Case Study – ReadySet Migration to AWS Cloud
Build and Operate HIPAA compliant platform for surgical vendor inventory system
Case Study – ReadySet Migration to AWS Cloud
Build and Operate HIPAA compliant platform for surgical vendor inventory system
Profile
ReadySet Surgical offers a cloud-based Software-as-a-Service platform for effective coordination of surgical vendor inventory. Easy to install and intuitive to use. The software simplifies the vendor inventory process, connecting all members of the surgical team through comprehensive, real-time communications.
Designed to improve surgical workflow, ReadySet Surgical’s software closes the communication gaps that have traditionally existed between hospitals and medical device reps. The Software-as-a-Service platform, which is easy to install and integrate, makes it easier for the hospital to get proactive about Vendor Inventory Management. ReadySet Surgical’s SaaS solution is a HIPAA compliant and EMR compatible mobile and web application.
Challenge
ReadySet Surgical used a hosting services provider to develop the SaaS application. However, in order to launch the application to production, ReadySet required to adhere to HIPAA regulations. Some of the initial challenges for ReadySet were:
The hosting service provider’s shared server model did not meet HIPAA Security Rule requirements
The hosting provider did not sign BAA
Scale server & storage resources involved time consuming ticket based request & approval process
Lack of in-house skills and experience implementing and operating HIPAA policies and governance
In-house engineers & developers who were not familiar with cloud technology and services
There were no in-house skills and experience managing and operating production environment
In order to build and manage a secure and scalable production environment that meets HIPAA requirements , ReadySet reached out to Dinoct, an AWS consulting partner with extensive experience in designing, migrating and managing cloud infrastructure for healthcare applications.
Solution
After a detailed review of ReadySet Surgical’s business requirements, use cases, application architecture, technology stack, scalability and capacity needs, Dinoct proposed it’s CloudRegulated™ solution. CloudRegulated™ is a customized hosted and fully managed HIPAA compliant platform built on AWS with security and HIPAA compliance best practices.
The solution is designed as a high-available multi-tier architecture that included dedicated AWS account, AWS HIPAA eligible services and resources, peered production and management VPCs, segregated subnets for web, API and Data layers, and autoscale capabilities. CloudRegulated also has load balanced web & API components with Multi-AZ RDS ensuring high availability and fault tolerance for their application and database, encrypted volumes and S3 storage for data security at rest, SSL/SSH/VPN based access for data security in transit, multi-layered IAM groups and STS token-based user access. CloudTrail and CloudWatch enabled audit logging and alerting.
Other technologies and tools are used for security, automation and operations. Entire infrastructure creation, provisioning and changes are done using Terraform. Ansible, the leading open source software automates software provisioning, configuration management, and application deployment.
Throughout the designing and building of this environment, security and reliability were given the top priority. All connections are made over TLS/SSL authentication and data encryption protocols, configured on all individual services. Data storage like EBS, S3 are all encrypted. User access is controlled and restricted using Role-Based Access Control (RBAC). EC2 instances are hardened using CIS benchmark controls. Additionally, host-based intrusion detection agents are installed on all individual servers integrated with the OSSEC server. The management stack include a malware detection engine, OpenVAS vulnerability scanner and centralized log analytics and incident dashboard using Elasticsearch-Fluentd-Kibana (EFK).
By choosing AWS cloud to build the CloudRegulated™ healthcare platform, Dinoct helped ReadySet Surgical begin their cloud adoption on a solid foundation – secure, reliable and could easily scale up or down based on business demands.
Benefits
ReadySet Surgical successfully deployed their SaaS application on the fully managed, secure and scalable CloudRegulated™ platform. Some of the key benefits are:
Secure platform that meet HIPAA regulatory requirements
High Available workload with fail-over and durability
Elasticity to scale up or down based on business demands
Fully hosted and managed services with SLA
Security services for incident/vulnerability detection, mitigation, risk assessments, compliance governance
DevOps services to automate provisioning, deployments, technology adoptions and enhancements
Moving to AWS cloud and Dinoct’s managed cloud services helped ReadySet Surgical meet the compliance requirement with a scalable platform ready for their future needs. This allowed ReadySet to focus on what matters the most – improving the product for their users, rather than spending lots of time managing servers and the environment.
Testimonials
“Readyset Surgical’s SaaS platform caters to hospitals and healthcare systems. So the technology infrastructure, application and the processes need to meet HIPAA regulatory requirements. As a startup, we also needed the flexibility to scale and incorporate changes as business demands easily and at reasonable cost. Dinoct’s fully hosted and managed CloudRegulated™ solution was the right fit for our scenario.”
CEO
Readyset Surgical
“The customized, secure and scalable architecture, automated provisioning & configuration of CloudRegulated™ solution and the dedication & commitment of Dinoct’s engineers were the key factors in migrating & launching our production workload within a short period. Our continued partnership with Dinoct, really help us focus on building our product and not worry about operating and managing servers, storage, security and compliance needs”
CEO
Readyset Surgical