Our blog

Why AWS’ Serverless Computing Fits HIPAA-Compliant Workloads

Why AWS’ Serverless Computing Fits HIPAA-Compliant Workloads

As digital healthcare continues to evolve, there is a need for providers to understand not only the challenges that can be overcome with cloud migration but also how business needs can be met with a virtual infrastructure and ecosystem. In some ways, the ubiquitous nature of the cloud in our post-pandemic society has led to a renewed focus on digitalization, but as virtual workloads increase, it is important to consider the benefits of going serverless.

As we know, many of the facets of the modern IT landscape – cloud computing, virtual machines, containers, etc. – have been developed to make deployments easier, scalable and simple to maintain.

In fact, most modern applications are built with a serverless-first strategy, with the intention being to prioritize the adoption of serverless services and increase agility through the application stack. The caveat is that when you are talking about business practices and workloads that must be compliant with an industry-specific requirement such as HIPAA, then it is critical to work with a company or cloud service provider that can alleviate any concerns.

What is Serverless Computing?

For most companies, there are two sides to a successful digital transformation.

On the one hand, you have a development team that is tasked with implementing a solution that solves business needs. At the same time, the ops team is working out what the required infrastructure will need for successful deployment, and importantly, how this will ensure that operations remain smooth and stable.

For the latter team, maintaining the stability of the operation is both an ongoing task and one that needs continuous monitoring. That maintenance is almost inevitably tied to servers.

Serverless computing refers to an architecture discipline that allows you to build and run applications or services without worrying about physical servers.

That is not to say there are no servers involved – far from it – but the physical hardware required to run the applications is not your concern. That financial commitment falls squarely on the shoulders of Amazon Web Services (AWS).

And while serverless computing is not new, there is little doubt that AWS is the glue that holds the entire ecosystem together. The global leader in managed and secure cloud services, the platform has taken the idea of legacy IT infrastructure and brought it into the 21st century.

For example, you can focus on your applications without worrying about provisioning, scaling, or managing any servers. In addition, you can use serverless architectures for nearly any type of application or backend service.

Serverless computing also means that when the application is not in use, no compute resources are allocated to it. From a financial standpoint, billing in this model is based on the number of resources consumed by the application.

In fact, this is a win-win for all concerned. Companies don’t have a monetary interest in physical servers, while developers are left to focus on implementing application as source code, configuration or containers without worrying about the required provisioning, scaling, security etc.

Taking the above into account, integrating serverless computing into your business optimization strategies means you can take advantage of:

  • Faster Time-to-Market – serverless computing eliminates operational overheads, so a team can release quickly, get feedback and iterate to get to market faster.
  • Low Cost – thanks to the Pay-Per-Use/Pay-Per-Value billing model, the customer does not need to pay for over-provision and the potential for idle infrastructure.
  • Scaling technology – that automatically scales from zero to peak demand means that unpredicted loads can be adapted to quickly.

When you think about the benefits of serverless computing through AWS, then it becomes clear that this solution is the one that offers the most value. Additionally, there are a plethora of use cases that can be applied and a host of services available throughout the stack. The AWS services include:


  • AWS Lambda
  • Amazon Fargate

Application Integration:

  • Amazon EventBridge
  • AWS Step Functions
  • Amazon SQS
  • Amazon SNS
  • Amazon API Gateway
  • AWS AppSync

Data Storage:

  • Amazon S3
  • Amazon DynamoDB
  • Amazon RDS proxy
  • Amazon Aurora Serverless

These services allow developers to work on the following serverless computing options:

Modern Web Apps

Code, build, and deploy scalable applications in a fully managed environment designed to help developers to succeed, with built-in security, autoscaling, and ops management for faster deployment.

Web APIs

Build scalable APIs in an environment built for developers to succeed. Developing REST APIs for web and mobile backends and manage the connection between different parts of the application and internal cloud services.

Data Processing Apps

A serverless computing environment manages the infrastructure needed by workloads to handle autoscaling, authorization, and event triggers. The pub/sub model of communication makes it easy to ingest and transform large amounts of data and build complex, scalable data pipelines while saving time on backend confusion.

Event Orchestration Apps

Automatically validate policies or configurations and perform other scripted automation using event triggers. Serverless computing products can listen to events from other clouds, handle webhooks and manage distributing events and workloads to other components. This built-in ability makes it straightforward for applications to handle complex event needs.

Serverless Computing in Healthcare

The pandemic-related events of 2020-21 have certainly changed how various industry sectors are thinking about digital transformation.

A recent survey by McKinsey said that COVID-19’s impact had accelerated digitalization to such an extent that some companies were reporting that their integration schedule had been brought forward by three to four years. According to McKinsey, this demonstrated an aggressive attitude to a required digital transformation, with healthcare proving to be one of the most eager industries for change.

As a result of the pandemic, the survey noted, companies had seen demonstrated value in digital investments, citing smooth operations, faster service and better customer experience as reasons why digital was the way forward.

If we take healthcare as the example, hospitals are introducing online appointment booking, tele-consultations (AKA tele-health), remote diagnosis, remote monitoring and the full-scale digitization of patient records, to name but a few. Insurance companies have also shifted to the digital world, with policy purchase, claim initiation, claim verification and approval – all available digitally.

Both sides of the healthcare coin – providers and insurance – need an effective digital strategy, especially when you factor in time-to-market, lowering costs and ROI.

However, when you are talking healthcare, you can’t ignore security and compliance. Any solution developed for this business sector must have these two pillars in mind, even more so when you factor in the requirements of the Health Insurance Portability and Accountability Act of 1996 – HIPAA.

Building for HIPAA

Back in March, we discussed how Apexon can help to deploy a HIPAA-compliant workload on the AWS Cloud – that blog post can be found here.

That deployment can also be achieved using AWS Serverless Services. As we noted in the use cases above, developers can integrate modern web apps, web APIs, data processing apps and event orchestration apps into a serverless environment. And while all the AWS services listed are HIPAA eligible, a full list of all services is here.

Now that we are familiar with the idea of serverless computing, we should take a few minutes to consider two healthcare and life science use cases built upon AWS Serverless Services and adherent to HIPPA Compliance.

1) Appointment Booking Application

Running HIPAA-compliant web applications on AWS is the most common use case in the healthcare industry. Healthcare providers are always looking for ways to build and run applications quickly. By making them scalable, cost-effective and reducing the reliance on infrastructure, companies can see the advantages from day one. The visual below is the reference architecture for an appointment booking application on AWS, complete with serverless services and HIPPA compliance.

appointment booking application on AWS with serverless services & HIPPA compliance
In this architecture, AWS CloudFront is used with S3 Origin to brings content closer to the end-user by caching it at Edge. This action also reduces cost and latency, while the application’s core business logic resides at the web APIs layer.

For this example, the web APIs required by client applications are deployed using API Gateway and AWS Lambda.

API Gateway takes care of creating, publishing, maintaining, monitoring, and securing APIs at any scale. In this case, API Gateway provides robust ways for traffic management, authorization and access control, monitoring, API version management, and the other tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls.

Finally, the core business logic is deployed on AWS Lambda, which allows this serverless architecture to scale up and down seamlessly with the incoming traffic.

2) Remote Patient Monitoring

One way that COVID-19 has impacted the healthcare sector was through an increased requirement for remote patient monitoring.

In this use case, smart health monitoring devices became a necessary part of patient care, albeit that these devices had to deal with the challenge of ingesting data at scale and processing that information in real-time to deliver urgent care to those infected.

In the visual below, you can see the reference architecture for a remote patient monitoring system on AWS, which (again) provides serverless services and HIPPA compliance.

remote patient monitoring system on AWS with serverless services & HIPPA compliance

For this architecture, medical devices are connected to the mobile application or hub devices. Data is sent to the IoT core and this information starts streaming data to Amazon Kinesis Streams. In this use case, Kinesis provides a scalable, highly available way to achieve loose coupling between data-producing (medical devices) and data-consuming (Lambda) layers.

Data transported via Kinesis is further processed by AWS Lambda and stored derived insights end up in Amazon DynamoDB. For the record, data from connected medical devices is also stored for historical analysis and pattern prediction. This processing is done using AWS Lambda, AWS Batch (AWS Fargate) and initially stored in AWS S3 before eventually arriving in AWS RedShift.

Caregivers are then able to access real time and historical data via a Web Application hosted with AWS S3 and CloudFront. This Web Application gets data through API Gateway and AWS Lambda, which allows thousands of medical devices to poll an API to check for calibration settings, firmware updates and so on. To make this possible, this API is backed by API Gateway and AWS Lambda to ensure high availability and scalability.

Why Serverless Works

As we have all seen in the last 12 months, being able to scale up your digital presence to deal with an unexpected situation is a critical part of business optimization.

Ironically, serverless does not literally mean that, rather there are servers being operated on the customer’s behalf. That is the beauty of a serverless model, it gives all the benefits of access to servers without the need to own hardware.

For healthcare and life sciences companies, there are an increasing number of use cases that can be built on AWS’ Serverless and fully managed services. This option provides decision makers with high availability, scaling and provisioning, while providing cost-effective maintenance and application hosting in the cloud. The fact that these services are HIPAA-eligible is just another reason why this makes for sound business sense.

Ultimately, healthcare has been ripe for digitalization for some time and the evolution of the connected society has made the shift even more important. Patient care has been moving towards digitalization for the last decade. The AWS cloud just brings it closer and makes the architecture required easier for developers to not only integrate into their digital projects but also ensure regulatory compliance.

To find out more about how Apexon can bring your cloud dreams to life, contact us today. Alternatively, fill out the form below and let us show you how we do cloud right.

Interested in our Cloud Services?

Contact Apexon +1 408-727-1100

By submitting this form, you agree that you have read and understand Apexon’s Terms and Conditions. You can opt-out of communications at any time. We respect your privacy.

By submitting this form, you agree that you have read and understand Apexon’s Terms and Conditions. You can opt-out of communications at any time. We respect your privacy.