Nira lets IT leader meet SOC and HIPAA compliance needs with confidence

For one healthcare software company, Nira is the ideal solution to meet compliance requirements, gain control, and reduce overall risk.

  • Location: United States
  • Industry: Healthcare Technology
  • Company Size: Enterprise (>200 employees)

Keeping customer data secure is an integral part of information security. Here’s how one healthcare software company uses Nira to bolster legal and compliance initiatives, gain visibility and control over unauthorized access, and reduce risk from personal email accounts. 

For Nick, the IT Manager of a healthcare tech company, protecting access to files in cloud collaboration tools like Google Drive is a top priority. Given the nature of its industry, it is crucial for the company to protect sensitive information, such as personal health information (PHI) and personally identifiable information (PII).

The company uses other tools, including data loss prevention solutions, to aid in document security, but was having difficulty sifting through time-consuming alerts. Many of the DLP tool’s warnings were not particularly useful, according to Nick.

“We do have DLP alerts,” Nick said. “But digging into them is cumbersome and takes a lot of time.”

The company needed a solution that was easy to use and fast to implement, which led them to seek out and purchase Nira. 

We wanted better insight into what risks we had. And once we had that data, be able to drill down and see what's shared. Nira made that very easy for us.
IT Manager - Healthcare Technology

According to Nick, Nira’s usability and quick time to implementation were wins for the company and allowed them to strengthen their robust security response. 

We were impressed with Nira’s ease of use, and that it does what it says it's going to do. The fact that we were able to stand this up and get running within the first week was exceptional.
IT Manager - Healthcare Technology

Stay compliant and pass audits with ease

Nira helps with legal and compliance measures, bolstering company policies and aiding with audits

The company uses Nira for its legal and compliance needs; the tool aids with data retention, compliance efforts, and company policy creation and enforcement. 

For example, Nira helped clean up access to stale documents—files that hadn’t been modified in a certain period of time and were outdated. These types of documents are often concerning from both a legal and security perspective. 

“If somebody were to get into an account, and we still have these documents that we don’t need anymore, it’s an additional risk,” Nick said. “It makes sense to reduce that risk.”

With Nira, the company was able to remediate access issues on tens of thousands of stale documents at once. The process was smooth and took no time, according to Nick. 

“It was super simple for us,” he said. “I have that process running automatically now so we don’t have to mess with it.”

This helps keep the company in line with best practices for data retention and legal compliance. Nick and his team can ensure that stale data is taken care of, thereby reducing risk. 

The company has also created new policies because of its use of Nira. For example, the company now has a policy that says during the employee offboarding process, all access to documents should be restricted. When an employee leaves, the team is able to use Nira to close down open links and remove personal email accounts as well as any other external access. Nira enabled this policy to be created and enforced and is setting the team up to make key policy changes in the future. 

According to Nick, Nira has also been useful during audits, including a HITRUST audit as well as annual audits for SOC 2 and HIPAA compliance. 

Every year we go through SOC 2 and HIPAA audits. Nira allows us to show auditors that we are tracking document usage, what's shared, what's not shared, and really restricting files based on specific time periods.
IT Manager - Healthcare Technology

Go beyond DLP alerts to find the root cause of issues

Nira provides full visibility and control of risks while reducing administrative burden with automations

Being able to see who has access to what information was essential to protect sensitive files in Google Drive. However, Nick wanted help to get the complete visibility he needed to take meaningful action. 

With Nira, the team could gain visibility into who had access to every single document, folder, and shared drive, and then remediate risks in a few moments. 

Finding the time to dig into DLP alerts was difficult, whereas Nira presents everything right in front of you, and makes visibility and control a few clicks. That made the difference for us.
IT Manager - Healthcare Technology

The team has also been able to save time by receiving alerts right in Slack and automating the remediation of access issues. 

“We definitely take advantage of Nira’s Slack integration,” Nick said. “Being able to go into Slack and say, ‘remediate these issues’ was phenomenal.” 

The process became even smoother once the team set up and turned on automations in Nira, according to Nick. 

We have our weekly security check-ins, and Nira pops up and says it's doing its thing,” he said. “We don't have to mess with it, which lets us focus on other tasks.
IT Manager - Healthcare Technology

With Nira, the team can save time and stay confident that their sensitive data is protected and their security process is streamlined through automation. 

Eliminate risk from personal account access 

Nira helps clean up issues from personal email accounts

One major use case for the company was the ability to use Nira to clean up access from personal email accounts. Employees can accidentally create or share company documents with their personal email accounts, leading to unnecessary risks as these accounts do not usually have as many security protections as a corporate email account. 

Personal accounts are a problem because we lose control over them. Nira allows us to easily restrict any documents shared with personal accounts. Just a couple of clicks and it’s taken care of.
IT Manager - Healthcare Technology

Cleaning up personal account access to company documents is a problem that most companies face today, but few are able to get complete control of these files. 

By leveraging Nira’s capabilities to restrict personal account access, the team can ensure they are following best practices for data security while improving customer trust and confidence in their services.

Proactive protection for every organization

Nira helps organizations boost data protection, no matter the company size

The company uses Nira to implement robust security measures and adhere to stringent data protection regulations to prevent unauthorized access and theft of PII and PHI. 

By working with Nira, Nick and the team can protect company data to comply with regulatory requirements, maintain customer trust, and deliver high-quality care. According to Nick, Nira gives even the smallest IT teams the ability to save time and strengthen their data security posture. 

Nira is a tool with a lot of depth. It can be used by Enterprise organizations, but it can also be easily run by one person. The draw is it’s versatile and easy to use by any organization.
IT Manager - Healthcare Technology
Every company that uses Google Workspace should be using Nira.
Bryan Wise
Bryan Wise,
Former VP of IT at GitLab

Incredible companies use Nira