Implementing a HIPAA-compliant Infant Health Monitoring Solution for FirstDay Healthcare

About FirstDay Healthcare

FirstDay Healthcare is a solution created by neonatologists and paediatricians to monitor preterm infants at home. After their discharge from NICUs, infants are remotely monitored 24/7 by a dedicated neonatologist with convenient, hospital-grade monitors. Parents and care team members receive automated alerts via SMS based on predetermined vital sign parameters. 

The FirstDay Healthcare solution uses predictive analytics to create a composite risk score based on an infant’s vital parameters, changes to which help identify clinical deterioration. Such early diagnoses, while the infant is at home, can decrease infant mortality and morbidity as well as shorten the length of subsequent hospitalization. 

The solution includes a HIPAA-complaint app for parents, which tracks all relevant treatment information — diagnoses, medications, imaging results, and other health-related data — that can be shared with other providers, together with voice and video chat capabilities for remote consultations.

The Challenge

The provisions of the Health Insurance Portability and Accountability Act ( HIPAA) require that medical practitioners and their business associates (hospitals, insurance companies, testing centers, etc.) protect patients’ health information from unauthorized disclosure. Protected Health Information (PHI) includes medical histories, test and laboratory results, prescriptions, insurance and billing information, and other healthcare related data. 

  • Given FirstDay Healthcare’s critical role in facilitating post-NICU neonatal care, protecting PHI from involuntary access is essential. 
  • They also need to ensure that access and exchange of PHI between parents and their neonatal care providers using the app did not violate the security and privacy provisions of HIPAA. 
  • The foundation for all this is a secure, scalable, and resilient cloud infrastructure.

The Ibexlabs Solution

HIPAA compliance is not a mandate for the use of specific technologies, but a set of requirements to ensure that the solution provides technical safeguards for PHI.

By leveraging our extensive experience with AWS services and tools, we were able to create a secure and scalable solution for FirstDay Healthcare, and ensure that it complies with the HIPAA guidelines. These include ensuring private communications with data integrity, access control, and securing data at rest and in transit. 

To create a HIPAA-compliant, cloud-based solution with protected PHI, the Ibexlabs solution uses several Amazon Web Services, working in tandem.

AWS Services used:

  • AWS CloudWatch: Audit, monitor, and troubleshoot all FirstDay Healthcare applications
  • AWS CloudTrail: Track user activity and API usage (i.e., who did what, when)
  • AWS Simple Storage Service (S3): Store the logs as event trails, and makes them available for viewing, download, analysis and remedial actions should unusual activities be detected.
  • Amazon GuardDuty: For proactive threat detection, and to monitor the AWS CloudTrail and DNS logs of Firstday Healthcare’s entire deployment for unusual network and account activities.
  • AWS Event Bridge: Capture in real-time additional events such as operational or access control permission changes. 
  • AWS Config: To monitor and record the configurations of all AWS resources used in the solution, with any unexpected changes promptly detected. 
  • AWS Identity and Access Management (IAM): To authenticate and control access to resources. 
  • AWS Security Hub: To manage the security posture and detect any deviation from AWS security best practices, verify compliance, aggregate alerts, and automate remediation.

Results

With this solution, FirstDay Healthcare now has a fully secure and scalable solution, which is audit-ready and fulfils all the requirements specified by HIPAA.

From the Customer

"As I looked to bring my home monitoring and management platform to market I knew that creating a HIPPA compliant architecture was a must have in order to partner and work with health systems and payer groups. Ibex labs was able to both quickly and efficiently bring my system architecture to where it needed to be in order to continue with my company's growth. I would highly recommend them and look forward to continue working with them to further scale and secure my DevSecOps needs."

Ross Summers, MD - Co-Founder

Download
Talk to an Ibexlabs Cloud Advisor