Sapphire Health Helps LCMC Health Improve Clinical Resiliency with EHR Cloud Read-Only on AWS

Executive Summary

Sapphire Health, an AWS Partner, worked with LCMC Health to build a cloud read-only environment on Amazon Web Services (AWS). LCMC Health's production Epic environment is replicated in the organization’s secure healthcare landing zone on AWS. If ransomware takes production systems such as the Epic electronic health record system offline, the cloud read-only environment is ready to be activated in minutes to provide clinicians read-only access to critical clinical information such as patient encounters, medications, allergies, and more. Sapphire Health used the Landing Zone Accelerator (LZA) for Healthcare on AWS to implement the solution in weeks instead of months. LCMC Health has used the solution to reduce its cybersecurity premiums while lowering solution operating costs.

Striving to Mitigate Security Risks

LCMC Health is a nonprofit network of healthcare providers in Southern Louisiana. LCMC Health operates nine hospitals and provides more than 2,000 inpatient beds, making it one of the largest healthcare providers in the New Orleans metropolitan area. Like most healthcare providers, LCMC Health is constantly faced with the threat of ransomware attacks and other cybersecurity events that could disrupt the organization’s critical Epic electronic health record (EHR) system. “Cybersecurity events are a huge risk because data loss associated with medical records has a long-term impact and could directly impact patient care,” says David Singer, chief information officer at LCMC Health. “If we had to bring down data sources during an incident, our clinicians might not be able to care for patients because of a lack of access to vital, accurate patient information.”

To mitigate cybersecurity risks, LCMC Health wanted to find a cost-effective and easily implemented solution that offered continuous read-only access to the Epic environment. “We didn’t want to invest in a separate isolated infrastructure outside the environment,” Singer says. “We were interested in finding a cloud-based solution to address these challenges.”

kr_quotemark

The Landing Zone Accelerator for Healthcare on AWS cut a lot of time out of the deployment process and gave us a high degree of confidence that the platform would scale and perform at a high level.”

David Singer
Chief Information Officer, LCMC Health

Deploying a Read-Only EHR Recovery Tool on AWS

LCMC Health turned to Sapphire Health, an AWS Partner that had already been providing managed services for the LCMC Health Epic infrastructure. “We have worked with Sapphire Health since 2016, and we trusted them to find the right technology,” says Singer. Sapphire Health helped LCMC Health deploy an AWS-based read-only copy of the Epic Cloud environment as a ransomware recovery tool. With a read-only environment on AWS, LCMC Health knew it could gain additional business resiliency in the event of a ransomware attack where production, reporting, and disaster recovery were inaccessible.

Sapphire Health used the Landing Zone Accelerator (LZA) for Healthcare on AWS to accelerate the pathway for LCMC Health to begin using AWS resources. The industry-specific solution is architected to align with AWS best practices and conforms with global compliance frameworks such as the Health Insurance Portability and Accountability Act (HIPAA). “The Landing Zone Accelerator for Healthcare on AWS gave us the ability to turn on the appropriate auditing tools and data protection mechanisms to ensure we had a sound strategy for building out the rest of the environment,” says Austin Park, chief technology officer at LCMC Health.

In addition, Sapphire Health implemented additional AWS services such as Amazon Elastic Compute Cloud (Amazon EC2) for on-demand compute, Amazon CloudWatch for monitoring the new read-only Epic solution, and Amazon GuardDuty and AWS Security Hub to ensure environment security. When it launched in late 2022, the LCMC Health read-only copy of Epic was the first use of such an environment in the public cloud. Additionally, Sapphire Health was the first partner to use the LZA for Healthcare on AWS.

Implementing a Read-Only Epic Copy in Weeks Instead of Months

Working closely with LCMC Health, Sapphire Health completed the read-only Epic copy project from end to end within eight weeks, compared to the months a traditional deployment would typically take. “A fast implementation means a higher likelihood of producing a favorable return on investment, which is beneficial to our business,” says Singer. “In addition, the longer a project goes on, the more complexity gets introduced due to Epic upgrade cycles. The Landing Zone Accelerator for Healthcare on AWS cut a lot of time out of the deployment process and gave us a high degree of confidence that the platform would scale and perform at a high level.”

kr_quotemark

If we had a security event, we could bring our Epic environment online in minutes. Because this is a read-only solution that is a replica of our protected health data, we don’t have to wait until the production environment is demoted. With this capability, we can make sure our clinicians can keep caring for patients and get fast access to the patient data they need.”

Austin Park
Chief Technology Officer, LCMC Health

Accessing Critical Health Data in Minutes During a Security Event

In the event of a ransomware attack, the LCMC Health read-only Epic Cloud environment can be activated quickly, ensuring continued business and clinical operations. “If we had a security event, we could bring our Epic environment online in minutes,” says Park. “Because this is a read-only solution that is a replica of our protected health data, we don’t have to wait until the production environment is demoted. With this capability, we can make sure our clinicians can keep caring for patients and get fast access to the patient data they need.”

Reducing Cybersecurity Premiums and Cutting Operating Costs

LCMC Health reduced its cybersecurity premiums because it demonstrated the ability to maintain a complete off-site copy of the full Epic production environment up to the point of activation. “We lowered our premiums by showing our cyber insurance providers that we wouldn’t be missing any critical data,” says Singer. The lower cybersecurity premiums helped cover the cost of the Sapphire Health project. Through optimization, LCMC Health also saw a reduction in the monthly costs to maintain the solution. “Using Amazon CloudWatch, along with third-party tools, we had the confidence to properly monitor the environment to identify optimization opportunities,” Park says.

LCMC Health plans to keep working with Sapphire Health to expand the use of AWS services. “Because of the success of this project and the immediate value it brought our organization, our board and executive teams decided to move forward to migrate our alternate Epic production solution to AWS,” Singer says. “We look forward to not only guarding against security events, but also taking advantage of the scalability of the cloud to operate our full access environment on AWS.”

Epic is a trademark of Epic Systems Corporation.

About the Customer

Based in New Orleans, LCMC Health is a nonprofit network of eight urgent care centers and nine hospitals across Southern Louisiana. The healthcare system focuses on providing the best possible care for every person and parish in Louisiana and employs nearly 17,000 people, including more than 2,800 board-certified physicians.

AWS Services Used

Benefits

  • Implemented read-only Epic copy in weeks instead of months
  • Accesses critical data in minutes during a security event
  • Reduces premiums and cuts operating costs

About AWS Partner Sapphire Health

Sapphire Health is an AWS Partner that helps healthcare organizations modernize and secure their infrastructures. Sapphire Health helps with all aspects of planning, design, and execution for EHR platform migrations, infrastructure automation and optimization, IT managed services, and business continuity and resiliency.

Published July 2024