One of MedCommon’s offerings, HealthURL is a personal account hosted on Amazon Web Services. MedCommons HealthURL provides a web-based storage repository for consumers to store and share access to their health records. These temporary or long-term accounts live on Amazon S3 where they meet HIPAA requirements of security and redundancy.
“We choose AWS because of their reputation and the scalability of their solution,” states Adrian Gropper MD, Co-founder and Chief Science Officer. “We use Amazon S3, EC2, Elastic IP to store and host individual HealthURL accounts. Compared to traditional hosting providers, Amazon EC2 was easy to set up and pretty inexpensive. The fact that there’s no bandwidth costs between our gateways and long term storage servers will be a huge cost savings.”
With HealthURL, consumers can open an account and upload PDF files, DICOM imaging, CCR information, and other relevant medical data. Then, using credentials, patients can share access with family members, physicians, specialty providers, large hospital networks, or even employers. The patient maintains control of their identity and privacy by granting or revoking access to others as needed.
HealthURL accounts are a $2/month subscription plus a hosting fee. To determine the hosting fee and charge the subscription cost, MedCommons utilized Amazon DevPay to charge and meter customer usage. “DevPay tracks the actual storage and communications expenses for very large diagnostic imaging objects as well as service fees to be paid by the patient/consumer. This billing system saves a great deal of work and enables our transactional business model to compete with the ad-supported model of Google and Microsoft.”
MedCommons also utilizes Amazon FPS to manage direct and third party billing transactions between consumers and MedCommons or patients and doctors. Both Amazon FPS and DevPay allow MedCommons’ customers to simply pay using the existing payment information stored in their Amazon.com account.
With a scalable solution in place, MedCommons also had to consider HIPAA compliance of their application. “Our app was designed to be hosted in the cloud and patient-centric from the ground up. In order to be HIPAA compliant, we had to design our application to allow careful identity management, detailed activity logs, a secure console system that facilitates audit of users and accounts, a clear access consent mechanism, and a locked down app deployment procedure that provides a minimum attack surface—encryption and SSL certificates.”
“We have saved many man-years of work by going with AWS for our in-the-cloud, on-demand healthcare information service. The capability of usage-based pricing at the patient level adds commerce capabilities not available anywhere else. The confidence in the Amazon brand by consumers everywhere makes it our best choice for in-cloud storage and computing,” says MedCommons’ CEO Bill Donner.MedCommons’ mission is to redefine high value legacy, enterprise-centric, healthcare applications and workflows (such as radiology/PACS and records management) to function as distributed, cross-enterprise, virtual networks running on low-cost, commodity infrastructure. For more information, go to http://www.medcommons.net .