With a world that's increasingly connected through healthcare apps, the need for safeguarding patient data and navigating complex Health Insurance Portability and Accountability Act (HIPAA) compliance regulations have become more important than ever.
Our client, a global medical device company, provides products that help restore patients' health and mobility. Healthcare professionals (HCPs) can sift through the company’s offerings, selecting options based on patient needs and characteristics such as product features, technology, and more.
To best serve their global HCP community, the company has built many apps and portals often managed by different internal teams. There are patient-facing apps that have been developed as well. Adding to that complexity, each team uses different methods for developing and hosting these apps. The absence of unified standards heightens the likelihood of security risks, compromised patient data, and possible legal and financial consequences.
CHALLENGES
- More than 40 digital initiatives
- Navigating regulatory and privacy complexity
- Serving over 52 global markets
- Over eight cloud development partners
- A clear vision for solution, but differing approaches
- Inconsistent products driven by third-party vendors
- Security is not always a built-in feature
PROJECT GOALS
The client needed a partner to achieve three goals: design a HIPAA-compliant architecture, shift their digital infrastructure to one cloud provider, and ensure their apps were securely and consistently supported.
THE TEAM
Since the project required a novel approach for developing and deploying new apps to their customers, SoftServe relied on their strong team of senior DevOps architects and a project manager to coordinate everything. Our client had teams for delivery management, security, maintenance, and specific apps.
Everyone understood that updating the platform to meet the project’s goals would be time-consuming, especially since transitioning just one app took several months. With over 40 apps in the mix, it was important to plan carefully for a smooth transition.
THE PROJECT
The client chose AWS Cloud as their primary hosting provider for apps handling PHI data. SoftServe designed a HIPAA-compliant infrastructure from scratch, following AWS best practices and an infrastructure-as-code approach, as well as a well-prepared AWS Landing Zone. Hosting on AWS required an added layer because of the sensitive patient data and HIPAA rules. SoftServe created a DevOps approach for apps that were part of their digital healthcare platform, thus standardizing and automating the onboarding process for new healthcare apps. This approach guaranteed the highest levels of product quality, security, and compliance with HIPAA requirements.
The team collaborated on a pilot project to introduce a new application into the digital healthcare platform, currently hosted on AWS. They established a comprehensive deployment pipeline for the newly developed healthcare application.
This cloud-native solution, designed as a microservice, takes advantage of the benefits of public clouds, particularly AWS-managed services. The deployment on AWS ensures quality, maintainability, security, and scalability.
To adhere to the highest security standards, they rolled out robust encryption measures for data protection.
- All data was encrypted in-transit and at-rest, employing end-to-end encryption with Transport Layer Security (TLS).
- Customer-managed CMKs were used, allowing the creation, ownership, and direct management of encryption keys by users in their own AWS accounts. This approach provides users with full control over their cryptographic operations.
- Sensitive parameters were securely encrypted and managed as secrets through AWS Secrets Manager.
To address key compliance requirements, the team ran a series of security and HIPAA compliance audits.
RESULTS
HIPAA compliance: Using AWS infrastructure and managed services, SoftServe improved their existing digital health platform to be more robust, secure, and scalable as well as thoroughly HIPAA-compliant. The team ensured the customer's existing apps were improved with features, such as hardened security, logging capabilities, including detailed admin audit logs, workload monitoring, and performance optimization.
Quality checks: With the proper continuous integration/continuous deployment (CI/CD) system, our client can now include security and code quality checks before launching their new apps onto their digital health platform. This standardizes and speeds up app development and decreases time-to-market for new features and services.
Standardized processes: A git operations (GitOps) approach for CI/CD makes the process more stable, reliable, consistent, and standardized. It also ensures stronger security.
Focused on simplicity: The whole environment is stored as code and deployment procedures are well-documented and validated. Infrastructure as code (IaC) configuration, delivery pipelines, and the platform itself adhered to the principles of DRY (don’t repeat yourself) and KISS (keep it simple, stupid).
Knowledge transfer: The project went beyond technology, fostering a culture of knowledge sharing. Procedures were put into place to ensure that the knowledge and skills needed to work with the digital healthcare platform were transferred to other teams. SoftServe created a foundation for both existing and new teams to easily develop new healthcare apps on this platform.
BENEFITS
The new cloud-based digital health platform streamlined development and deployment, enhanced security, improved customer experience, and provided a foundation for future scalability and innovation.
- The onboarding cost for a new application decreased by 9% through process standardization, simplification, and shortening.
- The average time-to-market for a new application was reduced by six weeks.
- The overall cost of product maintenance and support decreased by 12% due to reduced workforce demand.
THE POWER OF PARTNERSHIPS
When taking on big projects, many healthcare and life science clients look for an experienced partner with a proven track record. For over 30 years, we've helped clients build transformative patient experiences, unlock data value, and accelerate business outcomes across the healthcare continuum. We help companies harness the power of technology to improve their business operations and tackle the biggest healthcare challenges.
SoftServe helps healthcare and life science organizations implement new technologies, like AI/ML and Gen AI and AI-supported platforms, to solve today's complex business challenges.