Webinar: Join us, Tues 5/24. Nightfall & Hanzo experts will discuss how machine learning can enhance data governance, data security, and the efficiency of legal investigations. Register now ⟶
Nightfall Enables Vital to be a valuable HIPAA-Compliant partner for hospitals and other healthcare providers
Co-founded by Mint.com creator Aaron Patzer in 2019, Vital provides modern consumer-grade software that is designed to transform the care experience for patients, clinicians, and staff. Using artificial intelligence (AI) and natural language processing (NLP), Vital engages patients throughout an emergency department and inpatient visit, driving improvements in both clinician efficiency and patient satisfaction.
Vital serves to not only make patient care easier to manage on the provider side, but it enhances the patient experience by giving patients up-to-date, real-time information about their visit. Because Vital integrates and closely interacts with healthcare providers to enable its service, the company has PHI and other sensitive data in its systems, which Vital’s security team must monitor closely to protect against cyber threats and ensure compliance with HIPAA.
Building a secure, remote-first HIPAA-compliant organization
As an early stage startup disrupting a legacy industry, communications within Vital must keep pace with the speed at which internal teams operate. As such, it’s no surprise that Vital is a remote-first organization, leveraging a wide range of cloud applications like Slack, Confluence, and Jira for instant collaboration. Akhil Sharma, head of security and compliance at Vital, identified these tools as an especially important area of risk, given the role they play within the organization.
“We wanted to handle PHI in a sensible way and Nightfall DLP helps us in doing this because those three tools don’t provide DLP out of the box. Also, because we are going for SOC 2 and HITRUST, Nightfall enables us to meet those control objectives.” says Akhil.
Being a healthcare technology provider, HITRUST is of special importance to Vital, especially when it comes to aspects like HITRUST’s Data Protection & Privacy control domain.
For Akhil, Nightfall is an integral part of remaining inline with controls and practices recommended by the framework. This is because Nightfall leverages machine learning detectors explicitly trained on common types of PII and PHI, as well as the contexts this data is often found in. This lets Nightfall search for sensitive data in messages, files, and images. Connecting to popular cloud apps via API, Nightfall continuously monitors these applications for violations of data security policies you create, allowing you to be in control of when and where PHI is allowed to be shared. Within Slack, this includes both public and private channels, as well as channels shared between organizations.
Additional features, like end-user notifications for policy violations, turn alerts into teachable moments for employees who may unintentionally violate policy. This helps organizations build a more secure remote workforce and ultimately helps towards fulfilling aspects of the HIPAA Security Rule, that requires employees to be informed and educated about policies around the protection and disclosure of PHI.
“Nightfall DLP for Slack is so good that it keeps us in discipline when it comes to the kind of data flowing through Slack. There is a piece of data security awareness that comes with Nightfall because we can do everything within Slack, like notify users. The way it engages with the user is amazing.”
Simplified and streamlined data security workflows
Nightfall’s powerful detection capabilities comprise just one aspect of the platform. Like any good security application, Nightfall must be able to plug into a security team’s existing processes without disrupting workflows and provide valuable and meaningful alerts. Nightfall easily accomplishes both of these. Akhil was impressed by the ability to both receive violation alerts and remediate them from his team’s security alert channel. Because of this feature, Nightfall quickly became a favorite tool among Akhil’s team.
“The ability to alert, contain, and eradicate issues within Slack is my favorite feature. With any alerts that we get from Nightfall, we actually don’t have to leave Slack. We get everything in Slack, and we can close the incident or issue from within Slack. We don’t have to hop into different tools to look at one issue. Everything is in there.”
Nightfall lets Vital’s security team retain or streamline their data security workflows across Slack, Confluence, and Jira, the three applications Vital is currently securing with Nightfall. This has allowed for effectively one view and one truth within Vital’s security organization. This means that his team sees exactly where PHI is within these systems, and can remediate any policy violations through a singular process.
“Nightfall covers the tools that we use at Vital, like Confluence JIRA and Slack. We don’t need to get DLP for Slack with one vendor, then for Confluence with another vendor. Nightfall gives us a DLP solution for all of these, and we can have one rule set and apply to all those different SaaS platform,” says Akhil.
Compliance made effortless
The real power of Nightfall for Vital is its ability as an enabler of compliance. Being responsible for both security and compliance means that Akhil’s team must prepare the organization for compliance audits in addition to managing and triaging security alerts.
“Because we operate in the healthcare industry,” says Akhil, “we handle PHI and Nightfall is part of our line of defenses. It gives us visibility in the tool sets in Slack, Confluence, and JIRA and helps us identify if there is any unintentional or intentional exposure of those data and helps us meet HIPAA and HITRUST, so we can prove our compliance to our customers.”
As a SOC 2 certified security vendor, Nightfall understands the importance and demands of compliance audits and is designed to help teams prove compliance. Alerts are detailed enough to provide the important information needed to track data security risk over time, something that is extremely useful for organizations that use security frameworks like HITRUST CSF to set their overall security strategy.
Nightfall is the industry’s first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack, Google Drive, GitHub, Confluence, Jira, and many more via our Developer Platform. You can schedule a demo with us below to see the Nightfall platform in action.
Schedule a Demo
Select a time that works for you below for 30 minutes. Once confirmed, you’ll receive a calendar invite with a Zoom link. If you don’t see a suitable time, please reach out to us via email at firstname.lastname@example.org.