CASE STUDY : PRODUCT, PLATFORM & APPLICATION DEVELOPMENT

Control Group designs a HIPAA compliant cloud migration for Pronia Medical Systems' GlucoCare System.

RELATED TECHNOLOGIES INCLUDE:

---

Control Group Solution

Many fast-growing healthcare companies are ideal candidates for migrating all or part of their systems to Amazon Web Services (AWS).  However, a favorable cloud migration return on investment based on existing technical and operational factors alone is insufficient when HIPAA compliance is required.   These companies have additional obligations to maintain data privacy and security, and their existing HIPAA compliance processes need to be evaluated along with any technical re-engineering for an AWS-based system.  What should a company to do to ensure HIPAA compliance in the cloud if they are new to the platform and lack the in-house resources to manage such a migration?

Control Group partners with companies such as these in a Business Associate role under HIPAA rules. Through this partnership Control Group provides cloud architecture and migration services, contracting under a Business Associate Agreement (BAA).  The BAA and Control Group’s services ensure that the AWS solution will be HIPAA compliant, and provides the client company with the requisite documentation and procedures to demonstrate adherence to HIPAA rules.

A recent example of this partnership is Pronia Medical Systems.  Pronia’s dependence on physical infrastructure resulted in long lead times for onboarding new customers. The company wanted to leverage AWS to gain speed, as well as cost savings, but needed a BAA partner to ensure that its HIPAA compliance would be maintained going into the cloud.  Control Group worked with Pronia under a BAA contract to provide the solution.

Pronia Medical Systems is the creator of GlucoCare, an innovative insulin dosing calculation system used by hospitals to manage glucose delivery.  The system facilitates comprehensive patient glycemic management and is increasingly being adopted by hospital networks to allow for enterprise-wide patient care.  Pronia was interested in leveraging a cloud-based architecture to facilitate faster, easier, and more cost-effective implementations, as well as an option for a robust long- term growth platform for a diverse hospital customer base.

Pronia contracted with Control Group, an Amazon partner with extensive AWS design and implementation expertise, to architect the solution.  Control Group's approach is to design AWS-based solutions that allow companies to manage their infrastructure in the same manner they manage application code, employing automation to manage versioning and facilitate provisioning of on- demand virtual infrastructure.  This improves efficiency and quality control, and maximizes the deployment speed and cost benefits of the AWS platform.

Control Group’s approach streamlines machine upgrades and maintenance. With traditional infrastructure, machines are precious resources that must be maintained over time. Control Group’s methodology assigns shorter lifecycles to virtual machines, terminating them when upgrades are required. New instance replacements are automatically configured using the latest patches and software, and data is maintained in an autonomous, replicated database that can be accessed by any instance.  Machines are managed alongside the application codebase within a source code management system, facilitating deployment as a fully tested hardware and software configuration.  This assures uniformity of environments from development and QA through production, and minimizes the need for administrator intervention.

Control Group undertook an analysis of the GlucoCare system, a proprietary software application suite that is typically deployed within a hospital's own IT infrastructure.   New hospital customers run a Pronia-hosted production implementation of the system before adoption facility- or enterprise-wide.   Key among Pronia's concerns in moving to cloud infrastructure were several objectives:

• HIPAA Compliance: Adherence to all privacy and security requirements of HIPAA was crucial; potentially internal Pronia administrative processes as well as patient data storage and transmission approaches would be impacted.
• Rapid Initial Deployment:  Significantly reducing existing long deployment times for customer onboarding was essential.
• Configuration and Scaling:  Automation to support system configuration and scaling was highly desirable to improve over existing manual practices.
• Application Monitoring and Uptime:  Automated 24x7 monitoring and support for clinical uptime requirements were critical.

Control Group's custom solution for Pronia meets all of these requirements, taking full advantage of a number of AWS services:

1. The automation software creates new GlucoCare installations in EC2, configuring the servers, database, load balancer and monitoring for each hospital.
2. Hospitals may have custom configurations for software versions or application features.
3. Amazon Machine Images and snapshots of the GlucoCare software and configuration are kept in AWS. The automation system combines these with hospital-specific configurations to create controlled environments in the cloud.
4. GlucoCare installations are completely isolated from each other.
5. The database is deployed in RDS, which automatically handles backups and replication to create a highly available system.
6. The GlucoCare EC2 instances are in an autoscaling group behind an Elastic Load Balancer. If a problem arises with an instance or there is increased load on an installation, new instances will be brought online automatically, minimizing outages.
7. Amazon CloudWatch monitors all systems and components, generating alerts and reports.

Control Group's solution comprised a suite of services for Pronia:

• HIPAA Audit - Control Group performed a technical review of Pronia's operations and the GlucoCare application, and provided detailed guidance on facets that would need modification for delivering a compliant cloud-hosted solution.  In addition to the implementation specifications, supporting documentation was created for Pronia's use in future HIPAA and FDA technical reviews.
• Architecture Design - the AWS architecture fully supports the technical, regulatory, and business requirements for Pronia:
• RDS - The Relational Database Service allows Pronia to rapidly deploy a database for a new customer, creating a consistent environment where backups and replication are handled automatically.
• EC2 - Glucocare servers are provisioned in Amazon’s Elastic Compute Cloud. Pronia uses on-demand instances to create servers that run the application instantly.
• Auto Scaling - Leveraging AWS Auto Scaling and configuration automation, the solution is designed to be self-healing and respond to outages instantly, without manual intervention.
• CloudWatch - Monitoring and alerting are essential for a critical healthcare system like Glucocare. Amazon’s Cloudwatch service is enabled for all components and is used to provide usage trends, automatically resolve problems, and send notifications of issues instantaneously.
• Configuration and IT Management Automation - Control Group created highly data-driven automation to deploy and manage machine lifecycles, code versioning, and testing.

Pronia now has a highly scalable, stable, HIPAA-compliant AWS-based production footprint from which to launch hospital implementations.  The solution enables Pronia to rapidly deploy new systems for customers, providing a high degree of control over security, role, and user management in full compliance with HIPAA.  Amazon's pricing, scalability, and reliability provide an ideal platform for Pronia's rapidly growing business.