Medicine survey app adopts modern cloud security & achieves HIPAA compliance
About the Customer
rXperius’ consulting business provides strategic drug development guidance to small and emerging pharma companies looking to engage the FDA to advance drug development programs.

It does so by introducing first-in-class mobile apps that enable patients to easily provide critical feedback and unique insights in real time and over time. Actionable feedback can help pharma companies improve the customer experience and drive product performance.
The Challenge
rXperius needed a modernized infrastructure with improved utilization and scalability in a secure, HIPAA-compliant environment. Adversely impacted by a manual CI/CD process slowing their delivery of new deployments, apps, and feature sets, they needed to:
Optimize their time-to-market
Automate building and testing
Better manage deployments and notifications
The Solution
Our automation-first approach goes hand-in-hand with using reliable and effective Infrastructure-as-Code methodologies and implementing security best practices.

We followed the AWS Security Reference Architecture and deployed an AWS Organization with multiple AWS accounts, each of them with well-predefined roles and permissions. The company uses AWS SSO with G-Suite as a provider to control user access to AWS services.

Various security tools are used to govern and monitor the environment, such as AWS Guard Duty, AWS Security Hub, and AWS CloudWatch. The backend platform was migrated to AWS ECS and all CI/CD operations are performed through AWS CodeCommit, AWS CodeArtifact, AWS CodeBuild, and AWS ECR.

In order to better understand the state of the environment and how it relates to HIPAA compliance, the AWS Config “Operational Best Practices for HIPAA Security” conformance pack was deployed and findings were sent to a central SNS topic.
Why safeINIT
safeINIT has deep expertise in the development and implementation of highly customized Landing Zones, perfectly adaptable to the rigorous compliance requirements outlined in HIPAA.

rXperius turned to us, an AWS Well-Architected Partner and Select Consulting Partner in the AWS Partner Network, to build the HIPAA-compliant environment from scratch and address security, high availability, and operational issues.
After careful research, rXperius selected Amazon Web Services (AWS) to enable rapid deployment and reduce investment in its infrastructure.

The company uses Amazon Elastic Container Service (Amazon ECS) for its deployment environment, provisioning an Amazon Virtual Private Cloud (Amazon VPC) to connect the company’s on-premises physical servers to the AWS Cloud.

Additionally, Amazon CloudFront was set up as a platform for content delivery, enabling low latency and high download speeds worldwide, no matter where the company’s applications are deployed.

Amazon Relational Database Service (Amazon RDS Aurora Serverless) manages customer data and BI reports are generated using custom AWS Lambda functions. Using Amazon CloudWatch and AWS OpenSearch helps the rXperius team gain insight into the application-generated logs without the need to remotely log in to the servers.

AWS Application Load Balancer is integrated with Amazon ECS to manage workloads and support content-based routing and applications that run in containers. Amazon CloudWatch responds to system-wide performance changes, optimizes resource utilization, and provides a unified view of operational health.
Results and Benefits
rXperius’ new infrastructure improved security and compliance by having almost all resources in a private network, unreachable by the outside world. Critical data such as customer health records are encrypted at rest and application credentials that access this data are regularly rotated.

This means less likelihood of undesired leaks while having a central place for auditing/logging results with continuous visibility into the cloud environment.

With the new architecture in place, they achieved:
More flexible deployment
Faster delivery of new features
Reliability on best practices
Improved scalability to handle changes
Beyond the immediate improvements in security and efficiency, rXperius' infrastructure overhaul significantly enhanced their system's resilience, aligning with AWS Resilience Competency standards.

By leveraging AWS's robust cloud architecture, we ensured that their critical workloads are not only secure but also highly available and resilient against potential disruptions. This resilience is evident in their ability to maintain continuous operations and quickly recover from any unforeseen incidents, thereby safeguarding their brand reputation and financial stability.

The implementation of automated failover mechanisms, real-time data replication, and comprehensive disaster recovery strategies further solidifies their posture as a resilient, forward-thinking player in the pharmaceutical consulting space.
rXperius can now quickly go from ideas to actually creating, testing, and merging them into their code, to ultimately deliver new features to their users.
Let’s get in touch and explore how we can accelerate your business.
Write to us
Yes - in AWS
We'll never share your email with anyone else.