AWS Open Source Blog

Using cloud computing to develop an open source infection prevention and disease control solution

This post was written by Nelson Assis, Zoltan Bozoky, Soyean Kim, and Victor Leung.

The COVID-19 pandemic highlighted areas needing improvement in the Canadian healthcare and life sciences ecosystem. For example, as ICU beds filled with COVID-19 patients, healthcare professionals working on infection prevention and control did not have as much availability for processing patient data as they did pre-pandemic. Hospital infection data needed to be monitored quickly in a more efficient, less manual way.

Existing solutions suffered from three major flaws. First, different hospital IT systems are focused on individual tasks, and therefore are often disconnected. Second, hospital systems lack modern IT infrastructure design, so they are not flexible and they operate with legacy software. Third, because the hospital systems are developed by different vendors, how patient information is stored and organized is not standardized, making data interoperability difficult. These factors contribute to a systemic inefficiency that cannot be overcome by merely adding resources, and undermine efficient patient-centric care.

In this article, we explain how Providence Health Care (PHC) used Amazon Web Services (AWS) to develop an open source infection prevention and control (IPAC) solution to improve how patient information is collected, stored, organized, used, and shared. We also introduce the AWS Quick Start PHC shared to make the solution widely available. AWS Quick Starts help you deploy technologies on AWS based on AWS best practices for security and high availability.


A central line-associated bloodstream infection (CLABSI) is a serious infection that occurs when germs enter the bloodstream through a catheter (tube) that healthcare providers place in a large vein in the neck, chest, or groin to give medication or fluids or to collect blood for medical tests. Because CLABSI can be prevented through proper insertion techniques and management of the central line, surveillance systems are crucial in any inpatient location where denominator data can be collected, which can include critical/intensive care units (ICUs), specialty care areas (SCAs), neonatal units (including neonatal intensive care unit [NICUs]), step down units, wards, and long-term care units. Monitoring CLABSI levels and identifying individual cases, associated nursing units, and outbreaks is mandatory, but also important for reducing harm and improving the quality of patient safety. The new Quick Start (IPAC-CLABSI, quickstart-phsa-ipac) described in this article provides an interface to help the process.

Having recognized the potential of cloud-based services, Providence Health Care (PHC), a nonprofit public health organization based in British Columbia, Canada, tackled modernizing legacy databases and reporting tools during the COVID-19 pandemic. Driven by necessity as hospital rooms and ICU beds filled, PHC quickly adapted to maximize the benefits of infection prevention and control best practices and procedures.

PHC chose Amazon Web Services (AWS) to achieve its goals, with services such as Amazon SageMaker and AWS Lambda becoming invaluable for rapid deployment. Using AWS serverless computing solutions allowed speedy implementation of market-validated modular architecture. With AWS services, PHC was able to increase data throughput, minimize the total cost of data ownership, and enable robust security.

The resulting Quick Start solution for PHC is one of the first of its kind in North America. This cloud-based platform as a service (PaaS) used for IPAC allows multi-reviewer annotation and a three-step decision-making process. Primary decision making, independent review, and quality control steps are required for complex medical review, such as reviews for central line-associated bloodstream infection. These innovations set a new standard on security by using AWS Key Management Service (AWS KMS), which offers level 3 validation to achieve the highest level of encryption practicable. The solution is released under the Apache License 2.0 open source license and shared on AWS Quick Starts.


To get started with the PHC IPAC solution, you will need patient data inputs in a CSV file format, in an environment that can be accessible via network file share. An AWS account and an AWS Identity and Access Management (IAM) role with permissions to create new roles are also required.



This solution provides an interface for infection control practitioners (ICPs), physicians, and epidemiologists to review potential CLABSI cases and classify the information. Each patient must undergo at least two rounds of reviews: one from ICPs and one from the physician group.

The solution works as illustrated in the IPAC architecture diagram:

Solution works as illustrated in the IPAC architecture diagram and described in the following article text

  • Patient information is collected from hospital data sources and filtered according to the CLABSI rule set to define the relevant patient population that needs review.
  • AWS Storage Gateway synchronizes bulk patient data between the internal PHC data sources and Amazon Simple Storage Service (Amazon S3).
  • Using the Amazon S3 bucket invokes uploaded data to invoke an AWS Lambda function.
  • The AWS Lambda function then processes the information and separates and stores individual patient information in another Amazon S3 bucket.
  • As the preprocessed data is written into the new bucket, another AWS Lambda function is invoked by an Amazon S3 event that generates an Amazon SageMaker Ground Truth labeling job.
  • Hospital practitioners review the patient information through an Amazon SageMaker Ground Truth customized UI and decide on the associated label.
  • Amazon SageMaker Ground Truth saves the decision and reviewed case into an Amazon S3, which invokes another AWS Lambda function that evaluates whether additional practitioner reviews are necessary.
  • Final label data is stored in Amazon S3.


  1. Sign in to the AWS Management Console with an IAM user role that has the necessary permissions. For details, refer to the planning the deployment documentation
  2. Make sure that your AWS account is configured correctly, as highlighted in the technical requirements documentation.

Launch the Quick Start

Each deployment takes about 30 minutes to complete.

  • Signed in to your AWS account, launch the AWS CloudFormation template:
  • Check the AWS Region displayed in the upper-right corner of the navigation bar, and change it if necessary. This Region is where the network infrastructure for IPAC-CLABSI is built. The template is launched in the CA-CENTRAL-1 Region by default. For other choices, refer to the supported Regions documentation.
  • On the Create stack page, keep the default setting for the template URL, and then choose Next.
  • On the Specify stack details page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require input. For all other parameters, review the default settings and customize them as necessary. For details on each parameter, refer to the parameter reference documentation.
  • When you finish reviewing and customizing the parameters, select Next.
  • On the Configure stack options page, you can specify tags (key-value pairs) for resources in your stack and set advanced options. When you’re finished, choose Next.
  • On the Review page, review and confirm the template settings. Under Capabilities, select the two check boxes to acknowledge that the template creates IAM resources and might require the ability to automatically expand macros.
  • Choose Create stack to deploy the stack.
  • Monitor the status of the stack. When the status is CREATE_COMPLETE, the IPAC-CLABSI deployment is ready.
  • To view the created resources, see the values displayed in the Outputs tab for the stack.

Test the deployment

  • Upload assets/anonymous_patients.xlsx to the input data S3 bucket to simulate the ingestion of patient data into the system. Labeling jobs should be created in Ground Truth.
  • Complete a review and confirm that the job is relaunched in Ground Truth for labeling by a second reviewer.
  • Submit a job with the label Require further review - revisit patient later. Confirm that the job launches with same number of reviewers required.
  • Confirm that created jobs are recorded in the time sheet.

Post-deployment steps

Create a private workforce in your Amazon SageMaker deployment. For more information, refer to Create a Private Workforce (Amazon SageMaker Console). For more information, see HumanTaskConfig.

Cleaning up

Make sure to back up any data you might want to reuse in the future. To delete the solution from your environment, in the AWS CloudFormation console, select and delete the PHC IPAC stack. This step will delete all the AWS resources associated with the solution, including S3 buckets created by the solution.


This blog post shows how a public health organization can use cloud services to improve medical care, such as infection prevention and control practices in controlled environments. The open source AWS Quick Start solution described in this post can help you increase data throughput, minimize the total cost of ownership, and enable robust security, while providing enhanced availability, capacity, and scalability through access to advanced data mining and modeling services.

Soyean Kim

Soyean Kim

Ms. Soyean Kim is currently the Director of Digital Products, supporting Providence Health Care (PHC)’s digital partnerships and projects, and facilitating the use of technology to advance PHC’s digital capacity. She supports machine learning and AI initiatives, including Canada’s Digital Technology Supercluster by working with a collection of organizations who collaborate to develop world leading technologies that will power the digital transformation of business and society while delivering economic growth across Canada.

Zoltan Bozoky

Zoltan Bozoky

Zoltan Bozoky is the Technical Manager at Digital Products of Providence Health Care, supporting all technical work of the team. He provides technical solutions to a broad range of challenges from health data integration, ML and AI application development to safe and secure data processing and engineering pipelines or modernization efforts like this IPAC-CLABSI application.

Victor Leung

Victor Leung

Victor Leung is currently the medical director of Infection Prevention and Control at Providence Health Care. He is an infectious disease physician and medical microbiologist, and Clinical Associate Professor in the Department of Pathology and Laboratory Medicine at the University of British Columbia.

Nelson Assis

Nelson Assis

Nelson Assis is a Technical Account Manager (TAM) in Enterprise Support at Amazon Web Services (AWS), focused on supporting Canadian Public Sector customers. Before joining AWS, Nelson spent 13 years working as a DevOps engineer in both startups and large organizations focused on infrastructure operations. Nelson lives in Vancouver, BC, with his wife.