Building a HIPAA-compliant Cloud Environment for 1Team, Inc.

About 1Team, Inc.

1Team, Inc. streamlines the pre-op, surgery and post-op processes through an easy-to-use app for hospitals across the United States. This includes a step-by-step breakdown of surgery milestones, the ability to track the performance of every member of the surgical team, and real-time notifications for both the patient and the medical professionals. 1Team's business model is built around providing their application to hospitals in the US. For example, Georgia's Northside Hospital uses 1Team's application to streamline surgical processes.

The Challenge

Healthcare professionals provide the best care when they are well-informed on every aspect of their patient’s medical status. 1Team’s service is invaluable in ensuring this information is shared with the medical professionals who need it. Yet this information, if compromised, can cause catastrophic personal and professional problems to patients and doctors. No solution can be implemented without first adhering to the strictest security guidelines.

Ibexlabs were engaged to set up an AWS environment which would be:

  • HIPAA compliant
  • Have Continuous Integration & Continuous Delivery (CI/CD) Pipelines
  • Cost-effective and scalable
  • Have central logging and monitoring
  • Fully auditable and documentable
  • Highly secure with data encryption at rest and in transit

The Ibexlabs Solution

  • By providing preconfigured, out-of-the-box application stacks, the AWS Service Catalog was an indispensable part of establishing 1Team’s hosting infrastructure. 
  • As part of the AWS Service Catalog offering, Ibexlabs was able to centralize management tools related to security, compliance and optimization. This gave 1Team a full, in-depth view of their infrastructure and the ability to respond quickly to a variety of situations.
  • The AWS Service Catalog provided a centralized location to manage the logging and monitoring of the entire infrastructure, including the application itself. 
  • Along with its automatic security and compliance updates, implementation of the AWS Service Catalog had 1Team well on their way to ongoing HIPAA compliance. 

AWS Services used:

  • AWS Catalog products: To facilitate a multi-account target state VPC architecture. 
  • AWS Transit Gateway: For assured communication between applications. 
  • AWS Identity and Access Management (IAM): For a role-based authentication system with the principle of least privilege. 
  • AWS GuardDuty: For constant monitoring for malicious activity, Trojan Attacks, Port scanning and others. 
  • AWS CloudWatch, AWS Security Hub, and AWS CloudTrail: For a centralized location to understand the security status of their entire infrastructure, evaluate threats in order of severity, and quickly respond with the most effective measures. 
  • AWS Web Application Firewall (WAF): To protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. 
  • AWS Config: To get a clear understanding of security and resource management
  • AWS Systems Manager: For automated OS patches, system inventory collection, maintenance checkups, and resource management at scale.

Results

The combination of these best-practice methods and AWS services allowed 1Team’s PHI privacy and security priorities to move in tandem. Moving forward, Ibexlabs’ innovative solution helps 1Team meet increasing HIPAA compliance demands proactively and cost-effectively based on the latest AWS technologies. With continuing weekly support and performance optimization from AWS Trusted Advisor, Ibexlabs is also able to address 1Team’s complex and evolving cost optimization, reliability, and scalability needs. 

Contact us for a demo

From the Customer

"By centralizing every security and compliance consideration in a single place, 1Team could rest assured that they were keeping their PHI safe."

Jon Mrkonich

Download
Talk to an Ibexlabs Cloud Advisor