How a Fortune 50 Health Insurer Manages Hundreds of Incidents Every Quarter
Challenge
A Fortune 50 insurance company with millions of members and a strong culture of compliance was struggling to ensure that its employees were complying with the privacy regulations that protect sensitive customer data.
Solutions
The company selected Radar® Privacy. The intelligent solution was quick, easy to use, and had a “look and feel” the privacy team liked. Radar® Privacy had HIPAA and state laws built-in, plus it enabled the team to do on-the-spot incident assessments. It was the only solution that could meet all of the company’s specific immediate and long-term needs.
Triple Play: How Radar® Privacy Saves Time, Improves Efficiency, and Cuts Costs
The company’s risk assessments used to be, as one privacy official put it, “painfully slow.” The team would have to access multiple shared drives to get answers and then consolidate documentation. With Radar® Privacy, the privacy team no longer spends time and money monitoring and analyzing breach laws. Radar® Privacy automatically does the assessment, and consolidates and updates all the federal regulations and state laws.
Radar® Privacy is a huge time saver…All the federal regulations and state laws are in one place and kept up-to-date. In the past, our incident risk assessments were painfully slow.
– Privacy Executive
Radar® Privacy has streamlined the overall incident response process for the company. As soon as an incident is discovered, it is entered right into Radar® Privacy. The privacy team also uses Radar® Privacy as a tracking system, in which team members can attach e-mails and documents relating to a particular incident. Overall, the software has significantly reduced input hours, provided more accurate incident data and helped automate incident risk assessments so the team can make consistent decisions.
Radar® Privacy Provides Actionable Insights
Radar® Privacy allows the privacy team to evaluate incidents with the same risk factors every time. This consistency—along with Radar® Privacy’s reporting capability—provides insight into the actual volume and types of incidents that occur. This insight is possible because the privacy team can use Radar® Privacy to analyze the incident workload and increase its capacity to respond to those incidents. Using Radar® Privacy has been an eye opener for the company, given the greater visibility into the number of incidents by department location and corporate entity.
Redesigning Incident Management to Reduce Enterprise Risk
The company is retooling its incident escalation and management process to streamline its response to security as well as privacy incidents. To accomplish this, the RadarFirst team is building functionality that enables integration of Radar® Privacy with the insurer’s GRC system, which the audit and security teams use. Now privacy and security will be able to report incidents and collaborate so the company can more completely identify and analyze incident trends and root causes—and thus reduce risks to sensitive customer data across the enterprise.
A Successful Collaboration Between Company and Vendor
The company has said that working with RadarFirst is “like a dream,” and appreciates how the RadarFirst team willingly collaborates on workflow design changes, as well as new features and modules. The company also appreciates that these changes happen quickly. As one privacy official said, “I can’t say enough good things. We like that you take our ideas into consideration and respond so quickly.”