Protecting PHI in Slack: Nightfall adds DLP (and value) to Perry Health
HQ Location: Brooklyn, New York
Pan Chaudhury, CEO & Co-Founder
Pan Chaudhury created Perry Health in 2017 to streamline healthcare delivery. He and his co-founders envisioned a digital health tool to assist healthcare providers in managing chronic conditions like diabetes and hypertension by coordinating care and communication. Perry Health supports better healthcare outcomes by monitoring and engaging with patients when they’re not in the doctor’s office. This connection between office visits benefits both patients and providers: patients are empowered to take control of their treatment plans, and small and medium-sized private practices can have a more holistic view of their patients’ chronic conditions outside of normal office visits.
Perry Health provides a technology-first approach to healthcare, with user-friendly mobile and web applications to facilitate these improved patient-provider connections. Making things easy in healthcare requires strict compliance and data security. When Pan needed to add a HIPAA-compliant data loss prevention (DLP) solution to Perry Health’s Slack instance, he chose Nightfall.
Diving into cloud security with DLP
Managing chronic conditions is a massive task for patients and healthcare providers alike. Remote medicine can help improve outcomes by connecting providers to their patients, beyond the office visit, especially for those in rural areas. A technology-based approach that fills in these gaps is part of the solution to helping manage chronic health conditions. This was the basis for CEO & co-founder Pan Chaudhury when he launched Perry Health’s remote patient-monitoring service.
Their new approach to medical care relies on a constant flow of highly sensitive data between patients and providers. One of Perry Health’s internal needs is to consolidate patient data into a single workflow to better manage and secure protected health information (PHI). Pan saw that Slack could fulfill this need, but there was one thing missing: how could he be sure that Perry Health’s patient data was protected within Slack?
Pan had a number of options for securing PHI and maintaining HIPAA compliance in Slack. The platform even offers a list of approved vendors that provide HIPAA-compliant DLP. He needed a tool that secures sensitive data, but also a solution that understands the data protection needs of the healthcare sector. Nightfall stood out to him among the other DLP options, as an innovative cloud-native DLP solution that provides the protection he needed.
“I was impressed with Nightfall,” Pan says. “It’s a very tech-forward company. From the first call I had, it seemed like a hands-on team. It’s hyper crucial for us to be HIPAA compliant. We use Nightfall to ensure that PHI is not being sent to improper places in Slack. This helps us improve our care team efficiency by a large margin.”
“Prior to Nightfall, we had communications scattered over a number of different platforms. We needed a way to unify and secure those communications. This was key in moving us forward.”
A clearer view into protecting PHI
With Nightfall DLP for Slack in place, Perry Health has the visibility into the data they’re sharing in Slack and the ability to protect it. Their journey to a more complete security posture began with their first ever venture into DLP with Nightfall. Protecting PHI in Slack was why they initially approached Nightfall, but there are even more benefits for Perry Health. Namely, how Nightfall detects and classifies data in all files and messages being shared in Slack, including images.
“The optical character recognition from Nightfall is pretty impressive,” says Pan. “We send a lot of screenshots and other images within our Slack during internal discussions about things like user experience. We don’t have to worry about leaking sensitive information within text or images.”
Nightfall makes a difference for Perry Health with fast and easy setup as well. “The onboarding experience with Nightfall was surprisingly lean,” Pan says. “Other vendors estimated a week for setup. Our Nightfall onboarding call took less than half an hour. Working with a team that’s very enthusiastic and building a great product has been great for us.”
“Our business has a million moving parts, including hardware and surfaces. If a company can take one thing off of our plate, it’s a huge value add. Nightfall has been great for us.”
Adding value while maintaining a secure Slack environment
Today’s cloud security leaders must consider many different factors when bringing a new infosec platform into their organizations’ technology stack. Value add is becoming increasingly important in a world where every penny and minute counts, which is why Pan trusts Nightfall to handle his cloud DLP needs.
“Nightfall is a seamless integration,” he says. “It’s nice to be able to implement something and not worry about it. We can automatically detect PHI in Slack now, and in other communication platforms that we might integrate down the line. With Nightfall, we have one less thing on our plate.”
Thanks to Nightfall’s automatic scanning for PHI and other sensitive data with our 100+ custom detectors, Perry Health can think of how to scale up their organization and develop new processes in Slack to improve their products and services for clients.
“The biggest value that Nightfall has added to our team is a ‘set it and forget it’ module,” Pan says. “There’s no need for management. It’s just a platform we can integrate into our Slack, and we don’t have to think about it anymore.”
“Our goal is to develop new processes on Slack that will enable our care team to scale more effectively but securely as we grow from 1,000 patients to 10,000. We expect Nightfall will help us reach these goals.”
Nightfall is the industry’s first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack & GitHub as well as IaaS platforms like AWS. You can schedule a demo with us below to see the Nightfall platform in action.