Case Study: HIPAA compliant VMS and App Development

  1. Home
  2. AWS Case Studies

Dr. Randall W. Porter, a neurosurgeon with Barrow Neurosurgical Associates in Phoenix, AZ, created Medical Memory after his father was diagnosed with cancer. His father lived in Chicago and Dr. Porter experienced the challenges and frustrations of having to rely on family members to accurately recite complex information about his father’s condition and treatment. The experience had a profound effect on Dr. Porter’s approach to patient communication in his own practice and ultimately would change patient engagement across healthcare.

“I knew immediately how inefficient it was for physicians and their staffs to have the same conversation over and over again. I realized that a better, more efficient process would involve a video of doctor/patient consultations.”

Dr. Porter asked Cardinal Peak to develop the technologies to allow this concept to be rolled out nationally at Doctor’s offices and Hospitals. Cardinal Peak architected a complete solution (as shown in the following figure) comprised of a mobile app running on a tablet in the examination room, a cloud service for managing user accounts and videos, and a series of role-based web-portals for use by patients, Doctors, Loved-ones and Hospital administrators. Everything was developed to be HIPAA compliant.The cloud services were developed and deployed on AWS. As originally delivered by Cardinal Peak, the Medical Memory system operates as follows. Encoded videos are uploaded directly to Amazon Elastic Transcoder, where the videos are decrypted, transcoded, and re-encrypted before being copied to secure Amazon S3 for playback and later to Amazon Glacier for archival. Patient, physician, and administrator data and accounts are stored in encrypted Amazon RDS and transmitted using secure HTTPS. Patient data schemas meet and exceed HIPAA requirements. The role-based access portals for patients, Doctors, Care-Givers, Hospital and Admins for viewing, reviewing, editing, and administering videos was written in mobile-first Angular.js.

The custom app running on a tablet is used by patients to create their secure account and sign the consent forms. The same app is used by the Doctor to easily record a video of the appointment. The display shows what is being recorded along with both the patient and Doctor’s name. The Medical Memory app encodes video as it is being recorded for the highest security. The video is sent to the cloud behind the scenes without the Doctor’s intervention.

Patients can view their videos at any time using a rich set of playback controls on a host of different devices using a variety of browsers. Patients can share videos with loved ones or caretakers. Patients, Doctors and caretakers can share messages about specific videos through the RBAC web-portals.

As the Medical Memory was a start-up, Cardinal Peak was the Medical Memory’s complete engineering arm through product launch. Near product launch, the Medical Memory added staff for maintaining the system and adding new features over time.

Cardinal Peak’s long history in video system development was a key skill leading to the successful development of this product.