For Enclara Pharmacia, the nation’s leading pharmacy services provider and PBM for the hospice and palliative care community, —data security is not just a priority, it's a core responsibility. As Mark Robinson, Senior Director at Enclara Pharmacia, articulates , "We're dealing with people's lives at a really important time in their life."
This commitment to protecting sensitive patient data is at the heart of Enclara Pharmacia's mission: to provide secure and reliable medication management while maintaining the highest ethical and compliance standards. But this presented a challenge. The company’s leaders knew that Enclara Pharmacia needed to find a way to bolster the existing security of its Salesforce environment to meet stringent regulatory compliance standards, including HIPAA and DEA, and assure patients that this sensitive information was properly protected.
Enclara’s challenges and choices
Enclara Pharmacia's need for a robust security solution wasn't just theoretical; it was deeply rooted in real-world experience.
Mounting security concerns
Adding to the urgency were the ever-growing concerns over data breaches and hacking attempts across the healthcare industry. Robinson recalls being instructed directly by Enclara's executive team to prevent such an event: "We don't want that to happen in our environment. How can we make sure that our Salesforce environment cannot be hacked?"
The directive was clear: implement robust security measures that met and exceeded industry standards, leaving no room for vulnerabilities. They needed "not double, but triple security."
Compliance requirements
In addition to business continuity and patient trust, Enclara Pharmacia also had to prioritize regulatory compliance. HIPAA, DEA regulations, and various state laws created a web of requirements around patient data security.
The company needed a solution that wouldn't just protect their data but could also provide auditable proof of compliance to regulators. Meeting these requirements often meant diverting valuable time and resources to generate reports for InfoSec and Compliance teams—a frustrating and time-consuming process. “Every time they come back, whether it’s this certification or that certification, or if a pen test is being done, I have to provide the information,” says Robinson.
The search for a trusted solution
Enclara Pharmacia knew they needed to look beyond Salesforce's native offerings for a comprehensive data security and compliance solution.
Salesforce's out-of-the-box limitations
With mounting security and compliance requirements, Enclara Pharmacia faced the shortcomings of Salesforce's native security tools. These options lacked the level of granularity, and control that Enclara Pharmacia now knew they required, creating a significant Salesforce Infosec gap. For example, integrating their Salesforce system with external applications heightened their concerns.
"We're not going to do any integrations with our Salesforce, with other applications until we have something securing Salesforce," states Watson. The search was on for a solution that could bridge the gap and provide the peace of mind they needed.
Important search criteria
Watson took the lead in assessing a better solution for Enclara Pharmacia. Throughout his search, he kept in mind the superior customer service and comprehensive protection that he and his team have with Own Recover, which was implemented in 2020. He dove deep into the market, carefully evaluating different platforms and vendors, with a clear set of criteria in mind.
- Comprehensive security posture analysis: A deep understanding of Enclara Pharmacia's existing vulnerabilities within Salesforce.
- Ease of use: The ability of the team to manage and maintain the solution with less time and resources, enabling them to spend more of their time on projects directly driving Enclara’s business..
- Comprehensive reporting: Automated reports that could satisfy both internal needs and the stringent documentation demands of regulatory bodies.
In addition, Enclara Pharmacia was looking for a partner, not just a vendor, who understood the sensitive nature of their work and operated with the same level of diligence and ethical responsibility.
Choosing Own
After a thorough evaluation process, Enclara Pharmacia chose Own as their data security and compliance partner. Own Secure checked all the boxes for Enclara Pharmacia.
- Security: Own offered efficient and effective data classification, encryption management, granular access controls, and risk prioritization, as well as ongoing observability and resilience, ensuring that sensitive patient data was protected from unauthorized access. This addressed the company's critical need to meet and exceed industry security standards.
- Compliance: The platform's automated audit reporting and documentation features streamlined the process of demonstrating compliance to regulatory bodies. No more scrambling for screenshots or manually compiling data logs—Own provided the evidence they needed at their fingertips.
Shared values and white-glove service
Beyond the technical capabilities, Enclara Pharmacia was impressed with Own's understanding of its unique needs within the healthcare industry. "When we are looking at solutions, we're looking for security, reliability, but we're also looking for a team and vendors that understand what we do," emphasizes Robinson.
To establish a strong partner relationship, Own took the time to understand Enclara Pharmacia's mission and tailor their approach accordingly. This commitment was evident from the very beginning. "They [Own] gave us that white-glove service, walked us through it, made sure that we were getting what we needed from a compliance, regulatory, and security aspect," shares Robinson.
The shared commitment to security, diligence, and ethical responsibility made Own the clear choice for Enclara Pharmacia.
Favorite Own features
Own's customers benefit from a range of powerful features, that significantly cut costs and speed up identifying what data is highest risk, assessing how well sensitive data is protected, who has access to it, and computing risk scoring to help prioritize what to fix first. For Enclara Pharmacia, certain features became indispensable in their daily operations.
✅ Conducting a Salesforce Risk Assessment with Own
When customers start using Secure, Own onboarding includes an expert-guided risk assessment to help them perform data classification, identify and address security gaps, safeguard data, and optimize their Salesforce security strategy for maximum efficiency and compliance. Before conducting the risk assessment, Enclara lacked a clear risk-prioritized understanding of their Salesforce security posture. This gap left them uncertain about potential vulnerabilities, what to fix first, and the overall effectiveness of their security measures. The risk assessment was instrumental in providing them with that crucial insight into risk-prioritized vulnerabilities and what to fix first, significantly boosting their confidence in their security framework, particularly with Own Secure.
“Throughout the multi-week evaluation process, Own played a pivotal role, guiding us step-by-step as we meticulously examined our organization’s Salesforce setup. This thorough approach helped us identify specific areas that required attention and provided a structured way to enhance our security posture.”
One of the key takeaways from the assessment was that Secure delivers comprehensive capabilities right out of the box, which initially can be overwhelming. The Secure onboarding risk assessment not only demystified these capabilities but also enabled Enclara to focus on the most critical elements relevant to their needs. It served as a roadmap, directing them on how to effectively configure Secure to align with their organizational goals.
“I strongly recommend that every organization invest the time and resources to undergo a similar [risk] assessment with Own.”
Initially, Enclara adopted a “set it and forget it” mindset, allowing their security settings to simmer without regular review. However, they now realize the importance of actively and continually evaluating Secure’s security insights.
“This proactive approach is essential for keeping our organization’s security measures robust and up-to-date, ensuring that we stay ahead of potential threats and vulnerabilities. By regularly reassessing our security posture, we can maintain a tight ship and foster a culture of vigilance around our data security.”
This proactive approach keeps Enclara audit ready all the time.
✅ Risk scoring and security posture analysis
"At some point, we decided to go through and re-evaluate what our scoring was," says Watson of the platform's risk-scoring feature. This analysis helped the company proactively prioritize and mitigate vulnerabilities within their Salesforce org.
Watson and his team scrutinized each component of the scoring system to tailor it to fit their specific risk operating context and understand how changes in permissions and data classifications could impact their overall security posture. "It takes a little bit of work to understand how the scoring works and the effect of the changes you make," he explains. But the work paid off. Enclara Pharmacia boosted their security score by an impressive 25%.
✅ Minimum access permissions
Controlling data access is fundamental to security, and Own made it easy for Enclara Pharmacia to adopt a "minimum access necessary" approach, more commonly referred to as “following the principle of least privilege.” "Our InfoSec team wants evidence that we are meeting or exceeding the standards," and Own gave them that evidence, explains Watson, "They don’t really question us too much because we initially provided them with the evidence they needed."
✅ Streamlined reporting
Before Own, responding to InfoSec requests for documentation to support audit and compliance requirements were often a time-consuming, manual effort which often required InfoSec asking for such documentation. Own Secure automated reports eliminated this time consuming back & forth.
With Own, those days are gone. The automated reporting feature streamlines the process of generating the detailed documentation required by regulatory bodies and gives InfoSec what they need in terminology they understand, without requiring them to be Salesforce experts, saving Enclara Pharmacia time and effort.
“The time saved with these capabilities directly translates into increased return on investment (ROI) of the full time employees (FTEs) responsible for developing Salesforce applications to benefit the business. In short, we can spend more time supporting business applications and managing projects that have a more direct benefit to Enclara's operations/business, increasing productivity as it relates to the bottom line. This is huge for us.”
✅ Field usage insights
One often overlooked aspect of data security is minimizing the amount of sensitive information stored in the first place. Own's field usage insights gave Enclara Pharmacia the ability to identify and remove unused data fields within Salesforce. By removing extraneous data, they reduced their attack surface and streamlined their data management practices.
Enhanced security, simplified compliance, and a true partnership
What has Enclara Pharmacia's experience been since implementing Own?
Own has empowered Enclara Pharmacia to go beyond simply checking compliance boxes. The platform's risk-scoring capabilities and detailed security insights have fostered a culture of proactive security awareness. As Watson notes, Own Secure has "helped me mature in my thoughts about our security."
The combination of powerful features, a deep understanding of the healthcare landscape, and a commitment to customer success has made Own more than just a vendor—they have become a trusted partner for Enclara Pharmacia. With Own by their side, Enclara Pharmacia can focus on what matters most: providing exceptional care to their patients while knowing their sensitive data is secure.
