HIPAA Compliant Private Cloud Delivers Life-Saving Assistance

National Health IT Week 2014, which is this week, celebrates the value of IT and its contribution to healthcare providers, associations and non-profit organizations, state and regional extension centers, corporations and colleges and universities across the nation. In honor of National Health IT Week, I thought I would share with you the story of one of our favorite clients, a not-for-profit health care client that plays a heroic role in helping hundreds of thousands of folks in need get critical medical care.  (I’d like to mention their name but they’re shy, like almost all of our security-conscious clients).

I love their story, because it shows how state-of-the-art cloud technology can help save the lives of so many needy kids, moms, dads, grandmas and grandpas, aunts, uncles, and…the list goes on.

Our client’s cornerstone program for uninsured patients was successful in generating more than a quarter billion dollars per year in free assistance, but it depended heavily upon ‘90s-era proprietary software, tediously slow manual workflows and a processing/approval process of up to seven days.  The costs of hosting the program on-premises in a HIPAA/HITECH compliant environment and training staff to patch and maintain it were becoming onerous.  Also, with no business continuity or disaster recovery plan in place, any program downtime could potentially render electronic folks’ Protected Health Information (ePHI) vulnerable and prevent these patients from receiving essential care.

The core IT issues that our client’s IT team faced were:

  • The high cost of running an internal HIPAA/HITECH compliant-data center
  • The hassle faced by IT staff in trying to keep up with changing HIPAA compliance rules
  • Fear that downtime and data loss during a disaster would cause irreparable damage and cost millions of dollars

Following a methodical evaluation of numerous top tier hosting providers, the client selected AISN as its hosting provider based on our:

  • Expertise in providing custom, fully HIPAA compliant private cloud hosting and services in a high availability environment
  • Attention to detail when engineering environments for complex applications
  • Deep experience providing disaster recovery and business continuity planning for HIPAA compliant organizations
  • Highly responsive approach to client service (e.g., the same experts who built the solution would be readily available to step in when help was needed)
  • Willingness to accommodate the client’s budget constraints and work toward a goal of slashing the program’s operational costs by 50 percent or more over the next five years
  • Proactivity in providing a risk assessment analysis and HIPAA Business Associate Agreement

Our solution included a modern, online portal engineered for efficiency, the AISN HIPAA Compliant Private Cloud (think very high security), secure online backup and disaster recovery, and AISN’s HIPAA auditing services.

Here’s what happened.  AISN and its longtime partner, a national technology consulting firm, teamed to develop a new, online portal (with automated workflows and complex, enhanced features) and deploy it in a fully HIPAA/HITECH-compliant, highly secure private cloud.  From the beginning, our extremely responsive team of hosting experts dedicated themselves to the project, seamlessly becoming an extension of the client’s own IT department.

Because the portal is complex and contains sensitive electronic Protected Health Information (ePHI), a sophisticated, custom environment was required.  Our solution is an entirely customized private cloud infrastructure employing multiple front end and database servers as well as encryption.  Not only is the custom cloud fast, but it also meets the client’s needs for high availability, security, disaster resilience and cost-effectiveness.  In the business continuity component, a solid cloud backup/disaster recovery plan is now in place.  We routinely back up the client’s hosted environment at the primary data center and then stores the replicated copy in another geographically distant data center.  In the highly-unlikely event of a natural or man-made disaster occurring at the primary data center, the portal would experience instant failover to the alternate data center, enabling portal service to continue with virtually no downtime.

The client’s solution is specifically engineered to:

  • Lower the total cost of ownership by more than 50 percent over five years
  • Simplify administration, resulting in 67 percent less time spent maintaining servers and conducting audits/ inventories
  • Pass 100 percent of HIPAA/HITECH compliance audits through enhanced security measures
  • Maintain high availability, 24/7/365
  • Reduce risk to business operations by offering a proven architecture and hosting environment that’s pre-validated for compliance, performance and reliability
  • Allow for fast, efficient processing of heavy workloads to improve productivity
  • Improve business agility through rapid, on-demand scaling and virtualization technologies that support reconfiguration (making it easy to adjust resource allocations to match workloads)
  • Protect ePHI via multiple levels of security
  • Provide secure online backup and rapid disaster recovery to prevent service interruptions

AISN also provided HIPAA auditing services, including:

  • A thorough security risk/ vulnerability assessment to help safeguard the portal and ePHI
  • Solution testing and optimization to lower risk and prevent implementation delays
  • Extensive post-deployment consulting on changing HIPAA compliance requirements
  • Ongoing HIPAA compliance expertise to mitigate future compliance risks

So what were the key results?  Most importantly, the new cloud-based portal helps more low income, chronically ill patients get the medical assistance they need to stay healthy.  From an operational standpoint, other key results include:

  • By deploying the program in a fully HIPAA/HITECH compliant cloud, we empowered the client to save time and money while vastly improving its level of service.
  • Our deployment stayed on time and within budget.  The portal deployed smoothly in under a week with no significant capital expenditure, enabling the client to meet the project’s go-live date and focus on the design and user experience rather than the management and compliance of the cloud infrastructure.
  • Optimizing the portal and private cloud for performance enhanced the end user experience significantly.  The former manual process, which used to take hours, is now easier and faster.  Rather than hours, processing a single patient case takes an average of only four minutes.  Furthermore, case approval times have been reduced from up to a week to less than four hours.
  • AISN’s private cloud solution enables the client’s business to stay up and running in the event of a disaster or other unplanned outage.
  • The client can rest assured that its hosted portal protects ePHI in full, allowing the client to focus on the administrative aspects of compliance and enabling low-income patients to receive life-saving care.

I’m glad that I could share that story, because at AISN, we like using our talent and expertise for good, especially when it helps people and communities to thrive.  If you’d like to hear about how we’re helping other clients, let me know.


Laurie Head is VP, Marketing/Communications for AIS Network.