Patient Engagement is on the Rise Thanks to WiserCare, Safeguarded by Arpio
WiserCare empowers patients to take a more active role in decisions about their care. Their software uses patient preferences and health data as inputs to model personalized guidance that patients and their care teams use to make better-informed decisions they can stick to. Because their systems access and use sensitive electronic patient health information (EPHI), it is imperative that they maintain maximum security and resiliency of their Amazon Web Services (WS) environment.
“Considering our relatively small size, we’ve worked with huge academic centers and payers,” said Ram Cherala, CTO at WiserCare. “They have demanding security and compliance requirements. As part of the contracts that we sign with our customers, we are required to have disaster recovery and business continuity SLA’s. So we need to be able to answer questions like, ‘What happens if AWS in one region goes down? Do we have everything backed up? How quickly can we recover?’ Before Arpio, we had built a disaster recovery environment by hand – it took a few weeks. And then we had to maintain it as a second environment every time we updated production.”
Ram further explained that WiserCare performs a SOC2 audit annually to certify their customer data protections and policies. To keep pace towards that audit, disaster recovery drills are performed quarterly. “To verify a backup as part of this process would take us more than half a day just to go through the steps involved, including a lot of manual edits to scripts,” Ram stated. “And it would take us another half day to do all of the related activities.”
This exercise now takes less than half a day using Arpio
The WiserCare application follows a three tier architecture with a load balancer in front of AWS EC2 instances that talk to a managed MySQL database in RDS. It is deployed in a VPC with sophisticated security and network configuration that is precisely tuned to the needs of their workload. Arpio captures this entire environment, continuously replicates it to a secured AWS account in an alternate region, and maintains it as a cold standby environment that WiserCare can launch and switch over to if needed.
“Arpio does all of this literally with a single button,” Ram added. “We usually kick it off at the beginning of an A.M. meeting and it’s ready for us to validate the results in only a few minutes. And time is very important for us, so being able to save the effort of 3-4 engineers that I can put to good use somewhere else—like helping customers—is extremely valuable.”
“Consider that our old process was manual, time consuming and prone to human error,” added Martin Cron, Lead Developer at WiserCare. “Contrast this with Arpio’s automation, which provides a reliable disaster recovery solution that we’re confident will work if we ever need it. Now I can shift my attention from worrying about data loss and recovery to focusing my efforts squarely on advancing our product.”
Extending the Value
During the initial setup, the Arpio team identified several additional contingencies that WiserCare needed to contemplate in the event of a recovery, including the use of a separate locked-down AWS account for recovery. Adopting this practice protects WiserCare from the threat of ransomware, cyber attacks, and bad actors compromising their production account.
Adapting to the Needs of Healthcare
To integrate with their healthcare partners’ electronic health records (EHR) systems, WiserCare utilizes dedicated site-to-site VPN connections. These connections create additional challenges when performing the recovery process. “For us to switch over we previously would have to do a lot of handcrafting of those VPN connections while keeping secondary connections ready for us to switch over,” Ram stated. “But Arpio gives us the ability to make this process much more seamless.”
Overall, the new process through Arpio is so effective that WiserCare is considering taking their quarterly testing and moving it to a continuous process that would automatically capture the data necessary for compliance reporting. “Arpio allows us to do that as well,” said Ram. “We can keep testing on an ongoing basis and then report any exceptions, which we couldn’t have done before. That alone is a very strong outcome.”