Monday, February 5, 2018

Lessons from the Heathcare Security Conference

Good Morning!

Its Monday morning, and all is well in the world.  The sun will be shining, once it rises, the birds will be chirping, once they wake up, and the first cup of coffee is already delivered!

Had a fascinating weekend with fellow Healthcare Information Security professionals, discussing the legal, technological, and professional issues surrounding the constantly changing landscape of Healthcare Security, HIPAA, MACRA, and so on.

Regulations, Policies, Procedures, Reviews, Breaches, Assessments, Analyses.  Lots of information thrown about... all of it critically important.

An important change to the rules is that the mandated "Business Associate Agreements" that are required of business associates of "Covered Entities" (Physicians, Hospitals, etc) are now required down-chain, through technology providers, hosting services, etcetera.  Anyone that ever hosts, moves, or otherwise touches the secured data must be contractually connected to the Doctor or Hospital that collects the data from the patient.

This is a new requirement, and as it turns out, not all cloud providers are up-to-date on this.  Because of this, we've had to change our deployment protocol for EdgeVault.  We're going to have to purchase application hosting from a different provider that originally intended.

Our original choice for this was attractive because of the low-cost for an initial deployment, and the seamless scalability.  That allowed our deployment plan to include a separate instance for each client that desires to resell their configuration, as well as a retail instance that Dynamic Iterations would manage directly, for Single-Client customers.  (That may be a little inside-baseball... but if you want to know more, feel free to reach out.  we love talking about our architecture!)

Now, with this change, we're going to incur a much higher initial-deployment cost for instance  deployment, but will be getting similar buck-bang.  So, we are able to turn the problem into a solution, by adjusting our architecture to support multiple reseller clients on a single server.  Now, we can have everyone be in the same universe, and can scale upwards without limit.  If we really get into a resource pinch, we can engage load-balancing solutions, but that would be at a much hire level.

Also, by making another minor change, we can create "core clients", too.  So, as a consultant asked "how many levels can your architecture support?"  we can now say "Yes!"

In conclusion, or TL;DR:  A architecture challenge, analyzed properly, results in a solution that actually INCREASES flexibility.  TIAGT!

No comments:

Post a Comment

Setup to Succeed

I've worked for both good and bad companies in my career.  Some companies treated their customers well, but treated their employees poor...