Case Study

Seamless Cloud Migration under HIPAA Compliance

Tech stack: AWS Cloud, RDS DB, Route53, Disck EBS, EFS, DR Disaster, Jenkins, Gitlab, Splunk, Linux, FTPS, Docker, JBoss

Introduction to the Company

For this case study, it is important to mention that we will not be identifying the company by name due to the sensitivity of the data we had to deal with while working on this project.

Our client primarily dealt with tracking the health and fitness injuries of a considerable number of people in North America: athletes, sports teams, universities, etc.

Challenge

The system primarily collected information for an individual from different sources such as MRIs, CT scans, doctors’ examination reports, conclusions, etc. As a result of the sensitive nature of the data we were handling, compliance with HIPAA protocols was necessary at every stage. Since this particular system is integrated with other systems at various points discretion and delicateness were required.

Initially, this whole system was located and running on the client company’s internal servers. However, our team needed to develop new features with the servers initially hosting the system due to some arising needs.

As a result, we were tasked with migrating the entire system to the cloud. Of course, data migration in itself requires expertise and care, but that was even more so with this system, given the huge amount of data and its delicateness.

To complete this project, it was also necessary that we work with two separate teams. Ensuring communication and seamless collaboration during the process was something we had to take responsibility for to guarantee successful completion.

“At the end of the day, what we delivered was 100% HIPAA-compliant Cloud migration and optimization that drastically increased our client’s cost savings.”

Grigory Shoichate, CTO, DevCube

Solution Delivered

First of all, we opted for AWS as a perfect solution for the client since it is sufficient, secure, and compliant with all HIPAA requirements.

Other solutions we provided:

We used Amazon’s Relational Database Service to support the smooth deployment of the system across different time zones and a three-tier application to be provided on different virtual private clouds.

We also built-in application instances for different geo zones to provide support in cases of necessary disaster recovery triggered by a system failure. However, we also used EBS and EFS to manage block storage volumes and network storage for the regular functioning of the system.

To develop, we used Jenkins and Git for the whole process. Even our clone environments were HIPAA-compliant here. We took appropriate security measures to ensure no clone ever left the production VPC boundary.

To consistently monitor the system and, thus, reduce downtime, we set up a monitoring system to monitor all relevant metrics, centralized log collection in Splunk, and set up a failure and auto restart mechanism.

We continue to provide round-the-clock client support to address any issues that might come up.

Finally, we completed successful migration to Kubernetes infrastructure.

Result

After successfully migrating the system from the on-premises servers to AWS Cloud, the teams that required the use of the server could do the work they wanted. However, the system being on the cloud also meant it was more optimized after we worked on it.

This allowed our clients to save costs when maintaining the system since they now required fewer people to manage the infrastructure.

What we delivered at the end of the day was 100% HIPAA-compliant, but it also allowed the team to easily clone production environments to carry out tests all within the system. These clone environments can be easily destroyed but allow the team to contain and manage any internal problems.