Prior to using Rollbar's compliance solutions, Everplans had to deal with sensitive data leaking to a legacy error monitoring tool
Rollbar signed a Business Associate Agreement (BAA) with Everplans, ensuring HIPAA compliance
Founded in 2012, Everplans is a fast-growing startup that provides an easy online planning tool to store personal information such as wills, funeral wishes, financial and medical data in a secure vault, turning end-of-life planning into a painless endeavor.
As a software company serving the highly regulated healthcare industry, Everplans must comply with standards such as Health Insurance Portability and Accountability Act (HIPAA) to ensure the privacy and security of personal and medical information of their customers. Everplans knows that every record represents a real person who is at risk of harm if their private data is leaked or stolen.
“End-of-life planning is vital to all of us as we reach the most delicate stage of life. We realize that our customers are trusting us with the most important information and documents they own, which is why protecting their personal information is a top priority for us,” said Warren Habib, CTO.
He continued, “As an agile team that handles sensitive data, we not only need an error monitoring tool that fits into our continuous deployment and development process, but we must make sure that we protect our client’s sensitive data while meeting HIPAA compliance”.
Prior to Rollbar, Everplans used a non-compliant error monitoring SaaS. They had to spend engineering resources to develop, maintain, and run restrictive data filtering capabilities to prevent sensitive data like PHI from being sent to the tool. However, the risk of sensitive data leakage remained, and as the vendor invariably made changes to their tool, that risk only increased over time.
The alternative was to self-host an error monitoring solution on-premise, but that would have meant the team must spend the time to deal with the implementation, infrastructure, ongoing operation and maintenance of such tool – precious time they could be spending building new features for the business instead.
As an agile team that handles sensitive data, we not only need an error monitoring tool that fits into our continuous deployment and development process, but we must make sure that we protect our client’s sensitive data while meeting HIPAA compliance.Warren HabibCTO of Everplans
Rollbar Compliant SaaS is an edition of Rollbar designed to enable rapid software development and continuous delivery, without leaving gaps that may expose companies like Everplans to security and legal risks.
Compliant SaaS extends Rollbar’s error monitoring capabilities to include data security and compliance with features, such as encryption at rest at the application-level.
Because Rollbar is fully compliant with HIPAA, Everplans can be sure that even in cases where sensitive data is sent to Rollbar, the data is handled in a secure and compliant manner.
This is backed by a Business Associate Agreement (BAA) that Rollbar signed with Everplans as a Compliant SaaS customer.
“The fact that Rollbar is willing to sign a Business Associate Agreement for its SaaS platform is very important to us. We know now that if any PHI leaks into the Rollbar system, it will be handled properly”, said Warren.
Additionally, all Rollbar customer data is stored at facilities that meet the stringent SOC 2 Type 2 compliance standard.
When Rollbar Compliant SaaS identifies an issue, Everplans diagnoses it and proactively notifies clients, sometimes even providing step-by-step guidance on how to fix the issue before the client knows it exists.
For an engineering team responsible for both developing the application and supporting it, this is significant.
Warren said, “Rollbar stays on top of issues within our application by identifying and diagnosing errors before our customers even realize that something is wrong.
It allows us to provide a better customer experience, catching issues before they could potentially fail in a much bigger way.”
“We looked for a SaaS solution that we can trust to safeguard our client's’ sensitive data while providing powerful real-time error monitoring, and Rollbar Compliant SaaS helps us do just that.”