The initial version of the application was deployed on a rudimentary platform, unable to meet the strict regulations of HIPAA or to address basic high-availability, security, or operational needs. Had these issues not been addressed, it would’ve been impossible for i2iConnect to confidently and securely handle patient data or scale beyond a few users enrolled on their platform.
We followed the AWS Security Reference Architecture and deployed an AWS Organization consisting of multiple accounts, each with a well-predefined role. Access to the environment is granted through AWS SSO integrated with the customer’s Google IdP. Various security services are used to govern and monitor the environment, such as AWS Guard Duty, AWS Security Hub, AWS Config, AWS CloudWatch, etc.
Specifically, this resulted in:
Furthermore, our governance framework established clear policies and procedures for data handling, access control, and incident response, enhancing the overall security posture. The application's architecture was redesigned for high availability, with redundancies and failover strategies in place to ensure uninterrupted service, crucial for the reliability of i2iConnect's teletherapy sessions.
These enhancements not only safeguarded the application against disruptions but also laid a robust foundation for i2iConnect's sustained growth and scalability in the healthcare sector.