Securing Sensitive Data with Rollbar

How Everplans uses Rollbar to ensure HIPAA compliance

Challenge

Founded in 2012, Everplans is a fast-growing startup that provides an easy online planning tool to store personal information such as wills, funeral wishes, financial and medical data in a secure vault, turning end-of-life planning into a painless endeavor.

As a software company serving the highly regulated healthcare industry, Everplans must comply with standards such as Health Insurance Portability and Accountability Act (HIPAA) to ensure the privacy and security of personal and medical information of their customers. Everplans knows that every record represents a real person who is at risk of harm if their private data is leaked or stolen.

“End-of-life planning is vital to all of us as we reach the most delicate stage of life. We realize that our customers are trusting us with the most important information and documents they own, which is why protecting their personal information is a top priority for us,” said Warren Habib, CTO.

He continued, “As an agile team that handles sensitive data, we not only need an error monitoring tool that fits into our continuous deployment and development process, but we must make sure that we protect our client’s sensitive data while meeting HIPAA compliance”.

Prior to Rollbar, Everplans used a non-compliant error monitoring SaaS. They had to spend engineering resources to develop, maintain, and run restrictive data filtering capabilities to prevent sensitive data like PHI from being sent to the tool. However, the risk of sensitive data leakage remained, and as the vendor invariably made changes to their tool, that risk only increased over time.

The alternative was to self-host an error monitoring solution on-premise, but that would have meant the team must spend the time to deal with the implementation, infrastructure, ongoing operation and maintenance of such tool – precious time they could be spending building new features for the business instead.

As an agile team that handles sensitive data, we not only need an error monitoring tool that fits into our continuous deployment and development process, but we must make sure that we protect our client’s sensitive data while meeting HIPAA compliance. Warren Habib - CTO of Everplans

Solution

Rollbar Compliant SaaS is an edition of Rollbar designed to enable rapid software development and continuous delivery, without leaving gaps that may expose companies like Everplans to security and legal risks.

Compliant SaaS extends Rollbar’s error monitoring capabilities to include data security and compliance with features, such as encryption at rest at the application-level.

Because Rollbar is fully compliant with HIPAA, Everplans can be sure that even in cases where sensitive data is sent to Rollbar, the data is handled in a secure and compliant manner.

This is backed by a Business Associate Agreement (BAA) that Rollbar signed with Everplans as a Compliant SaaS customer.

“The fact that Rollbar is willing to sign a Business Associate Agreement for its SaaS platform is very important to us. We know now that if any PHI leaks into the Rollbar system, it will be handled properly”, said Warren.

Additionally, all Rollbar customer data is stored at facilities that meet the stringent SOC 2 Type 2 compliance standard.

Everplans uses Ruby for the backend and JavaScript for the front-end of their technology, while utilizing Aptible, an application deployment platform built on top of AWS to streamline HIPAA compliance. Rollbar Compliant SaaS is tightly integrated into the workflow, and notifications of errors from Rollbar are sent via multiple channels, including Slack and email.

Results

When Rollbar Compliant SaaS identifies an issue, Everplans diagnoses it and proactively notifies clients, sometimes even providing step-by-step guidance on how to fix the issue before the client knows it exists.

For an engineering team responsible for both developing the application and supporting it, this is significant.

Warren said, “Rollbar stays on top of issues within our application by identifying and diagnosing errors before our customers even realize that something is wrong.

It allows us to provide a better customer experience, catching issues before they could potentially fail in a much bigger way.”

“We looked for a SaaS solution that we can trust to safeguard our client's’ sensitive data while providing powerful real-time error monitoring, and Rollbar Compliant SaaS helps us do just that.”

  • Industry

    Healthcare

  • Employees

    25+

  • Developers
    using Rollbar

    10+

  • Projects
    on Rollbar

    2+


Using Rollbar to monitor:

Ruby, JavaScript

Integrates Rollbar with:

Slack


Highlights

  • Prior to using Rollbar's compliance solutions, Everplans had to deal with sensitive data leaking to a legacy error monitoring tool
  • Rollbar signed a Business Associate Agreement (BAA) with Everplans, ensuring HIPAA compliance

More Customer Stories

"There are so many emotional pains that developers and operators have from these kinds of hideous errors that they’ve shipped. What if you could make that go away?"

Read their story

"Rollbar allows us to go from alerting to impact analysis and resolution in a matter of minutes. Without it we would be flying blind."

Read their story

"Rollbar is an essential part of our release process, helping us make sure that the code and the new features we’re shipping are as high quality as possible."

Read their story

Want to learn more about how Rollbar can help your team?

Give us a few details and we'll get in touch!