
How a Fortune 50 Health Insurer Manages Hundreds of Incidents Every Quarter
Challenge
A Fortune 50 insurance company with millions of members and a strong culture of compliance was struggling to ensure that its employees were complying with the privacy regulations that protect sensitive customer data.
Solutions
The company selected RadarFirst. The intelligent solution was quick, easy to use, and had a “look and feel” the privacy team liked. RadarFirst had HIPAA and state laws built-in, plus it enabled the team to do on-the-spot incident assessments. It was the only solution that could meet all of the company’s specific immediate and long-term needs.
Triple Play: How RadarFirst Saves Time, Improves Efficiency, and Cuts Costs

The company’s risk assessments used to be, as one privacy official put it, “painfully slow.” The team would have to access multiple shared drives to get answers and then consolidate documentation. With RadarFirst, the privacy team no longer spends time and money monitoring and analyzing breach laws. RadarFirst automatically does the assessment, and consolidates and updates all the federal regulations and state laws.
RadarFirst is a huge time saver…All the federal regulations and state laws are in one place and kept up-to-date. In the past, our incident risk assessments were painfully slow.
– Privacy Executive
RadarFirst has streamlined the overall incident response process for the company. As soon as an incident is discovered, it is entered right into RadarFirst. The privacy team also uses RadarFirst as a tracking system, in which team members can attach e-mails and documents relating to a particular incident. Overall, the software has significantly reduced input hours, provided more accurate incident data and helped automate incident risk assessments so the team can make consistent decisions.
RadarFirst Provides Actionable Insights
RadarFirst allows the privacy team to evaluate incidents with the same risk factors every time. This consistency—along with RadarFirst’s reporting capability—provides insight into the actual volume and types of incidents that occur. This insight is possible because the privacy team can use RadarFirst to analyze the incident workload and increase its capacity to respond to those incidents. Using RadarFirst has been an eye opener for the company, given the greater visibility into the number of incidents by department location and corporate entity.
Redesigning Incident Management to Reduce Enterprise Risk
The company is retooling its incident escalation and management process to streamline its response to security as well as privacy incidents. To accomplish this, the RadarFirst team is building functionality that enables integration of RadarFirst with the insurer’s GRC system, which the audit and security teams use. Now privacy and security will be able to report incidents and collaborate so the company can more completely identify and analyze incident trends and root causes—and thus reduce risks to sensitive customer data across the enterprise.
A Successful Collaboration Between Company and Vendor
The company has said that working with RadarFirst is “like a dream,” and appreciates how the RadarFirst team willingly collaborates on workflow design changes, as well as new features and modules. The company also appreciates that these changes happen quickly. As one privacy official said, “I can’t say enough good things. We like that you take our ideas into consideration and respond so quickly.”