HIPAA-compliant mobile communications vendor migrates to AWS for a Heroku alternative

Building a Scalable, Healthcare Compliant InfrastructureHipaaChat gains a self-healing cloud infrastructure for high availability

Profile

Tapestry Telemed is the creator of HipaaChat, a mobile application for smartphones and tablets that provides HIPAA-compliant mobile communications. HipaaChat enables healthcare workers to send texts, view images, perform video calls, or engage in “walkie-talkie” type discussions while maintaining strict HIPAA and HITECH compliance.

Challenges

HippaChat’s current platform, Heroku, could not scale or meet HIPAA-compliance.

Heroku’s low-maintenance, self- healing environment needed to be replicated in a bare-metal AWS set up they could control themselves.

There was no desire to hire staff to “babysit” the system.

The ability to rapidly scale to meet customer demand and take advantage of new opportunities was a requirement.

HipaaChat needed the assurance of best practices that come with experienced cloud infrastructure experts.

Tapestry Telemed, the creator of HipaaChat, initially chose the Heroku cloud infrastructure Platform-as-a- Service. Like many startups, Tapestry was interested in using Heroku’s entry- level DevOps, as well as the test and application development starter kits, to quickly get up and running. Heroku’s easy-to-use, built-in features, and managed environment, meant the company didn’t need to spend staff time managing the infrastructure.

As the company approached an inflection point where customer demand for HipaaChat was expected to increase dramatically, Tapestry realized it needed more scalability and guaranteed server uptime. It also had HIPAA-compliance requirements that could not be met with Heroku.

HipaaChat is expected to be processing hundreds of thousands of users in the near term. The app could scale up to millions, if it is successful. They were not confident they could achieve this scalability on the Heroku platform.

Tapestry selected Flux7 because of the firm’s status as an AWS Advanced Tier partner, its certified AWS consultants, and demonstrated deep knowledge of DevOps.

A High Bar for Automation
Tapestry had not yet committed staff resources to its Heroku environment, and didn’t want to start doing so when they moved to Amazon Web Services. The company was seeking an environment that provided automatic healing, automatic load balancing and auto scaling, just like it had using Heroku. But one they could control directly.

The company realized it could only gain those capabilities by managing the infrastructure itself in a bare-metal AWS implementation. To replicate the benefits of using Heroku, it needed AWS-specific knowledge and a
strong understanding of DevOps.

“DevOps is complicated. It requires someone who understands servers, coding and how to deploy applications,” Habash said. “DevOps isn’t like buying a CD from Staples and installing it on your laptop. It requires delicate configuration. Our customers are counting on us for HipaaChat to be up, running and secure when they need it. Leaving our infrastructure to chance is not an option. This is an example of the saying: ‘If you think pro is expensive, wait until you hire an amateur.’”

Security Demands

Flux7 established a secure, HIPAA-compliant system that could scale to meet demand and provide the to flexibility and control Tapestry needed to remain agile and meet new business opportunities.

Security risks presented by third-party vendors has become a hot issue in healthcare and among PCI-compliant industries after a number of high-level breaches. Hospital and healthcare centers insist that HipaaChat achieve a high bar for security and put the application through a stringent review before committing to any purchase. The system has passed with flying colors.

Automated Infrastructure

Flux7 automated the VPCs, subnets, routing tables and associations using AWS CloudFormation templates. AWS CloudFormation simplifies provisioning and management on AWS. Templates can be created for the service or application architectures (stacks) desired, ensuring quick and reliable provisioning of the services, or applications. HipaaChat infrastructure can now be easily updated or replicated by Tapestry as stacks are needed.

Amazon ElastiCache, a web service, was used to make it easy to deploy, operate and scale in-memory caches. The service improves the performance of web applications by allowing the retrieval of information from fast, managed, in-memory caches, instead of relying entirely on slower disk-based databases.

OpenVPN Access Server is a full-featured SSL VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC and Linux OS environments. OpenVPN Access Server supports a wide range of configurations, including secure and granular remote access to internal network and/or private cloud network resources and applications with fine-grained access control.

Instances that are launched into a private subnet in a virtual private cloud (VPC) can’t communicate with the Internet. A network address translation (NAT) instance can also be used in a public subnet in a VPC. This enables instances in the private subnet to initiate outbound traffic to the Internet. However, it prevents the instances from receiving inbound traffic initiated elsewhere on the Internet.

Amazon Relational Database Service (Amazon RDS) was also used. RDS is a web service that makes it easy to set up, operate and scale a relational database in the cloud. It provides cost- efficient and resizable capacity, while managing time-consuming database management tasks, freeing up staff to focus on applications and business.

A Heroku Alternative, with Control

HipaaChat’s founder has now been able to quickly capitalize on emerging opportunities by providing a solid, easy- to-use solution to a common challenge in the medical industry. HipaaChat’s large potential market means the company has vast potential, and a great need to scale and deliver high-quality service.

Habash considers Tapestry’s investment in Flux7’s certified AWS architects to build a robust, secure system to be a sound one. Already, the new architecture has helped Tapestry to meet customer needs and secure new business. The company believes the system will pay off not only short-term benefits of rapid advancement and security, but also long- term by supporting its ability to deliver good service to customers while avoiding the need for a system “babysitter.”

Knowing that he wanted to recreate the benefits of Heroku without the limitations, Habash’s challenge to Flux7’s team ultimately produced the unique environment his business needed. And one that could be sustained by Tapestry on their own as it grows.

*Tapestry Telemed was acquired by Everbridge in 2014

“It was obvious that Flux7 understood AWS well, and not only its breadth, but its depth,” said Salim Habash, founder and CEO of Tapestry Telemed. “We could also tell the company was committed to service excellence. When you’re putting a systemup where customers expect 100 percent uptime, you need people who will ensure the system will come through in the clutch. We hired Flux7 because we were convinced they could put up system as reliable and effective at self-healing as Heroku."