Webinar: Join us, Tues 5/24. Nightfall & Hanzo experts will discuss how machine learning can enhance data governance, data security, and the efficiency of legal investigations. Register now ⟶
Compliance & securing PHI is easy for Capital Rx with Nightfall DLP
Capital Rx processes pharmacy benefits claims and provides clinical oversight to employers, unions, municipalities, and health plans. Like other companies in the healthcare industry, Capital Rx must maintain compliance when handling data in the cloud. Their concern is protecting the confidentiality of electronic protected health information (e-PHI) to maintain SOC 2 compliance and URAC accreditation for their technology systems.
With hundreds of users on Slack, the Capital Rx technology team needed a way to ensure that sensitive customer e-PHI would never be at risk of improper exposure within messages and files sent over the app. Nightfall’s API-driven data loss prevention (DLP) provides the coverage Capital Rx needs to satisfy compliance audit requirements and identify which customer data does not belong in Slack.
Oversight for compliance requirements and data risk all in one platform
Ryan Kelly is Capital Rx’s CTO and co-founder. His team had to overcome a major security challenge for the company: gaining complete oversight of their Slack instance to protect e-PHI. Capital Rx relies on the cloud for their entire service delivery model, so they needed a cloud-native data security platform that fit seamlessly into their tech ecosystem.
Nightfall provides the Capital Rx technology team with visibility into how information is shared within Slack. DLP was an easy choice for Ryan and his team, as a low-friction way to implement automated scans and alerts that help support their security and compliance goals. “Implementing a DLP platform allows us to step up our security to another level, with our ability to monitor and audit our Slack communications,” says Ryan. “Nightfall DLP gives us the oversight we need to achieve our legally mandated data confidentiality requirements.”
API-driven DLP equals efficiency and productivity for Capital Rx
Capital Rx operates in a highly regulated industry and handles large volumes of sensitive data every day. The demands of managing this high degree of data risk can drain resources and bandwidth from a team trying to do it all without automated support. Nightfall quickly proved to be the right solution for Capital Rx’s compliance and security needs in Slack, with Nightfall’s detection engine identifying problematic data usage and sharing before it ballooned into a security incident.
“In several instances, Nightfall has prevented users from sharing PHI in a public Slack channel and protected that sensitive information from being more widely shared, retrieved, or seen,” says Ryan.
When Capital Rx added Nightfall to their security technology lineup, they saw benefits beyond simply removing sensitive patient data in Slack. In some cases, internal teams need to be able to share data, and the concern is not to block them from doing so but rather to keep data sharing limited to appropriate channels. Nightfall offers flexibility in how DLP policies are applied based on metadata like channel type. By allowing internal Slack users to share e-PHI and other sensitive data in a secure and sanctioned way, Ryan’s team also got a boost in productivity and organizational efficiency.
Data risk is one less thing to worry about with Nightfall
Contemporary security problems require forward-thinking approaches. Capital Rx relies on modern SaaS-based systems for collaboration and productivity so they can build and produce new ideas, solutions, and products for customers and internal stakeholders. Working in the cloud enables teams to move faster, but the ease of sharing information also introduces new security and compliance challenges. Nightfall helps Capital Rx take advantage of Slack’s collaborative capabilities while reducing risk.
“We’re able to get ahead of very expensive data exposure incidents that could violate HIPAA requirements, which can run easily to thousands of dollars per member record affected,” says Ryan.
Nightfall’s fast integration into Slack and ease of use helps Capital Rx focus on the bigger picture for their growth as a company. Automated DLP protects e-PHI in Slack without Ryan and his team needing to monitor and intervene every time a possible incident occurs. “Being able to use cloud-native technologies like Nightfall enables us to stay focused on delivering valuable services and solutions to our customers,” says Ryan.
Nightfall has become a key component of Capital Rx’s overall security strategy by allowing them to secure e-PHI in Slack, preventing exposure incidents before they happen, and unlocking higher productivity for the technology team. The confidence and peace of mind that comes with Nightfall DLP is a big win for Capital Rx’s internal security outcomes.
“We’re able to get ahead of very expensive data exposure incidents that could violate HIPAA requirements, which can run easily to thousands of dollars per member record affected.”
Nightfall is the industry’s first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack, Google Drive, GitHub, Confluence, Jira, and many more via our Developer Platform. You can schedule a demo with us below to see the Nightfall platform in action.
Schedule a Demo
Select a time that works for you below for 30 minutes. Once confirmed, you’ll receive a calendar invite with a Zoom link. If you don’t see a suitable time, please reach out to us via email at firstname.lastname@example.org.