Building a HIPAA-Compliant Infrastructure for the HeyDoctor SaaS Application
HeyDoctor, a GoodRx company, is a medical app designed by telemedicine platform Sappira Inc., a San Francisco-based firm that allows its doctors to prescribe low-cost treatment via texts in minutes.
The HeyDoctor app focuses on delivering direct-to-consumer primary and urgent care through its telemedicine platform. In November 2017, the business secured enterprise deals to launch its electronic medical record platform under Software-as-a-Service (SaaS) agreements. The growth in health IT infrastructure, system, and support requirements—compounded by tight budgets—necessitates the need for scalable cloud infrastructure which is secure and above all cost effective for healthcare entities such as HeyDoctor. The cloud can greatly benefit such companies, by improving agility, providing secure data storage, and delivering reliable backup capabilities, but HIPAA compliance remains a top priority.
By leveraging many of the platform’s healthcare compliant services, Ibexlabs supported HeyDoctor by building a secure AWS application environment that can help the company deliver state-of-the-art care to its patients while improving their security and compliance posture too. HIPAA compliance for SaaS means adhering to the administrative, technical, and physical safeguards of the HIPAA Security Rule. AWS provides many powerful analytical capabilities that lower the cost of using data science to help patients and customers, all while meeting the HIPAA Security Rule requirements necessary for handling personal health information (PHI). The combination of these factors made AWS an ideal match for HeyDoctor. To achieve this solution, Ibexlabs leveraged Terraform, an industry standard cloud orchestration tool, to safely create, update and maintain HeyDoctor’s infrastructure in AWS. As such, Ibexlabs were able to build secure and reliable architecture for the business with ease through automation.
Through the app, and thanks to compliant infrastructure, HeyDoctor is able to provide immediate access to treatment for many individuals as well as deliver healthcare to those who struggle to find reliable, in-person care. The app can make a huge difference for patients living in remote locations and others who are underserved by the current healthcare infrastructure.
"From navigating the complexities of AWS to dealing with the constantly shifting requirements of an early stage startup, Ibexlabs handled all this gracefully. Their deep experience in security and compliance has allowed our company to scale quickly and effortlessly while maintaining our rigid security posture. Ibexlabs really feels like a natural extension of our own team—we highly recommend them!"