HIPAA-Compliant Cloud Infrastructure
Lane Health accelerates application development, streamlines business processes, and reduces the total cost of ownership by 60%
Lane Health is a healthcare lending company that helps employees in High Deductible Health plans (HDHP) to cover their healthcare expenses through a unique HSA Advance program, and to manage their HSA contributions. Employees no longer have to defer their healthcare decisions due to high out of pocket expenses since the Lane Health Card with the Heart offers instant credit at the point of sale with no credit checks.
Lane Health wanted to innovate faster and more efficiently by migrating their HSA Advance applications to an advanced HIPAA-compliant infrastructure on AWS. Through product migration and enhancement that had to be done in four months, they sought to streamline operations and reduce TCO while ensuring business continuity during the migration.
Provectus reviewed HSA Advance current applications, including their business logic and data, to define the infrastructure requirements for HIPAA compliance. A new HIPAA-compliant infrastructure for AWS-based, cloud-native applications was designed and implemented, featuring automated CI/CD pipelines with logging, monitoring, and alerting components.
Provectus migrated Lane Health’s HSA Advance apps to a reliable, highly available, and HIPAA-compliant AWS infrastructure, to enable agility, flexibility, cost efficiency, and the security of the AWS cloud. They managed to launch the product in just four months before going live while ensuring its full ownership and stable releases, and reduced TCO by 60%.
60% Reduction in Total Cost of Ownership
HIPAA-compliant Cloud Infrastructure in 4 Months
Full Transparency and Ownership by the Dev Team
The Infrastructure and Tech Stack Limit Development Capabilities and Curb Potential for Growth
Lane Health was founded to provide corporate employees with affordable options for paying for healthcare using pre-tax dollars.
By using Lane Health’s HSA Advance program, employees in High Deductible Health Plans (HDHP) who often face financial pressures and obstacles can get an instant line of credit without credit checks, and enjoy predictable repayment terms with tax savings and zero costs to employers. In fact, employers enjoy the savings through this program as they reduce their payroll tax obligations. The program can be managed via a set of dedicated HSA Advance applications for employees, employers, and administrators.
The team at Lane Health wanted to improve the HSA Advance applications by making them more secure, scalable, flexible, reliable, and cost-efficient. They were looking for ways to quickly introduce more advanced technology stack and infrastructure, and to migrate the applications to the AWS cloud. By doing so, the team hoped to gain capabilities to innovate faster while achieving more stable releases, reducing the Total Cost of Ownership, and achieving HIPAA compliance to store PHI data. Because the product had to be launched in less than four months, Lane Health required a reliable partner to get it all done.
Lane Health joined forces with Provectus, an AWS Premier Consulting Partner, to migrate its applications to an enterprise-level technology stack and set up an underlying infrastructure on AWS.
Implementing HIPAA Infrastructure, Optimizing for Performance and Cost, and Migrating the Apps to AWS
Understanding the urgency of the situation, Provectus acted quickly to review Lane Health’s implementation of the HSA Advance applications to better understand their business logic, external dependencies and data structures, and to assess their compliance level.
The applications were developed on a no-code platform that limited their flexibility while posing ownership and maintenance challenges. They did not have a proper versioning system or database rollback mechanisms, making each new product release a risky endeavor. The applications lacked tools for testing, logging, monitoring, alerting, and database migration and management.
Provectus saw an opportunity to help Lane Health improve its applications. As such, the decision was made to abandon the legacy platform and build a HIPAA-compliant infrastructure on AWS.
We designed a reliable, highly available, and HIPAA-compliant AWS infrastructure, which includes a new data platform, CI/CD, logging, monitoring, alerting, and updates of other critical components of the application. The infrastructure and the proposed migration plan were approved by the Lane Health’s team.
Provectus built a HIPAA-compliant infrastructure based on AWS HIPAA Security and Compliance guidelines. The infrastructure met AWS requirements for security, performance, cost efficiency, and reliability. It featured CI/CD pipelines for automated testing; a centralized hub for logging, monitoring, and alerting; ETL pipelines for user enrollment and data quality verification; and microservices to support core business logic and third-party integrations, and to provide the frontend applications with corresponding APIs.
In order to achieve smooth migration and traffic switch to new production workloads, Provectus ensured proper test coverage on each step of the migration. A series of integration, functional, manual, and end-to-end tests were run to ensure applications are working as expected and are on par with legacy applications.
The delivered solution addressed and accounted for various challenges that Lane Health’s team faced with HSA Advance applications.
Thanks to Provectus, new applications are now:
- ready for a HIPAA compliance audit
- able to limit engineers’ access to sensitive customer data
- able to release and roll out new product versions with fewer obstacles
- utilizing best practices for logging, monitoring, and data backups
- ensuring greater customer satisfaction from the standpoint of data security, performance, and user experience
New Infrastructure Speeds Development, Streamlines Processes, and Helps Improve Customer Satisfaction
Provectus designed and built a reliable, highly available, and HIPAA-compliant infrastructure on AWS in an expedited manner. This enabled Lane Health’s engineering team to develop cloud-native applications from scratch, without the limitations of no-code platforms.
The new infrastructure introduced automated CI/CD pipelines, data quality verification pipelines, and required tooling for versioning, automated testing, logging, monitoring, and alerting. The enhancements also made it possible to roll out product updates in just one click.
Although the HSA Advance applications were built from scratch, Provectus ensured that their core business logic did not change as a result of migration, to ensure business continuity. Lane Health’s admins and registered users (i.e. employees and employers) are still able to use the HSA Advance applications in ways they are accustomed to.
The improvements made by the Provectus team make the HSA Advance applications more agile, flexible, scalable, and secure. Lane Health’s engineering team was able to take full ownership of the solution and achieve stable and regular releases.
“The development team of Provectus has helped us build a new generation, scalable, cloud-based architecture in record time”, says Lenny Blyukher, CTO of Lane Health. “By migrating and augmenting the HSA Advance applications, Lane Health has streamlined operations and improved business processes to reduce the Total Cost of Ownership by 60%. Now, we are in the strong position to innovate and improve Lane Health’s healthcare lending solution faster and more efficiently while enjoying better data protection.” The changes make it possible for Lane Health to unlock its full potential and accelerate its future growth in the healthcare lending market.
Looking to explore the solution?