Skip to main content

Stack: Healthcare provider

Okta disaster recovery for healthcare providers

A healthcare provider's identity stack governs access to the EHR, the imaging system, the lab informatics platform, and every BAA-covered vendor. When Okta is the front door, the Okta-side configuration is the same patient-care risk as those downstream systems. A bad policy push at shift change is a HIPAA incident in progress.

Butterfly captures point-in-time, encrypted snapshots of every Okta resource that governs clinician access. Restore preview shows the impact on EHR and PACS access before any change is committed. The Audit Pack PDF is HIPAA-filterable and includes a SHA-256 manifest for chain-of-custody.

Book a 30-min demo with MickStart the free trial

What you get

How Butterfly fits Healthcare provider

HIPAA-filterable Audit Pack PDF

Pick the HIPAA framework filter and the Audit Pack surfaces only the HIPAA-mapped sections — 164.308(a)(1) (security management process), 164.308(a)(7) (contingency plan), 164.312(a)(1) (access control).

Restore preview before any clinician-impacting change

Restore preview is non-mutating. The output shows exactly which clinician populations would be touched before any change goes live.

BAA-covered vendor app assignments are versioned

Every BAA-covered vendor app integration is part of every snapshot. If a directory cleanup removes an app assignment, restore preview surfaces the change and the population affected.

What goes wrong

Three incidents you have already seen variations of

Authentication policy change locks clinicians out at shift change

A well-intentioned tightening of step-up MFA requirements applied broadly to all clinician groups. Bedside staff could not refresh sessions during shift change. Restore preview surfaces the policy diff.

BAA-covered transcription vendor de-provisioned by mistake

A scheduled cleanup removed an app assignment for a covered third-party transcription vendor. PHI sync failed silently. Restore preview restores the assignment.

Group rule deletion breaks SCIM to PACS

The SCIM-feeding group rule for the radiology PACS system was deleted during a directory cleanup. New radiologists could not log in. Restore preview restores the rule.

Honest scope

What Butterfly captures — and what it does not

In scope

Every Okta resource governing clinician access, BAA-covered vendor app assignments, and SCIM provisioning rules to clinical systems: users, groups, group rules, applications, sign-on policies, authentication policies, identity providers, network zones, and Workflows automations.

Out of scope

We do not back up the EHR, the PACS, the lab informatics platform, or any downstream clinical system data. Butterfly snapshots the Okta configuration only — PHI never passes through Butterfly.

Plans

Free, Standard, or Business

Free

$0 / forever

  • 1 Okta connection
  • 7-day retention
  • 1 total backup
  • No credit card

Standard

$1 / user / month — $99 minimum

  • 2 Okta connections
  • 90-day retention
  • Restore preview + dry-run
  • Audit Pack PDF (framework-filterable)

Business

$2 / user / month — $299 minimum

  • Unlimited Okta connections
  • Unlimited retention
  • Continuity (warm standby)
  • Priority restore support

Pricing reference: /upgrade. Provider coverage today: Okta, Okta Workflows, Auth0.

Regulatory shape

Compliance and audit angle

HIPAA Administrative Safeguards 164.308(a)(1) and (a)(7), Technical Safeguards 164.312(a)(1), HITECH, 21 CFR Part 11 (for clinical-trial-adjacent systems), and increasingly state laws (CMIA, NY SHIELD) all expect documented safeguards around the identity layer that protects PHI.

Butterfly's own SOC 2 Type II work is in progress; current status lives in the Trust Center.

Frequently asked

FAQ

Does Butterfly access PHI?

No. Butterfly snapshots the Okta configuration — users, groups, policies, app assignments — not the underlying applications or any PHI they store. Configuration data is encrypted at rest in the customer's designated Cloudflare R2 region.

Will you sign a BAA?

Yes. Contact us via butterflysecurity.org/contact and we will route to the right person.

How does Butterfly map to HIPAA technical safeguards?

The Audit Pack PDF is HIPAA-filterable. It maps backup posture, restore readiness, and change history to 164.308(a)(1) (security management process), 164.308(a)(7) (contingency plan), and 164.312(a)(1) (access control).

Recover your Okta org in minutes, not hours

Talk to Mick (the founder) for a 30-minute demo, or start the free trial. No credit card for the free tier.

Book a 30-min demo with MickStart the free trial

More stacks

Okta DR for other stacks

AWS infrastructureDatabricksSnowflakeSalesforceHubSpotMicrosoft 365Google WorkspaceGitHub EnterpriseSlackJira SoftwareNotionZoomDatadog1Password BusinessGitHub + Okta SSOAWS IAM Identity CenterSalesforce + Okta SSOAtlassian stackFinancial services

Trust posture, subprocessors, and security details: Trust Center.