Does investing in big data really make companies more profitable? According to the Harvard Business Review, 80.7% of Fortune 1000 executives surveyed report their big data investments as successful. Nearly half say big data helped them decrease expenses.

You don’t have to be a Fortune 1000 company to start making data-driven decisions about your benefits offerings. But you do need to pick a data analytics vendor that will provide valuable insight about your population so you can more effectively manage all your human capital costs. Or you could start smaller with just your health and welfare programs.

There are a lot of vendors to choose from, but they aren’t all the same. Some restrict the amount of data sources they collect to just healthcare benefits data. Many provide a few standards reports, but offer no additional reporting capabilities, or they may charge you extra to mine your own data.

Identifying the right data analytics vendor to fit your needs can be confusing. To help, I’ve compiled some tips to help you evaluate vendors.

What to Look for in a Data Management Vendor

There are many differentiators, but none more important than security to keep your data safe.

Security

Your benefits data contains personally identifiable information (PII) and personal health information (PHI) about your employees, so it’s protected under HIPAA. Computer hacks, malicious malware, and phishing scams all put this data at risk. You must protect the data to avoid damaging your reputation and avoid legal ramifications you will face if a breach occurs.

The vendor you choose must be, at minimum, HIPAA and HITECH compliant, deploying highest security standards and access policies to protect your data. Check to make sure vendors:

• Consistently protect your data with modern encryption mechanisms. In accordance with HIPAA and HITECH regulations, all PHI must be encrypted at rest and in transit. Ideally, your vendor encrypts your data at rest, in transit, and in use.
• Don’t turn off or create holes in their firewalls to increase performance. That puts your data at high risk for breach.
• Have maintenance schedules to protect their security systems. Vendors must stay on top of newly devised threats and system improvements by patching or updating systems regularly.
• Deploy two factor authentication and other role-based access controls. Two factor authentication gives vendors greater control over who is legitimately accessing the system, limiting the risk of breach.
• Take steps to ensure their employees aren’t putting your data at risk from phishing, malicious malware, and other hacking techniques.
• Train and enforce policies that prevent HIPAA violations from occurring, like emailing protected health information without first encrypting it.

Third Party Security Certification

Independent, third party validation of system security is becoming a requirement with many regulators, examiners, and auditors. Make sure the vendor you choose undergoes audits, at least annually, to ensure your data is secure. One of the most respected is the Statement on Standards for Attestation Engagements (SSAE) 16 Service Organization Controls (SOC) from the American Institute of Certified Public Accounts.

SOC certification involves a series of standards that assess how well a service organization controls its information. The purpose of the certification is to give you peace of mind when you partner with vendors.

There are two types of certification, SOC 1 and SOC 2. Each has two levels, Type 1 and Type 2. Type 1 reports concern policies and procedures that were placed in operation at a specific moment in time. Type 2 reports involve evaluation of systems over a period of at least 6 months.

SOC 2 asserts that the vendor has sufficient policies and strategies that satisfactorily protect client data, and is earned by more advanced IT service providers. SOC 2 includes five key sections, forming criteria called the Trust Services Principles:

1. The security of the service provider’s system.
2. The processing integrity of this system.
3. The availability of this system.
4. The privacy of personal information that the service provider collects, retains, uses, discloses and disposes of for user entities.
5. The confidentiality of the information that the service provider’s system processes or maintains for user entities.

Since SOC 2 Type 2 reports are considered more comprehensive and useful than type I reports, evaluate a possible service provider’s credentials when considering a vendor. A vendor that has achieved SOC 2 Type 2 certification has proven that its system is designed to keep its clients’ sensitive data secure.

Historical Data

Make sure the vendor doesn’t limit the amount of data you store. Your historical data is a goldmine of information about your population and the trends within. This data can help you pinpoint cost drivers and design programs that fit the needs of your specific population, like wellness, disease management, or safety programs.

You also want to be able to take your data with you if you decide the data management vendor isn’t meeting your needs. Make sure the vendor provides free, secure transfer of your data to a new vendor.

Integrate Data Sources

Put simply, more is better. Look for a vendor that allows you to store all your human capital data in a single, secure platform. If you can’t integrate workers’ compensation, absenteeism, safety, and other human capital data sets, you’re limiting your ability to make strategic decisions. You can’t identify program correlations, such as how a change in healthcare copays impacts your workers’ comp or disability programs.

Dashboards and Reports

Reporting is a key differentiator among data analytics vendors, with many providing a standard set of dashboards and reports. These static dashboards tell you only what has occurred at a moment in time, so they are limiting. Think Dragnet—just the facts. Yes, the reference is dated, but so are data analytic solutions that offer only static reports.

Luckily, a growing number of vendors provide greater flexibility. You can:

• Slice and filter the data in numerous ways to give you a deeper dive into what is going on.
• Customize reports to track key performance indicators that matter to you and support your corporate objectives.
• Schedule when reports are run and have them emailed right to you.
• Collaborate by sharing reports and dashboards within the secure platform.
• Print and export your reports in formats other than pdf, like PowerPoint or Excel, making sharing your key insights easier.

Thoroughly vet vendor reporting capabilities to make sure you’ll get the insight you need to effectively manage your human capital programs.

Data Access

Your benefit advisors should be able to mine your data on your behalf. They can get answers to questions you have by looking directly at the source&emdash;your data. Don’t choose a vendor that limits you to dashboards and reports. You need to uncover why issues are occurring to be able to effectively address them. And make sure the vendor has a flexible schedule for updating your data on at least a monthly basis.

You and your advisor should also be able to access your data 24/7, at your convenience. Cloud-based solutions make this available.

Analytics and Other Expert Support

Most data analytics vendors don’t provide or charge a lot for analytic support or for insights from benefits professionals, actuaries, and pharmacists to name a few. Best in class vendors know that technology alone can’t answer all your questions, so be sure that the vendor wraps a service model around its technology to customize the analysis to your specific company and support your corporate objectives.

Cost

Costs vary, so make sure you’re getting the most for your money when you choose a vendor. The most expensive vendor may not offer the most comprehensive solution, so compare features and costs.

Vendor Checklist

To further help you choose the right data management vendor for your needs, I’ve created a checklist of what to look for in a vendor.

Choose the right data management vendor the first time. Good luck!