Building a HIPAA-Compliant Infrastructure for the HeyDoctor SaaS Application

About HeyDoctor

HeyDoctor, a GoodRx company, is a medical app designed by telemedicine platform Sappira Inc., a San Francisco-based firm that allows its doctors to prescribe low-cost treatment via texts in minutes.

The Challenge

The HeyDoctor app focuses on delivering direct-to-consumer primary and urgent care through its telemedicine platform. In November 2017, the business secured enterprise deals to launch its electronic medical record platform under Software-as-a-Service (SaaS) agreements. The growth in health IT infrastructure, system, and support requirements—compounded by tight budgets—necessitates the need for scalable cloud infrastructure which is secure and above all cost effective for healthcare entities such as HeyDoctor. The cloud can greatly benefit such companies, by improving agility, providing secure data storage, and delivering reliable backup capabilities, but HIPAA compliance remains a top priority.

The Ibexlabs Solution

By leveraging many of the platform’s healthcare compliant services, Ibexlabs supported HeyDoctor by building a secure AWS application environment that can help the company deliver state-of-the-art care to its patients while improving their security and compliance posture too. HIPAA compliance for SaaS means adhering to the administrative, technical, and physical safeguards of the HIPAA Security Rule. AWS provides many powerful analytical capabilities that lower the cost of using data science to help patients and customers, all while meeting the HIPAA Security Rule requirements necessary for handling personal health information (PHI). The combination of these factors made AWS an ideal match for HeyDoctor. To achieve this solution, Ibexlabs leveraged Terraform, an industry standard cloud orchestration tool, to safely create, update and maintain HeyDoctor’s infrastructure in AWS. As such, Ibexlabs were able to build secure and reliable architecture for the business with ease through automation.

Results

Through the app, and thanks to compliant infrastructure, HeyDoctor is able to provide immediate access to treatment for many individuals as well as deliver healthcare to those who struggle to find reliable, in-person care. The app can make a huge difference for patients living in remote locations and others who are underserved by the current healthcare infrastructure.

  • Cost reduction thanks to AWS’ pay-per-use resource model: HeyDoctor can reduce the cost of IT infrastructure investments and on-going maintenance expenditures by paying only for the services actually used.
  • Reduced implementation risks: Cloud computing allows for rapid deployment as there is no need to purchase hardware, licenses and software.
  • Increased flexibility: AWS provides more flexibility in terms of response and speed for the app’s doctors to access information at any time, and from anywhere.
  • The company can focus on core values: With secure and reliable infrastructure, the business can focus on patient care as the technology is maintained in accordance with best practices. 
  • Improved storage capabilities, network agility, and application scalability: AWS dynamically scales resources up and down as required meaning HeyDoctor don’t pay for any wastage.
Contact us for a demo

From the Customer

"From navigating the complexities of AWS to dealing with the constantly shifting requirements of an early stage startup, Ibexlabs handled all this gracefully. Their deep experience in security and compliance has allowed our company to scale quickly and effortlessly while maintaining our rigid security posture. Ibexlabs really feels like a natural extension of our own team—we highly recommend them!"

Kyle Alwyn, CTO

Download
Talk to an Ibexlabs Cloud Advisor