Cloud Compliance for Healthcare Start-Up

Healthcare Startup Seeks a HIPAA-Compliant IT Environment on AWS

With stringent regulations governing its industry, a US-based healthcare startup needed assistance in architecting a HIPAA-compliant IT infrastructure environment. Alongside HIPAA compliance, the startup needed a better way to protect sensitive personal health information (PHI) after experiencing problems with its previous systems.

What Was the Healthcare Startup Looking to Achieve?

The healthcare startup wanted the AWS cloud platform to host and orchestrate its digital services. This infrastructure needed to support full audit trails, HIPAA regulatory frameworks, resolve security holes from the previous architecture with PHI, and be executed in a cost-sensitive manner.

Challenges for the Healthcare Startup on the AWS Cloud

These sweeping changes would help the healthcare startup adhere to HIPAA regulations, avoiding fines and reputational damage. Audit trails would provide clear breadcrumbs for changes on the network, improving accountability and awareness of infrastructure activities. Finally, protecting PHI with more stringent security measures would mitigate any potential data breaches in the future.

Trianz began by assessing the current state of the client’s architecture. Here, our experts could identify misconfigured modules, insecure security rules, and fast-track the digital transformation process for the startup by recommending AWS services.

Technology Components Used by the Healthcare Startup on AWS

After consultation, the healthcare startup had a new IT infrastructure environment on AWS consisting of the following technology components:

• Amazon Relational Database System (RDBS) for encrypted structured database storage to improve PHI data management and subsequent security procedures

• AWS CloudTrail for cloud audit trail monitoring using application programming interface (API) logs, with a goal of improving accountability and root cause identification

• Amazon Virtual Private Cloud Security Groups were used to shape and monitor network traffic using internet protocol (IP) whitelisting rules, which was necessary to ingest wearable and health device data using encryption

• Secure Socket Layer (SSL) Certificates were used to implement hypertext transfer protocol secure (HTTPS) rather than the non-secure HTTP, again bolstering cybersecurity and PHI protection for HIPAA compliance

How the Trianz Approach Upgraded the Healthcare Startup’s IT Infrastructure

The Trianz experts devised a comprehensive roadmap for this digital transformation project. The healthcare startup’s existing services and data were backed up before being migrated to the new infrastructure environment. This helped to prevent service outages and subsequent customer dissatisfaction during the migration process.

Existing PHI and pharmaceutical data were imported to the new Amazon RDS system, enabling cloud database storage and the associated accessibility and cost-saving improvements. Trianz also developed an ingestion system for wearables and personal health monitoring devices, taking Real-World Data (RWD) direct from the source to the database with full encryption.

Trianz also created an interface for medical practitioners to upload patient data on a day-by-day basis.

Finally, analytics and reporting were implemented using dedicated compute resources on AWS as the system went fully live.

The Transformational Effect and Impacts

After this digital transformation, the healthcare startup had greater control over its PHI data in Amazon RDS. Additional security with user accounts and overarching data governance policies on AWS helped streamline governance and regulatory workflows.

Full audit trails increased accountability and assisted with the root cause remediation of problems. Overall, the result was a faster and more secure healthcare PHI data storage solution for the healthcare startup, enabling greater integration and access across digital services used by the business. This greatly improved business agility and enabled new innovative digital-first health initiatives.