Streamlining Operations & Unlocking Security Assurance

How Lucerna Health is quickly laying the groundwork for healthcare security & compliance.

David Atkins Lucerna Health

David Atkins Co-Founder and Chief Operating Officer

Lucerna Health helps healthcare providers and payers expand, grow and succeed in the rapidly evolving value-based care (VBC) environment. Lucerna Health provides health consulting, payer-provider alliance, marketing, health engagement and VBC operating services. Their goal is to create integrated payer-provider processes and an end-to-end analytic-driven operating model that enables busy clinical organizations to manage the business of VBC while focusing on delivering patient-centered care.

Lucerna Health's Story

The problem space

As a BA (business associate) in the Healthcare space, David Atkins, Joe Mader and the rest of the team at Lucerna Health are working to make the heavily regulated healthcare industry and the challenging payer/provider data and operations integration process streamlined so providers can focus on providing the best care for their patients.

Working with healthcare requires an extreme focus on security and privacy assurance. To be proactive in their product development, the Lucerna Health team have prioritized certification in a stringent healthcare cyber security framework in the coming year and are leaning heavy on JupiterOne to prepare themselves.

A decorated background of experience

Both David and Joe bring valuable perspective to their security operations and compliance challenge.

Prior to co-founding Lucerna Health, David worked in large payer organizations and gained invaluable industry experience while leading enterprise data solution and analytics teams and understands the critical role of advanced security. Large enterprises and institutions face time and resource challenges but still have to maintain high demands of their vendors when it comes to data management and security. Hence the industry shift towards cybersecurity and compliance frameworks, a standard of which to measure and filter conversations on.

Joe’s is a different story. Prior to leading systems and security architecture at Lucerna Health, Joe held multiple roles across the defense and intelligence technology space. Because the efficiency and advantages of public cloud were not readily available across the spectrum, the burden of heavy infrastructure combined with defense level security frameworks created barriers to progress and innovation.

“As we assessed tool and technology options, we wanted to be certain we avoided feature overload. Centralized and simple was a priority.”

David Atkins, Co-founder and Chief Operating Officer

The Challenge: Establishing Scalable, Efficient Security Operations

Why a Compliance Certification?

Cloud data and analytics providers, such as Lucerna Health, which handle personal health data at scale know aligning with stringent cybersecurity frameworks is a must to streamline the security assessment and approval process with large health care organizations. From a client engagement perspective, certified compliance streamlines the security conversation when competing for new business and new partnerships. Practically speaking, it underlines their commitment to security.

Simply being compliant won’t necessarily win you any business, but not having it will certainly lose business. So Lucerna Health looked to the market for a partner that could help them navigate the process with limited resources and bandwidth dedicated solely to security.

Compliance across stringent security frameworks can be completed by any organization if time and resource limitations don’t exist. Lucerna Health, however, aim to achieve the difficult certification quickly and cost effectively, avoiding costly consultants and instead leaning heavily on laying the right technological and policy foundations.

Enter JupiterOne

There were a number of things that drew David and Joe to choosing JupiterOne as their core security enablement platform.

Lucerna Health prioritizes being as completely cloud-native/AWS-native wherever possible. In their previous lives they had to overcome the difficulties associated with managing their own data centers and getting things approved by large security and infrastructure teams. The cloud makes everything faster and easier. As they build out a data lake, along with proprietary Value Based Care (VBC) products, the cloud will allow them to be nimble and scalable without compromising security.

“We were looking for a partner that was cloud-native and had gone through the process themselves.”

Joe Mader, Systems & Security Architect

Off to the Races

Day to Day Operations

During the security engineering process, Joe and his team leveraged JupiterOne’s Policy Builder to lay the groundwork for their path to compliance, but what has them most excited about the platform is the JupiterOne Query Language, which allows them to search the graph database and relationships in their digital environment for compliance evidence, vulnerabilities and changes.

“I really like the canned and prepared queries in the [query] library. That has helped us make use of the search function. I am looking forward to getting more intimate with the query language this year.”

Lucerna Health is also leveraging JupiterOne’s Endpoint Compliance Agent which allows them to enable their BYODevice strategy, and the JupiterOne Compliance Dashboard, which allows organizations to quickly spot areas where they are out of compliance, what is impacted and what needs to change.

The efficiency gains in security operations provide extensive runway for Lucerna Health as they reach for compliance this year and press on in their mission of enabling providers to spend more time on their patients and delivering patient-centered care.

Leveraging a Graph-Based Approach

By leveraging JupiterOne, Lucerna Health is able to view the relationships with their critical resources, users and more on a graph rather than the traditional list approach. This graph database provides the context needed to enforce security policies and effectively gather evidence for compliance framework adoption in a fraction of the time traditional approached take.

In Lucerna Health’s case, the groundwork being laid for their healthcare compliance certification with JupiterOne will shorten the time it takes to complete their audit by up to 50%, while also providing a near-real time view of their gaps and evidences to maintain continuous compliance.

Adoption of essential security and privacy frameworks is critical to customer acquisition for healthcare software providers and those headwinds are cleared by JupiterOne’s graph-based data model, which was built with Amazon Neptune.

Waiting for compliance is one approach…but aren’t you ready to take your security operations head on?

Start Your Free Trial