Building a Well-Architected HIPAA-Compliant Architecture for Spire Health

About Spire Health

Spire Health specializes in continuous respiration sensing and high-adherence, patient-friendly ambulatory monitoring. Its mission is to harness the power of algorithms and sensors to improve health outcomes by empowering patients and physicians with useful and actionable data. Currently, they work with partners across a range of health conditions, including chronic obstructive pulmonary disease (COPD), congestive heart failure, asthma, sleep disorders, and anxiety.

The Challenge

Spire needed comprehensive and continuous compliance across all its cloud environments to be fully compliant with HIPAA regulations, which involves setting up a documented process for monitoring, maintenance, patching, and encryption. 

Ibexlabs was there to help the company work through the technical portion of the HIPAA Risk Assessment and establish best practice protocols for protecting electronic data.

The Ibexlabs Solution

Ibexlabs set up a secure environment for Spire Health to maintain least privileges based on user roles and responsibilities, and automate infrastructure provisioning.

Advanced AWS security services were implemented to ensure the highest level of security and compliance. 

AWS Services used: 

  • AWS NIST Accelerator: To ensure a segregated network segregation while setting up VPCs.
  • RBAC: To adhere to principles of least privilege, while ensuring a secure and accessible production environment. 
  • AWS Transfer Family: A fully managed AWS service to transfer files into and out of Amazon Simple Storage Service (Amazon S3) storage over the SFTP protocol with user authentication. 

Third Party Services used:

DataDog, Terraform, DashSDK, Okta, OpsGenie, CrowdStrike, Ermetic, CloudFlare

Results

  • SpireHealth is able to meet the HIPAA compliance requirements proactively and cost-effectively. 
  • With weekly support and performance optimization from AWS Trusted Advisor, Ibexlabs is able to address the evolving cost optimization, reliability, and scalability needs of Spire Health. 
  • With a cloud environment that is fault-tolerant and scalable, Spire Health has been able to streamline policy management, billing & rating, and claims. 

From the Customer

"We’re now operating as a HIPAA compliant business, and Ibexlabs is providing ongoing support to ensure that we remain compliant. We’ve successfully completed several audits and assessments."

Ben Yule, CTO

Download
Talk to an Ibexlabs Cloud Advisor