HIPAA Compliant Cloud Solution for Medical Equipment Company

HIPAA Compliant Cloud Solution for Medical Equipment Company

Project details

Anyone who has watched TV hospital dramas is familiar with the pole-mounted monitors that track vital signs during surgery. Anesthesiologists keep a careful eye on blood pressure, heart rate, O2 saturation and other data looking for signs of distress. When something goes wrong, at least on TV, a doctor calls for Ringer’s lactate or a defibrillator.

Those devices are great at alerting doctors to problems in real time, but they don’t typically retain historic data for later review, and it’s lost as soon as it is overwritten on the device display. This can be a problem in the development and evaluation of treatment protocols, where researchers need to collect data recorded on the medical devices and correlate it with patient outcomes. They also need to be able to annotate the data with notes about any interventions they performed. Unlike TV dramas, these are defined by well-established protocols. For example, if a patient’s blood pressure were to drop precipitously, an anesthesiologist might perform a transfusion. Vital statistics and annotations then need to be recorded to a database from which reports and analysis can be performed.

Regulatory Innovation

Macadamian is working with one of the world’s leading medical device manufacturers to bridge the gap between conventional monitors and the needs of researchers. Medical devices are heavily regulated, and challenges abound, so existing monitors can’t simply be upgraded with new features. This would trigger an expensive, multi-year development, reapproval, and certification process. Legal frameworks like HIPAA and foreign equivalents also require great care and expertise in the use of modern networking and software systems like the Internet and cloud-based storage to ensure patient privacy is never breached. Even reporting and analytics have unique challenges since the report designers who develop sophisticated analytics tools can’t work with the data for privacy reasons. Healthcare information infrastructure is an area where successful projects require depth and experience.

Macadamian is an expert at modernizing established medical technology to leverage the functionality and economic advantages of new approaches like cloud computing while safely navigating complex and overlapping regulatory requirements. As the client recalls, “We were looking for help to take our concept to market-ready product and tried Macadamian out in parallel with other firms. Their technical and business expertise were matched by their customer focus, and the combination set them apart from the others.”

To integrate existing real-time monitors into a modern, cloud-based architecture without triggering expensive recertification, they used the monitor’s Ethernet port to connect a tablet, which fetches the data, allows annotations to be added via the touch screen, and uploads it to a database in a private cloud.

Storing medical records in the cloud could present many risks if done improperly. Ensuring the privacy of health records is serious business, and the fines can be huge. In a notable set of HIPAA violations, a hospital settled for over $800,000 after staff peeked at the medical records of Brittney Spears’ and others in 2008. Other breaches — though less well known — have been much larger, over $5.5 million in one 2016 case. But Macadamian has extensive experience designing cloud solutions for healthcare that are secure from end to end. Data is encrypted using transport layer security (TLS) while in transit between the tablet and the cloud app, and again from the cloud to client devices. It is also encrypted while at rest in cloud storage or on client devices, with careful management of encryption keys in a key vault. Robust firewall security is used to control network access and access control list (ACL) functionality limits product access to authorized personnel. The result is end-to-end security that carefully protects the confidentiality and integrity of the data.

Reports, not Courts

Powerful reporting and analysis were critical outcomes of the project. Physicians required intuitive, easy-to-use tools that allowed them to spot patterns and anomalies easily. Macadamian built a physician accessible portal to meet their needs, but as Mark Thompson, Healthcare Software Architect at Macadamian explains, the requirements were moving targets. “Report requirements were changing frequently during the development phase, and it became clear that we would need a more flexible solution.”

They overcame this by using Microsoft Power BI Embedded, a report development tool designed for business analysts. Stakeholders can modify and create their own reports without the assistance of the Macadamian development team. Since Power BI is a widely used tool with a deep pool of skilled users, hospitals will have access to expertise when customizations are needed.

As elegant as this solution was, it exposed another unique challenge of developing IT infrastructure for healthcare. Thompson explains that “report designers need access to the database to develop and test new reports, but they are legally barred from accessing patient data.”

Macadamian designed a process to automatically create a second database from the primary one, but with all personal data replaced with fictitious information. This secondary database is otherwise kept synchronized with the real data, so that report developers can work with realistic information. But, importantly, they have no access to the personal information in the primary database, which is restricted to use by authorized medical personnel only.

A Speedy Operation

Taken together, the requirements were daunting; a custom tablet interface to legacy monitoring equipment, secure cloud storage, flexible and secure reporting. Yet Macadamian took the project from concept to working prototype in six weeks with only two full-time resources, and they did it on budget. The solution is in trials now and will be released commercially later in 2017, providing an innovative solution to tricky technical and regulatory problems years faster than would have been possible for a conventional medical device solution. Operating room procedures that save lives will improve as a result.

Perhaps even the primacy of Ringer’s lactate on medical dramas will be challenged.

“We were looking for help to take our concept to market-ready product and tried Macadamian out in parallel with other firms. Their technical and business expertise were matched by their customer focus, and the combination set them apart from the others.”
- Client


  • Geoffrey Parker
    Director, Healthcare Software Development