Among the more challenging, and rewarding, projects our developers have undertaken was one in which they assisted Duke Crucible, a software engineering team in the Duke University School of Medicine, in moving protected health information to the cloud. Duke Crucible provides the development and engineering capabilities needed to address the health system's most complex data-science problems.
The objective was to broaden the system’s capacity to explore new technologies that could then be integrated into the greater academic health community. The primary challenge was maintaining rigorous HIPAA compliance and data security.
The first step for the engineering team, though, was convincing all parties involved that meeting those standards was possible, and that the transition was a wise one.
Fashioning a Solution, Developing Expertise
Prior to this initiative, the health system’s administrators had adhered to the conventional wisdom that protected health information is more securely hosted within on-premises servers. But a new solution was required, one in which the enterprise IT team wasn’t dependent on support from other groups – taking a ticket and waiting in line.
The administration also recognized that there were cost efficiencies to be gained from a cloud-based solution. Their IT engineers assured them that there were advances in technology worth exploring, but that they would need to enlist experts in cloud procedures.
They needed a partner who could map the path forward, assist with prototyping, ensure a rapid deployment, and, critically, help alleviate any lingering skepticism regarding compliance and security. They needed a partner with a proven track record.
Our team was brought on board and worked closely with Duke Crucible’s engineers to fashion a solution particular to the health system’s needs. A further objective was to share the know-how that would be required when Caktus was no longer on site, developing expertise and instilling confidence.
The solution was built on HIPAA-compliant Amazon Web Services (AWS). Caktus has a depth of experience with AWS, having used it to build scalable web and cloud apps for a number of our clients – for computing, networking, storage, databases, security, application services, and security.
A Secure, HIPAA-compliant Home in the Cloud
The teams tested a variety of services to determine the ideal overall architecture. They identified and patched holes to ensure that the data was 100 percent secure. They built an infrastructure as code (IaC) system that allowed them to quickly and easily deploy the cloud servers.
To facilitate a seamless data flow, the teams developed code that integrated with the health system’s clinical networks and its continuous integration and delivery pipeline. They used AWS CloudFormation templates and Kubernetes deployment to integrate into both the flow of the data and the developer process. AWS CloudFormation provides a common language for modeling and provisioning AWS and third-party application resources.
The Caktus team initially helped deploy one application to the cloud. With the rapidly repeatable IaC approach, they were able to then follow quickly with two more applications. They built a nimble, scalable hosting and deployment system that will allow Duke Crucible’s development team to easily add capacity as demand for their applications increases.
They’d proven the viability of a secure, HIPAA-compliant home in the cloud for storing protected health information. This opened the door for the health system as a whole to move further in this direction.
Positioned for the Future
Moving protected health information to the cloud is not only a technical challenge but a cultural one. This partnership with Duke Crucible proved that both can be successfully navigated.
Collaboration on all the development work was critical. The Caktus developers helped the Duke Crucible team gain core competencies, ensuring that the requisite institutional knowledge was well ingrained. It’s a small team, but it’s grown since the launch of this initiative. Caktus remains involved, available for consultation as needed.
The health system’s IT leadership cited our developers for their receptiveness from the outset to the particular requirements and constructs, and for their readiness to share their expertise. The Duke University School of Medicine is now positioned to maintain a secure, compliant cloud-based network not only in a single hospital but across the entire system.
To learn more about how we can assist you in successfully moving sensitive data to the cloud, get in touch.