AWS Partner Network (APN) Blog

Introducing HIPAA Compliance-as-a-Service – Aptible, an APN Healthcare Competency Partner

Compliance is a key factor for Health Tech companies, whether they are looking to move workloads to the cloud or are building cloud-native applications. In the U.S., companies handling personal health information (“PHI”) are subject to the Health Insurance Portability and Accountability Act (“HIPAA”).

AWS employs a shared responsibility model where AWS manages the security of the cloud, and customers manage the security of their data in the cloud. Customers retain control of what security best practices they choose to implement to protect their content, applications, systems and networks.

Our APN Healthcare Competency Partner Aptible has developed a HIPAA-compliance application platform for end customers to further abstract HIPAA for application developers at the general technical safeguard layer.

In working with AWS, Aptible strives to make it easy for developers to work in healthcare, as both companies believe a customer shouldn’t have to compromise good engineering practices for the sake of compliance complexity. The result is that engineers can focus on writing code, not managing and documenting infrastructure.

Who is Aptible?

Aptible, based out of Brooklyn, NY, is an application deployment platform built to streamline HIPAA compliance for web and mobile technology. Aptible is the APN’s first Compliance Services Healthcare Competency Partner.

Aptible’s deployment compliance platform-as-a-service helps digital health teams quickly and easily scale apps and databases in secure, PHI-ready environments. The Aptible compliance platform helps companies satisfy and manage the administrative burden of working with regulated data. Aptible’s entire HIPAA Application platform was built on top of AWS. The firm has been an APN Technology Partner since 2014.

Why AWS?

The Aptible team chose to work with the AWS platform from its inception, to help alleviate the challenges developers were facing as it related to achieving HIPAA compliance. “AWS is, by far, the most trusted name in the healthcare cloud space, and offers unmatched reliability, security, speed, and scale,” said Chas Ballew, CEO at Aptible. “We have gone all-in from day one with AWS, and it has been a fantastic decision for us and our customers.”

Services on AWS

Aptible developed an application platform to address HIPAA compliance that lives on top of AWS, and was impressed with the speed at which it was able to go live with its solution. “We don’t think we could have been live faster anywhere else. We are very happy with our speed to market by using AWS,” said Ballew. Aptible began building the platform in November of 2013, and had its first production customers on the platform by May 2014.

Using AWS allows Aptible to easily give each customer their own isolated, dedicated networking environment, with Amazon Virtual Private Clouds (Amazon VPC). Amazon Elastic Load Balancing (Amazon ELB), Amazon Elastic Block Storage (Amazon EBS), and Amazon Simple Storage Service (Amazon S3) make encrypting customer data in transit and at rest easy and reliable. Amazon CloudTrail and Amazon Identity and Access Management (IAM) help Aptible monitor and control access to customer resources with enterprise-grade audit capabilities.

Dedicated Amazon Elastic Compute Cloud (Amazon EC2) instances enable the company to get clients up and running in their own HIPAA-compliant environment in under a day, without requiring companies to make any changes to their underlying technology stack.

Aptible is a strong solution for APN Technology Partners focusing on healthcare, pharma, and insurance application and product design, and for APN Consulting Partners looking to integrate complex healthcare technical compliance requirements.

The Benefits of Working with AWS

In building the platform on top of AWS, Aptible is able to provide end customers with a lower-cost, rapidly-deployed HIPAA-compliant solution.

“We’re able to radically lower the cost and increase the speed to market for software companies in regulated industries,” explained Ballew. “Our clients are now benefiting from modern deployment and engineering tools not formally available to companies needing HIPAA compliance.”

The Aptible team has had great success in working with the APN and with multiple internal AWS teams. Since joining the APN, Aptible has doubled in both customers and revenue.

Aptible also benefits from the recognition it has gained as an APN Healthcare Competency Partner. “Our biggest challenges as a young company are building awareness and credibility. Being part of the APN and being selected as an APN Healthcare Competency Partner helps us with both,” explained Ballew.

Looking Forward

With the support of AWS, Aptible plans to expand as the healthcare industry grows by continuously introducing programs suited for the security and compliance demands of digital health enterprises.