Nightfall Data Loss Prevention makes HIPAA Compliance Possible

Covered entities bound by law to follow HIPAA regulations – like healthcare providers, health plans, and others handling protected health information (PHI) – need to demonstrate efforts to secure PHI. The specific measures required to do so are detailed in the HIPAA security rule which states that covered entities must put controls into place to identify and protect against anticipated threats to the security and integrity of PHI. Covered entities must also understand their risks to PHI security and integrity. These are accomplished through a variety of physical and logical controls as well as administrative procedures informing employees and personnel about the appropriate handling of PHI.

How does Data Loss Prevention apply to HIPAA Compliance?

As a logical access control, data loss prevention (DLP) ensures that organizations can detect who has accessed a piece of sensitive data and restrict or redact sensitive information that has been shared with unauthorized parties. As such, data loss prevention is invaluable to data security as well as compliance with a number of compliance regulations like HIPAA which explicitly require logical access controls to secure sensitive information and prevent data breaches.

How does Nightfall help with HIPAA Compliance?

As a cloud-native DLP solution, Nightfall provides data security for SaaS and cloud infrastructure platforms. Both cloud software and cloud infrastructure are highly collaborative environments where data security best practices can be difficult to implement due to the large number of users in these environments and their always-on nature. Under such circumstances, security teams will likely be unable to address data security incidents without tools that can give them the appropriate level of visibility within these systems. Nightfall is designed to do so. By using machine learning detectors specifically tuned to the types of sensitive data commonly found in cloud environments, including PHI, Nightfall is capable of automating data security and providing alerts whenever PHI appears somewhere it shouldn’t, like an inappropriate Slack channel or the wrong S3 bucket.

What does Nightfall detect?

Nightfall has over 100+ machine learning detectors for a variety of PII, PHI, and other industry specific data. You can detect patient names, addresses, medical record numbers, social security numbers, as well as a number of industry codes like ICD, FDA, DEA, NPI, DOB, and more. Additionally, you can add your own regular expressions to detect custom token types. Nightfall can detect sensitive data within documents, images, and in a variety of file types.

See how Nightfall has helped peers in your industry

Learn more about organizations like Ensurem, Signify Health, and Chelsea Jewish Lifecare and how Nightfall has helped each of them ensure HIPAA compliance within the technologies they use.  

Learn more about Nightfall for HIPAA

Learn more about what Cloud DLP is and how it works: https://nightfall.ai/resources/dlp-helps-organizations-stay-in-compliance-while-protecting-data-in-the-cloud/  

See how teams can make Slack HIPAA compliant: https://nightfall.ai/resources/how-to-make-slack-hipaa-compliant-in-2020/  

Finally, join us for an on-demand webinar detailing what you need to know about the HIPAA security rule and how to secure Slack with DLP: https://try.nightfall.ai/hipaa-on-demand-webinar  

Share this post: