Seven Starling

A platform for mental health during motherhood

Our client: Seven Starling

Virtual care supporting mental health for women going through fertility challenges, pregnancy, pregnancy loss and miscarriage, abortion, postpartum, and early parenthood.

Industry

Healthcare

Overview

We helped Seven Starling become HIPAA Compliant in their practice, development policies, and processes. We advised them on a new stack of tools, developed an API that integrated all of them, and deployed it in a HIPAA Compliant infrastructure.

The Problem

When it comes to virtual care, protecting the patient's private health information (PHI) is a key issue. Seven Starling needed to revamp their platform and tech stack to guarantee HIPAA Compliance. This process included ensuring every tool and third-party provider involved complied with HIPAA regulations; naturally, there was a solid need to replace some integrations.

As healthcare software development experts, we were involved as consultants to help Seven Starling make tough tech stack decisions. We analyzed their current stack, proposed alternatives, and made adjustments.

The Project

We worked side-by-side with Seven Starling's team to define a new tech stack, and make the integrations with the systems used by the client on a daily basis. The integrations included an EHR, a medical billing platform, an appointment scheduling tool, a marketing platform, and a payments gateway.

The team was composed by a senior developer, a tech lead, a project manager, and a tester.

Challenges

Naturally, the main challenges arose from the HIPAA compliance requirement. The solution to this problem consisted of two steps. First, the team was able to delegate all PHI storage to external services that were already HIPAA compliant. While no PHI was stored in our servers, the PHI still went through them to set up the different integrations. The second step consisted of ensuring the system's security and audibility. The team managed to fulfill this requirement by utilizing several AWS features and other external services.

For security, some of the main services used were:

Web Access Control Lists acting as firewalls

Load balancing ensuring no direct access to the servers

HTTPS required for connections with the load balancer

Aggressive security rules for each resource disabling all traffic as default and only allowing required traffic, including preventing all ssh access to servers

Isolated Virtual Private Clouds to segregate environments

AWS Inspector to detect vulnerabilities in all docker images utilized

Database-level encryption

To ensure complete logging, monitoring, and auditability:

Application-level RFC5424 compliant logging streamed directly to cloudwatch

Server (nginx) specific logging also streamed to cloudwatch

Cloudwatch alarms from previous logs (such as non 2xx responses from the server, or any log with a level of NOTICE or higher) with SNS email notifications

Infrastructure monitoring, such as database and server CPU usage, or database storage, also with enabled notifications

Database daily backups

Datadog’s Cloud Workload Security to detect key signals of an intrusion, including, but not limited to: new shell spawned, file integrity monitoring, binaries executed (curl, netcat, dig, passwd)

Process & Workflow: product development

Our team was leading tech decisions, and helping them with product development while working under agile methodologies. The first step was understanding their problems, and analyzing the best alternatives and solutions, to then develop an API. Lastly, our team took care of HIPAA-compliant infrastructure building and configuration.

Complying with health and privacy regulations was a top priority to keep all data safe and secure at all times.

Results

Image

The result was a secure, private, and HIPAA-compliant platform.

Image

We defined and implemented a new tech stack that took the app to the next level.

Client Review

“Light-It added valuable engineering capacity and expertise to our team. They were able to flexibly scale up and down with our needs and were valuable thought partners in our compliance journey. They always ask for the “why” behind technical decisions and help us find the most efficient, secure, and scalable solution for our objectives. I’d highly recommend Light-It to other startups and founders”

SOPHIA RICHTER

Co-Founder & Chief Product Officer at Seven Starling

discover our case studies

Our team delivers top-notch solutions by combining strategic thinking, healthcare expertise, and technology.

Discover all of our work

Let’s talk

Whether it's a quick question or a fantastic idea, let's start with a conversation.

Schedule a call