Signify Health Stays HIPAA Compliant with Nightfall DLP

Industry: Healthcare

Employees: 1500+

HQ Location: Dallas, TX

Mark Magpayo, Manager, Security Operations

Signify Health’s mission is to improve patient quality of life by providing comprehensive care to the people who need it most. As a fast-growing healthcare technology company, they’re transforming the quality and delivery of care through an intelligent technology platform and a national network of clinicians. Their patient-first approach allows Signify Health to create a better care experience.

Protecting sensitive patient data is a must for Signify Health. They needed a data loss prevention solution that would support HIPAA compliance. Nightfall Enterprise DLP for Slack was the right fit.

Company growth meant new HIPAA compliance challenges


Mark Magpayo leads information security at Signify Health (photo courtesy of Mark Magpayo)

Mark Magpayo joined the Signify Health team after his company, Remedy Partners, merged with Signify. One of the first tasks in his new role was to find a solution that would help the newly merged companies resolve HIPAA compliance requirements when using Slack. The move to Slack for internal communications would make things easier for the Signify Health team, but the platform lacked the same security standards of other apps already in use for the organization.

“We needed a good way to address compliance and security concerns,” says Mark. “We saw that Nightfall was the best fit for our needs. Nightfall allows us to address our compliance and security requirements. Those two things go hand in hand for us.”

“The Nightfall team is very responsive. We hope to maintain that connection as we move forward with our relationship.”

Adapting quickly with Nightfall

Signify Health has to stick to very strict HIPAA compliance standards, which means every cloud platform they use has to be secure. Protected health information (PHI) must be kept safe during all cloud-based activities. Slack is just one SaaS app that is not HIPAA-compliant right out of the box, so without a DLP partner, Signify Health had no way to prevent data from leaking outside the organization after the company-wide Slack integration.

“Using a third-party vendor like Nightfall, who’s already gone through the trouble of doing this and has built specialization in this area, is extremely helpful,” says Mark. The savings in time, money, and resources are already making a difference for Signify Health. Everything is now more seamless for the company — which is huge as they ramp up after the merger.

“If we had to come up with our own solution using the Slack API, it would cost us a lot of time, money, and resources.”

Data protection plus great service

Mark and his team can rely on Nightfall’s fast and responsive service to communicate when needed. Nightfall gives him peace of mind on two fronts: taking care of the day-to-day DLP tasks through automated alerts right in the Slack platform, and personalized service for when the human touch is required.

Now that Signify Health has Nightfall to cover their DLP needs, Mark and his team are working on ways to use Nightfall to its fullest potential within their security organization. “Going into the second half of 2020, the primary focus of the business is operationalizing the product further,” he says. As Signify Health grows, they can rest easy knowing business-critical PHI is safe within Slack.

“These four simple yet powerful Nightfall features are really what make the product useful for us: the ability to take actions, notify users, delete or quarantine files, and acknowledge messages.”

If you’re interested in learning more about Nightfall for Slack, you can view our Guide to DLP on Slack or schedule a brief demo with our team below.

Share this post: