For many healthcare organizations, analyzing quality performance data is a significant challenge. Government, payer, and internal entities require reports about how the healthcare organization is performing across a wide range of quality metrics. Integrating systems and compiling data can be a huge burden.
Massachusetts eHealth Collaborative (MAeHC) helps healthcare organizations tackle these challenges. Formed in 2004 by a group of healthcare providers, payers, and purchasers, MAeHC is a non-profit health IT pioneer that works with healthcare organizations across the country to implement and maintain EHR, HIE, and data analytics solutions.
One of MAeHC’s core service offerings is the Quality Data Center (QDC), a comprehensive, on-demand data warehousing solution that extracts and aggregates data from multiple clinical systems to help clinical teams improve overall quality. The QDC is used by several large hospital systems and healthcare organizations to provide accurate, reliable reports, saving these organizations many hours of manual data collection and aggregation.
The QDC is a.NET application that provides quality measure performance, healthcare quality reporting and event notification services representing data from over 3 million patients across 7,500 providers and 850 practices. The application meets HIPAA and Mass 201CMR17.00 compliance requirements. In 2017, the contract for MAeHC’s datacenter came up for renewal, and they decided to evaluate other options for hosting the QDC. They were facing scaling constraints in their datacenter, and were interested in implementing more robust HA/DR capabilities.
“As with any on-premises environment, you’re managing and worrying about drives, backups, patching — it’s a lot of hand holding that takes a fair amount of effort,” says John Virgona, Managing Consultant – Technology, who is responsible for MaeHC’s IT infrastructure management. “When we got to the point where we needed to do a hardware refresh, we did an analysis of the costs of a cloud-based solution, including AWS, Azure, co-hosting, or even having production in the cloud and dev/test on-premises. Ultimately we decided to go with AWS.”
MAeHC decided to migrate the QDC to Amazon Web Services (AWS) due to the maturity of AWS’s HIPAA compliance practice, its experience working with large healthcare organizations on complex EHR projects, and the possibility of greater scalability and flexibility in launching new infrastructure. However, they knew that they needed an AWS partner to help manage the process.
Migrating to AWS
In order to migrate to AWS, MAeHC turned to Logicworks, an AWS Premier Consulting Partner with 25+ years of experience managing health IT workloads.
“Logicworks’ response to our Request for Proposal (RFP) revealed that they had solid experience with AWS, especially in the healthcare space,” says Virgona. “Our selection was based on that experience, pricing, great references, and the feeling that there would be a good cultural fit between our organizations”
Logicworks began by reviewing information about MAeHC’s existing environment. Then Logicworks engineers conducted multiple technical sessions with MAeHC’s IT team in order to translate its on-premises environment to AWS in a “lift-and-shift” approach.
“Our approach was to take our application and system topology, and as close as made sense, duplicate it on AWS,” says Virgona. “We wanted to move safely, and then optimize later. This allowed us to get up and running in AWS quickly without having to re-architect our application right away.”
Logicworks designed a reference architecture, reviewed the architecture with MAeHC, and then proceeded to build that environment on AWS. MAeHC was running Windows Server 2012 and Windows SQL Server 2008, and wanted to upgrade their database to SQL 2016 CU as part of the migration process. To complete this database upgrade, Logicworks recommended an external database administration provider. DatAvail upgraded MaeHC’s databases, used AWS Snowball to move full backups of the database to AWS, shipped logs through VPN, and implemented high performance database mirroring to their DR site in a separate Availability Zone. Amazon Glacier was configured for backup storage and long-term archival. MAeHC is currently evaluating AWS Relational Database Service (RDS) for SQL Server, and may choose to migrate to RDS in the future to reduce database administration overhead.
MAeHC’s architecture was also designed for multiple levels of resiliency. Logicworks built their AWS environment across two Availability Zones using AWS Auto Scaling and Puppet, so that in the case of failure, an EC2 instance could be spun up immediately to replace it and configured with appropriate OS, packages, application, and other security features. Logicworks built environments using AWS CloudFormation to ensure that Dev, Test, and Staging VPCs could be easily deployed on-demand. MAeHC decided to architect each environment to ensure that it met peak capacity, and then cost optimize after migration.
HIPAA Compliance on AWS
In order to achieve HIPAA and Mass 201CMR17.00 compliance on AWS, Logicworks implemented several critical security and governance configurations, including: a Bastion host in the Hub (Management) VPC, detailed AWS CloudWatch monitoring, multi-factor authentication, central authentication, CIS-hardened machine images, encryption using AWS Key Management Service, and backups to AWS Glacier for the required retention period. In addition, Logicworks integrated industry leading products from AWS’s Marketplace to complete the suite of defensive armament appropriate to protect the application from external infiltration.
“We’re experts in HIPAA compliance, but needed help translating controls to AWS. With Logicworks, we’re confident that our AWS environments meet HIPAA compliance standards,” says Virgona.
Ongoing AWS Management
After migration was completed, MAeHC entrusted Logicworks with ongoing 24×7 monitoring and technical support through its AWS Managed Services. Logicworks manages all infrastructure maintenance tasks, including backups, patching, handling any change requests, and fielding alarms from system, network and security monitoring tools. Logicworks’ NOC team of AWS engineers responds to any incidents or change requests around the clock, ensuring that MAeHC’s team can focus on the application, not the infrastructure.
“Logicworks is doing an incredible job. Having the 24×7 NOC is great. The resources available are always timely. MAeHC is very pleased with what Logicworks is doing,” says Virgona.
By outsourcing infrastructure management to Logicworks, MAeHC’s team also reduces the ongoing burden of maintaining HIPAA compliance. Logicworks’ configuration management scripts and automated patching and backup systems ensure that HIPAA compliance is maintained even when environments grow or change.
Logicworks developed a production runbook with MAeHC to establish expected responses to most repeated operational events. A weekly meeting with key members of the MAeHC team reviews recent tickets, performs change management tasks, and discusses infrastructure initiatives.
As a result of migrating to AWS with Logicworks, MAeHC’s QDC application is more resilient, scalable, and protected against failures. HIPAA compliance controls are automated, further reducing the risk of manual error and non-compliance. The QDC is growing, and MAeHC is able to keep up with that growth without having to worry about dedicating internal engineering resources to maintain AWS. The result is that MAeHC’s customers are able to continue to improve the quality of care while relying on MAeHC, AWS, and Logicworks to deliver reliable, secure systems.
Logicworks is a leader in cloud migration and managed cloud services for AWS and Azure. We specialize in helping companies with complex, highly regulated workloads in finance, healthcare, and SaaS operate on the cloud. To learn more, visit www.logicworks.com or contact us.