Getting data architecture right: A guide for healthcare payers

By Ulrike Deetjen, Mathis Friesdorf, and Henning Soller

Digitization is rapidly changing the competitive landscape for healthcare payers. Consumers increasingly expect seamless omnichannel offerings. Digital natives are driving innovation in integrated healthcare delivery, requiring payers to compete effectively in digital health ecosystems. And continued economic pressure makes internal process efficiency the next necessary step change.

To stay ahead of the competition and take full advantage of digital opportunities, payers globally need to build the required underlying foundations, including an agile organization, digital delivery capabilities, scalable IT platforms, and at-scale data processing. From our observations, data is increasingly becoming the main limiting factor.

Payers usually excel in processing certain data, such as claims. However, they have only started to build the data foundations they need to execute their digital agenda, including a 360-degree view of consumers for omnichannel service, a data layer integrated across healthcare stakeholders to support ecosystems, and process tracking and mining to enhance internal efficiency.

In the past, we have seen many payers build dedicated data marts for actuary optimization at impressive speed and establish analytics use cases with clear business cases behind them. But few payers have succeeded at scaling this approach to areas where data management is often more complex.

Although healthcare payers have an abundance of data, they often lack the ability to make it accessible and amenable to analysis. They can learn from other industries, such as banking, that have become data driven in the past decades.

We see three main success factors: granular yet automated management for consent and permissions, scalable technology and cloud solutions, and an openness to broader ecosystems. This approach can be reflected in the typical target architecture (exhibit). The data lake is the major component in ensuring scalability.

We have defined the target architecture for healthcare data.

Automated consent and permission management

Health data is subject to a high level of regulation to protect patient information from cyberattacks, loss, or corruption, as well as to ensure privacy rights. In light of this, many healthcare payers have taken a conservative approach to data usage, avoiding use cases that might raise privacy issues, and, as a result, they have missed out on value-creation opportunities.

In other industries, the major technology and e-commerce players have led the way, and ready-to-use solutions are widely available.

What makes data management particularly challenging for healthcare payers is that data storage and evaluation need to be controlled in a way that both protects and handles each element according to its individual sensitivity. For example, storing and analyzing medical data of insured patients is not allowed in most European countries but might be critical to support disease-management programs.

Thus, each data point should be linked to a clear purpose. An email address will always be used for billing, for example, but payers may not use it for sales unless individuals explicitly opt in. Again, well-established permission-management solutions must be tailored to specific healthcare situations. This is the area where many payers still seem to struggle the most.

Lastly, Europe’s General Data Protection Regulation (GDPR) has emphasized the importance of data deletion. This requirement is particularly relevant for payers due to the wealth of sensitive data they collect. Since this data is usually spread across multiple systems, adhering to GDPR calls for elaborate deletion protocols that can be partially automated but will likely involve several manual steps.

Scalable technology and cloud solutions

To achieve at-scale data usage, payers must often improve their technology foundation. Data-storage and data-management solutions need to be upgraded, including optimized master-data management to improve data quality and consent and permission management to ensure compliance. Modern streaming and data-lake solutions increasingly play a role in allowing organizations to process live data streams or unstructured data.

To gain insights from the data, modern analytics solutions are required. Many payers currently rely on simple manual routines, business-intelligence solutions, or specialized actuary software. Open-source tools as well as modern visualization and evaluation technologies can help fill this gap. Specifically, we see that the setup of full toolchains is no longer required but can be directly deployed from the cloud.

The biggest pain points for payers are often not data storage or evaluation but ensuring that functions across the organization have access to insights from data. Addressing this issue requires payers to be more flexible in process design and to develop the capability to embed analytical models seamlessly. This integration ensures that exceptions are flagged and the proper intervention is followed—for example, if during the payment process certain medical conditions do not match with the procedures performed. Modern process-integration tools can help manage these tasks in an automated fashion.

Since the technology landscape transforms significantly along the journey to at-scale data usage, the use of cloud solutions can significantly speed the transition. This includes the deployment of API layers to allow for easy and standardized access to data; the ability to deploy a scalable architecture to allow for fast, large-scale analyses; and the ability to leverage dedicated technology solutions as knowledge graphs for specific problems at hand.

To date, the hesitancy of healthcare payers to move to the cloud has been a barrier to the adoption of such solutions. We usually find, however, that a clearly defined scope and the right technical and organizational measures can enable organizations to successfully deploy cloud solutions.

Openness to healthcare ecosystems

Data management becomes particularly relevant when assessing it from an ecosystem angle. In recent years, two types of ecosystems have emerged in healthcare.

First, traditional healthcare is integrated with e-health approaches, where providers and payers become more interconnected and medical data can travel seamlessly along care pathways—for example, by providing a medical history when a patient sees a specialist. Second, digital healthcare is becoming more prominent thanks to widespread use of telemedicine during COVID-19. Similarly, patients are increasingly embracing medical apps, and even healthy individuals monitor their well-being through tools such as fitness trackers.

These two trends have led to an ever-growing health ecosystem, with potentially relevant data spread across a multitude of stakeholders. An initial critical task for payers in participating in and orchestrating digital health ecosystems is transferring the data along care journeys:

  • First, cross-party identity management and single sign-on may be used to reduce hurdles in the movement of data.
  • Second, the transfer of data should be supported by modern API management solutions that enable different services to exchange information.
  • Third, by standardizing internal and external APIs and establishing a maximum level of consistency, payers can use external services as seamless elements of their processes and conversely offer their own solutions to third-party participants in the ecosystem.

Even if data movement has been enabled, healthcare ecosystems still haven’t resolved the ownership of data and when and how it can be used. As one concrete example, imagine a patient enrolled in a payer disease-management program that is supported with a medical-support app built by a third party. Should the payer now have access to all data from the app? And, conversely, what kind of additional data can the payer provide to improve an app that is central to its disease-management program?

While such questions may appear to be legal issues, they strike at the foundation of healthcare ecosystems. Therefore, addressing them will be a critical challenge for payers in the coming years and will ultimately define whether they are serving as effective stewards in guiding their population through the complexity of the healthcare ecosystem.


Fortunately, most healthcare payers can improve access to data-driven insights through targeted enhancements to tangible use cases, measures to counter private-data exposure, and steps to integrate with broader ecosystems.

Cloud-based solutions and new technology databases can ease this journey significantly, but direct, seamless integration with the processes through appropriate tooling typically remains the biggest lever to generate impact.

Ulrike Deetjen is a partner McKinsey’s Stuttgart office, Mathis Friesdorf is an associate partner in the Berlin office, and Henning Soller is a partner in the Frankfurt office.