Our client: Seven Starling
Virtual care supporting mental health for women going through fertility challenges, pregnancy, pregnancy loss and miscarriage, abortion, postpartum, and early parenthood.
Industry
Healthcare
We helped Seven Starling become HIPAA Compliant in their practice, development policies, and processes. We advised them on a new stack of tools, developed an API that integrated all of them, and deployed it in a HIPAA Compliant infrastructure.
When it comes to virtual care, protecting the patient's private health information (PHI) is a key issue.
Seven Starling needed to revamp their platform and tech stack to guarantee HIPAA Compliance. This
process included ensuring every tool and third-party provider involved complied with HIPAA regulations;
naturally, there was a solid need to replace some integrations.
As healthcare software development experts, we were involved as consultants to help Seven Starling make
tough tech stack decisions. We analyzed their current stack, proposed alternatives, and made adjustments.
We worked side-by-side with Seven Starling's team to define a new tech stack, and make the integrations
with the systems used by the client on a daily basis. The integrations included an EHR, a medical
billing platform, an appointment scheduling tool, a marketing platform, and a payments gateway.
The team was composed by a senior developer, a tech lead, a project manager, and a tester.
Naturally, the main challenges arose from the HIPAA compliance requirement. The solution to this problem consisted of two steps. First, the team was able to delegate all PHI storage to external services that were already HIPAA compliant. While no PHI was stored in our servers, the PHI still went through them to set up the different integrations. The second step consisted of ensuring the system's security and audibility. The team managed to fulfill this requirement by utilizing several AWS features and other external services.
Web Access Control Lists acting as firewalls
Load balancing ensuring no direct access to the servers
HTTPS required for connections with the load balancer
Aggressive security rules for each resource disabling all traffic as default and only allowing required traffic, including preventing all ssh access to servers
Isolated Virtual Private Clouds to segregate environments
AWS Inspector to detect vulnerabilities in all docker images utilized
Database-level encryption
Application-level RFC5424 compliant logging streamed directly to cloudwatch
Server (nginx) specific logging also streamed to cloudwatch
Cloudwatch alarms from previous logs (such as non 2xx responses from the server, or any log with a level of NOTICE or higher) with SNS email notifications
Infrastructure monitoring, such as database and server CPU usage, or database storage, also with enabled notifications
Database daily backups
Datadog’s Cloud Workload Security to detect key signals of an intrusion, including, but not limited to: new shell spawned, file integrity monitoring, binaries executed (curl, netcat, dig, passwd)
Our team was leading tech decisions, and helping them with product development while working under agile
methodologies. The first step was understanding their problems, and analyzing the best alternatives and
solutions, to then develop an API. Lastly, our team took care of HIPAA-compliant infrastructure building
and configuration.
Complying with health and privacy regulations was a top priority to keep all data safe and secure at all
times.
The result was a secure, private, and HIPAA-compliant platform.
We defined and implemented a new tech stack that took the app to the next level.
“Light-It added valuable engineering capacity and expertise to our team. They were able to flexibly scale up and down with our needs and were valuable thought partners in our compliance journey. They always ask for the “why” behind technical decisions and help us find the most efficient, secure, and scalable solution for our objectives. I’d highly recommend Light-It to other startups and founders”
SOPHIA RICHTER
Co-Founder & Chief Product Officer at Seven Starling
Our team delivers top-notch solutions by combining strategic thinking, healthcare expertise, and technology.
Whether it's a quick question or a fantastic idea, let's start with a conversation.
Schedule a call
