Case Study: Capital Rx achieves HIPAA-compliant PHI protection in Slack with Nightfall DLP

Compliance & securing PHI is easy for Capital Rx with Nightfall DLP

Capital Rx, a healthcare technology platform that provides pharmacy benefit management solutions, needed to protect electronic protected health information (e-PHI) in cloud apps like Slack while staying compliant with HIPAA, SOC 2, and URAC requirements. With hundreds of users sharing sensitive data in Slack, the team needed a way to gain better oversight without slowing down employee workflows.

Nightfall DLP was implemented as a cloud-native, API-driven data loss prevention solution for Slack. Nightfall helped Capital Rx automatically scan and alert on sensitive data, redact PHI in messages, and prevent exposure in public channels while still allowing approved sharing in sanctioned spaces. The result was stronger compliance, better visibility into Slack activity, less manual monitoring for the security team, and reduced risk of costly HIPAA violations that can run to thousands of dollars per affected member record.

Capital Rx

Ryan Kelly

CTO & Co-Founder