AWS Partner Network (APN) Blog

How ClearDATA Utilizes Automation to Support Healthcare & Life Sciences Customers on AWS

Aaron Friedman is a Healthcare and Life Sciences Partner Solutions Architect at Amazon Web Services

At AWS re:Invent 2016, we hosted our first healthcare pre-day and heard from many of our healthcare-focused APN Partners doing outstanding work on the AWS Cloud. Workloads that are subject to stringent HIPAA and HITRUST regulations are regularly running on AWS and enhancing the patient experience. Our healthcare partners have realized the myriad benefits of moving to the cloud, and in many cases in our industry, cloud adoption is now at a point of “when” and not “if”. Several factors are motivating this movement, including:

Compliance and Security: AWS provides a Business Associate Addendum (BAA) to APN Partners who want to store, process, and transmit protected health information using eligible AWS servicesPer our Shared Responsibility Model, while AWS manages security of the cloud, security in the cloud is the responsibility of the customer. Customers retain control of what security they choose to implement to protect their own content, platform, applications, systems and networks, no differently than they would for applications in an on-site datacenter.  Many APN Consulting Partners have expertise in the Shared Responsibility Model and can help to streamline these processes for AWS customers so that they can focus on their core business.

Data Storage and Analysis: Due to the elastic nature of storage and compute that AWS offers, healthcare organizations no longer have the on-premises worry about running out of storage space and compute power to handle the ever-growing big data deluge. This is vital due to the demands of delivering effective patient care through integrating electronic health records (EHRs), PACS imaging systems, clinical trials data, and other datasets.

Cost: With AWS, you can choose to either pay-as-you-go, or reserve capacity upfront. This allows organizations to move from a CAPEX financial model (buying more high maintenance servers and storage upfront) to an OPEX model (pay-as-you-go on the cloud) to gain the flexibility to use IT resources on an as-needed basis and focus on their core workloads rather than “keeping the lights on.”

In this post, I want to tell you about ClearDATA, an APN Advanced Consulting Partner and Healthcare Competency Partner. In their presentation at our re:Invent 2016 healthcare pre-day, ClearDATA demonstrated expertise in applying DevSecOps principles to help secure PHI for their customers to help customers meet their compliance requirements on the AWS Cloud. As they both work exclusively with healthcare and life sciences organizations and are HITRUST-certified, their customers know that the security of sensitive data is and always will be ClearDATA’s number one priority.

Blending DevOps and Security for Healthcare

The ClearDATA Healthcare Managed Cloud on AWS takes a three-pronged approach to protecting health information: it protects sensitive healthcare data using purpose-built DevOps automation, provides compliance and security safeguards, and offers deep healthcare expertise.

ClearDATA’s compliance and security safeguards are vast. Its Compliance Dashboard monitors security across all EC2 instances and provides real-time visual alerts if something changes that may pose a risk to PHI.


Here’s an example of how that might work. Perhaps someone at your organization inadvertently turns off encryption within an Amazon EC2 instance. The Compliance Scorecard in the Dashboard would turn that asset from green to red and automatically alert both ClearDATA engineers and your team so everyone can take the appropriate remediation measures, whether automated or manual.

ClearDATA_2ClearDATA’s security standards, built into the Dashboard, are aligned with the controls set forth in the HITRUST Cybersecurity Framework and are designed to go above and beyond minimum HIPAA requirements. For instance, backups and snapshots of your data are automatically encrypted and stored in Amazon S3 and archived in Amazon Glacier for as long as required by a customer to meet their regulatory requirements – whether it’s a PACS image of a child or an individual’s EHR record, for instance. ClearDATA also stores a seven-year raw log of any changes, patches, encryption, or vulnerabilities in the customer environment within Amazon Glacier to assist healthcare organizations during any audits.

ClearDATA offers secure and direct access to the AWS API to let customers gain full control of their environments, as needed, while mitigating risk through ClearDATA’s Compliance Dashboard.

AWS and ClearDATA in action

Several customers are making impressive strides by using AWS technologies in combination with ClearDATA’s unique intellectual property and healthcare security expertise. A large hospital network reliant on an on-premises data center was struggling to maintain the data in its electronic health record (EHR) across multiple sites. The hospital network was experiencing latency and inconsistent performance, as well as difficulty scaling up and down and controlling costs. All of these challenges led them to consider a move to AWS and ClearDATA technologies and expertise.

ClearDATA managed the migration effort to bring the hospital’s EHR, Revenue Cycle Management and Patient Engagement Portal onto AWS using its Managed Cloud and healthcare knowledge. Today, the hospital network is using the full array of ClearDATA’s offerings, alongside EC2, Amazon Glacier, Amazon Elastic Block Store (EBS), Elastic Load Balancing (ELB), and Amazon S3. Since moving to AWS with ClearDATA, the hospital network has experienced better flexibility and security; more control over IT and security expenditures; and perhaps most importantly, far better performance, leading to faster, more responsive patient care.

As is the case for many ClearDATA customers, ClearDATA completed their cloud migration using AWS Snowball (HIPAA-eligible) to transfer petabytes of stored data securely to the AWS Cloud. The advantage of using Snowball is that ClearDATA can securely migrate petabytes of data on the customer’s behalf on encrypted devices, solving problems for healthcare customers that may have limited Internet connectivity and decade’s worth of data.

Another company that provides a mobile Electronic Medical Record application for urgent care services in rural hospitals was looking for guidance to maintain a healthcare-compliant environment and was strapped for funding and resources. The company was tapping the talents of in-house developers to code for HIPAA compliance, but security was not their core competency, so they were having to spend a lot of time and effort concerned about security rather than providing differentiated value with their application.

This Healthcare organization partnered with ClearDATA to move to AWS and switched from using virtual machines to Docker containers, a solution for operating system (OS) virtualization, orchestrated by Amazon ECS. The combined solution has enabled them to reduce costs significantly, and by using containers, the development team can focus on optimizing their app rather than patching the operating system.

Looking to 2017

When I asked Matt Ferrari, ClearDATA CTO, what he was excited about coming out of the fall and re: Invent 2016, he was enthusiastic and offered a long list. A few highlights included:

New HIPAA-eligible services. According to Matt, “We always love seeing new services that become HIPAA-eligible under the AWS BAA. These updates give us increased flexibility to architect solutions for our customers, delivering an even better customer experience.” In particular, they have used AWS Snowball for large migrations, and are particularly excited to migrate Amazon RDS MySQL databases to Amazon Aurora for increasing query performance while concurrently optimizing their costs.

VMware Cloud on AWS. A couple of months ago, we announced a new initiative with VMware to make it easy to run VMware workloads on AWS. Many of our customers and APN Partners run hybrid architectures, and many of them use VMware. ClearDATA is very excited about the opportunities they feel this may open up for their customers, says Matt: “VMware workloads have been the predominant virtualization option within Healthcare Life Sciences organizations for many years. With the introduction of the VMware to AWS capability, we can securely migrate these workloads to AWS, so that Healthcare organizations can continue to use toolsets that they are competent in (vSphere) without having to worry about future capital expenditures. This will allow Healthcare organizations to focus on their core competency, which is usually their patients, and not the data center.”

Healthcare and Life Sciences presence at re:Invent. We saw an enormous presence of healthcare and life sciences customers at re:Invent 2016. Many firms connected with ClearDATA during and after the conference. According to the ClearDATA team, this has translated into tangible business opportunities for ClearDATA in 2017.

Look for us at HIMSS

Hopefully you can see why I’m so enthusiastic about our relationship with ClearDATA. Healthcare organizations can come to ClearDATA and expect security and compliance expertise as well as an excellent customer experience.

If you’re interested in learning more about how AWS can add agility and innovation to your healthcare and life sciences solutions be sure to check out our Cloud Computing in Healthcare page. Also, don’t miss your opportunity to more about both our Healthcare and Life Sciences Competency Partners and how they can help differentiate your business.

Will you be at HIMSS? Be sure to stop by our booth #6969! ClearDATA will also be at booth #3222. We’d both love to meet with you.

The content and opinions in this blog are those of the author and is not an endorsement of the third-party product.  AWS is not responsible for the content or accuracy of this post.  This blog is intended for informational purposes and not for the purpose of providing legal advice.