Using AWS to Create a Modern Healthcare Architecture

Author: David Pratt

Cloud platforms enable modern businesses to embrace agility and innovate. They allow businesses to experiment; quickly try out new ideas; and scale rapidly when an idea takes off.  Just as importantly, their usage-based payment model makes it easy to decommission the ones that don’t work.  Try new things, see what works, and fail fast: the mantra of agile businesses.

In the past, compliance and privacy issues slowed innovation in the healthcare industry. That is changing. Offerings from all of the large cloud vendors now support HIPAA (Health Insurance Portability and Accountability Act) and even HITRUST (Health Information Trust Alliance Common Security Framework), thus allowing companies to quickly assemble secure solutions from off-the-shelf components. It is easier than ever to build secure, compliant cloud applications that protect sensitive personal health information.

Security and compliance are built into all of the major cloud platforms, allowing secure, scalable, and manageable products to be built on Microsoft’s Azure, Google Cloud Platform (GCP), Amazon Web Services (AWS), and many of the other cloud platforms.  Additionally, with interoperability between the platforms increasing, a best-of-breed approach leveraging components from two or more platforms is possible. However, for this article we are focused on our recent experience using AWS for a healthcare startup.

Sample Architecture

Security, scalability, and manageability are critical to building a modern application. The following architecture leverages AWS components that incorporate all three attributes. It reflects RevGen’s experience building solutions for clients across a variety of industries, with a focus on technologies that are HIPAA- compliant.

Data Storage

Data storage is at the core of most products and AWS offers quite a few ways of persisting data needed by an application.  We’ve found these solutions work well and are HIPAA compliant:

• DynamoDB is a fully managed NoSQL database, with the ability to use key-value stores, document stores like JSON, and graph databases. While it is not HITRUST-certifiable, it is HIPAA-eligible. DynamoDB requires very little overhead and is extremely easy to use, especially with other AWS services.
• Relational Database Services (RDS) is a fully managed service that provides on-demand scalable, highly available relational database engines. RDS makes it easy to provision data stores to provide multi-tenant databases and master data. In addition, RDS has several database engine options, including AuroraDB, MySQL, PostgreSQL, Oracle, and MS SQL Server.
• Elasticache for Redis is in-memory data storage for scaling web applications. It offers two flavors of in-memory data storage. In just one example, we have used Redis to store notifications while the user is off-line, so they are not lost. When the user returns to the system, the missed notifications are presented from Redis.

[Read More: Our healthcare client needed a flexible and secure solution to their data needs. But which cloud architecture was right for them?]

Serverless Integration

Serverless solutions free organizations and engineers from managing servers and frameworks and simplify compliance.

• API Gateway is used to publish, maintain, and monitor API written on AWS Lambda. With API Gateway, transmitting PHI (Protected Health Information) to and from web servers is secure and encrypted.
• Lambda is a serverless architecture used to run code without provisioning or managing servers. It allows digital solution engineers to quickly ship applications in a variety of languages including Node, .Net, Java, Python and more, without provisioning virtual machines and installing runtimes. Lambda also ensures PHI remains secure by using encrypted protocols such as HTTPS and by providing authentication and authorization support to the API Gateway itself.
• Amazon MQ is a managed message queue broker for Apache ActiveMQ. Message queues enable applications to communicate asynchronously. Each system, regardless of platform or programing language, can integrate via a message queue in a broker. Amazon MQ allows easy configuration to provision Apache ActiveMQ on AWS.

Infrastructure Deployment and Monitoring

Managing solutions and data is every bit as critical to compliance as having secure technology building blocks.  AWS offers a suite of solutions manage the deployment of components and monitor data access and usage.

• CloudWatch is a monitoring and observability service used to set alarms, trigger action, discover insight, troubleshoot issues. CloudWatch is primarily used to monitor operational logs from various services running within this architecture.
• Terraform is an open-source infrastructure as a code (IaC) tool used to deploy the solution infrastructure safely and repetitively across multiple environments.
• Elastic Kubernetes Service (EKS) is a fully managed Kubernetes service available on AWS that allows users to deploy, manage, and scale containerized applications.

Digital Solution and Data Engineering on the Cloud

Determining where and how to build applications can be challenging, especially when managing compliance with new and existing regulations. You need compliant technologies, well-designed architecture, and cloud technology aligned with your business objectives. When you pull this all together, the possibilities for innovation are endless.

Noah Benedict leads RevGen’s Digital Enablement Practice.

David Pratt is a Senior Architect at RevGen Partners.