is required to meet measurement standards from a variety of areas, you need a vendor that can pull data into one place for comprehensive member record management.

Your partner must have the technical expertise to combine multiple vendors into one platform and create an efficient, streamlined experience. Maintaining a multi-vendor platform reduces the administrative lift by significantly scaling back the time your staff needs to spend on spreadsheet management.

Data security is just one focus area necessary for building an effective RFP.  Read these additional guides to get insights on:

If you want to get started now, download the Healthmine RFP guide and checklist to learn how to prepare a request more efficiently for proposal and avoid common pitfalls with finding the right partner.

Healthmine continuously works to ensure our partners’ data is secure by maintaining our HITRUST certification. Everything we do builds an improved relationship between members and their health plan, which starts with trusting that personal health details are safe.

Download the RFP Guide and Checklist


Healthmine is the leading member engagement and rewards solution focused on empowering people to take the right actions to improve their health.

More Resources from Healthmine

More Like This