-
Client
American-based interdisciplinary rehabilitation institution.
-
Business Challenge
The post-acute care center had a limited view of security posture, complex HIPAA interpretations, and scattered data protection across departments. While old systems and manual processes hindered attack response, shadow AI capabilities brought unmonitored risk. Especially in distant care, ensuring suitable data access required a scalable solution fit with contemporary compliance and risk structures.
-
Solution
Jelvix designed a custom, real-time data risk assessment and Shadow AI control system, tailored to the rehabilitation environment.
The system offers continuous visibility into data flows. Using Zero Trust principles, the solution requires verification at every access point. It also guarantees regulatory consistency and technical accuracy in conformity with HIPAA compliance and the NIST Cybersecurity Framework.
- Location
- USA
- INDUSTRY
- Healthcare
- SERVICES
- Enterprise Software Development
- TECHNOLOGIES
- Symfony 3.4, AWS (EC2, RDS, ECR, EKS, SQS, SNS), MySQL, MongoDB, React, TypeScript, Docker, Kubernetes, OAuth 2.0, TLS/SSL, RBAC, Microsoft Defender for Endpoint, Netskope, Zscaler, Python, TensorFlow, Apache Kafka, Grafana, Tableau API, OneDrive API, Salesforce API, Apptoto API, Formsite API.
Product Overview
Client’s goals
The rehabilitation center sought to prevent data leakage across fragmented systems while aligning operations with HIPAA and NIST Cybersecurity Framework standards. Leadership aimed to replace reactive, manual processes with a real-time, full-stack risk assessment approach. Beyond compliance, they needed granular control over AI usage within clinical and administrative units, ensuring emerging tools could be governed without disrupting workflows.

Implementation
The engagement started with a thorough research phase, mapping the security architecture, data flows, and current compliance enforcement gaps at the center. Jelvix examined system integrations—including EHRs, departmental reporting systems, and external platforms—through an end-to-end audit to find process dependencies and risk propagation points.
A real-time risk assessment engine was developed during the core development phase. It is connected to a single dashboard shared across compliance and IT departments with current systems to monitor protected health information (PHI) traffic, identify anomalies, and surface actionable alerts.
Jelvix used endpoint-level integrations to track illegal AI tool use to handle Shadow AI concerns. Zero Trust principles let the system provide context-aware departmental verification. Importantly, policy updates were applied dynamically without interrupting critical care operations.
Value Delivered
Value Delivered
- The solution enabled the center to achieve full HIPAA compliance and NIST CSF.
- Changing to a proactive, real-time risk posture greatly reduced legal exposure.
- Thanks to full-stack visibility, IT teams responded to events 25% faster.
- Shadow AI use was identified, classified, and controlled, free from any restrictions on valid production tools.
- While becoming ready for future audits, accreditations, and long-term digital scaling in a complicated regulatory environment, the center also developed the operational maturity to facilitate secure remote access and cross-departmental collaboration.

Project Results
The center accelerated decision-making by a real-time visibility layer that eliminated analysis bottlenecks. Through active policy shifts and auditable control enforcement, IT teams kept perfect alignment with revised HIPAA compliance and NIST standards. The software also lets IT teams find anomalies in both encrypted and unencrypted network data, closing important visibility gaps and allowing faster, more accurate incident response.