HIPAA Vault achieves cost-effective business continuity / disaster recovery on Google Cloud

Ever since the launch of smartphone app stores, the possibilities of what users can do with their devices seems endless. Apps subject to regulations, such as HIPAA compliance, now have joined in. 

“One of our clients, Akos, has developed an app where doctors communicate directly with patients, sharing their medical records on the app,” says Gil Vidals, CEO of HIPAA Vault, a provider of HIPAA-compliant hosting that ensures the privacy of patients’ Protected Health Information. “They can share X-rays and exchange messages about treatment; the app is an integrated communications platform. We also host straightforward doctor scheduling apps. We can host any app that must run in a HIPAA-compliant environment in the cloud.”

Additionally, HIPAA Vault works with systems integrators to provide HIPAA-compliant solutions for third parties, including state level Medicare/Medicaid eligibility websites. They also collaborate directly with healthcare solution providers like Intuitive Surgical. As a HIPAA specialist, HIPAA Vault has built HIPAA-compliant hosting solutions for these customers, sometimes in as few as 45 days, implementing infrastructure no one thought possible.

Business challenge

With a private data center, HIPAA Vault has to lease servers, rent rackspace, and arrange for security. For disaster recovery and business continuity, they must provision a second facility to duplicate and store backup data. This means paying twice for the same data.

“We were motivated to move from a private data center because we needed better disaster recovery and business continuity,” says Vidals. “If you have your own data center and something happens to it, what can you do? The standard solution for business continuity and disaster recovery usually has been to construct and outfit a second data center where you backup your data.”

For small- and medium-sized businesses, such as HIPAA Vault, a duplicate data center poses a prohibitive cost. “Plus, our clients don’t want to pay double,” says Vidals. “We’d literally have to double their bills for business continuity and disaster recovery.” 

As their business continued to grow, HIPAA Vault felt the challenge increasing. “How do we offer a solution where if something goes down, we wouldn’t be able to recover?” asks Vidals. “If the sprinklers go off in the data center and drench our equipment, we’re toast. Once the business is a certain size, you begin to worry about those things.”

Additionally, HIPAA Vault ran VMware in their data centers, which wasn’t a flexible technology for operations such as backing up to remote locations. The process was manual and time consuming. “Part of business continuity/disaster recovery is actually making backups and dealing with management overhead; it takes forever,” says Vidals. “If you back up a system to a remote data center over the internet, kick back and watch some movies–it could take 10 hours.”

Solution

Realizing the limitations of their data centers for existing clients, HIPAA Vault began to establish service for new clients on Google Cloud. As a new customer on Google Cloud, HIPAA Vault was looking for an adviser with broad experience on the platform. Google Cloud recommended that HIPAA Vault work with SADA, Google Cloud’s three-time Reseller Partner of the Year.

Google Cloud said SADA was one of their top resellers and they have the expertise to consult with us on our architectural options, discuss our operational challenges, and more. That’s worked out great as SADA supported us on our Google Cloud journey, answering our questions along the way. 

Gil Vidals | CEO of HIPAA Vault

After being limited by on-prem technology, HIPAA Vault looked forward to the plethora of cloud alternatives. SADA showed them how right their choice was. “Now we can access resources at SADA and get help,” says Vidals. “We wanted to do something highly technical in the public cloud, and SADA helped us with Google Cloud’s trove of services, none of which are available in a private data center running VMware. Now we have very cool tools and leverageable technology that we didn’t have in VMware.”

After moving from VMware to Google Cloud, HIPAA Vault has multiple ways to recover systems if their data center were destroyed. For example, HIPAA Vault uses persistent disk snapshots to periodically back up their data from zonal or regional persistent disks. In case of calamity, HIPAA Vault can restore their backup data to a new Compute instance within the same or a different Google Cloud region. 

“Because snapshots are a global resource, we can create a new instance in any Google Cloud data center,” says Vidals. “If an earthquake takes out the California data center or a flood inundates the Oregon data center, we can go to Iowa and create a new Compute instance and recover all our data from the snapshot. Snapshots are available everywhere. It doesn’t matter where we are, we can always reach our snapshot.”

Additionally, HIPAA Vault can now fully automate their deployment, back up, and recovery of data with Google Cloud. “Using Google Cloud CLI, we can automate orchestration instead of clicking in a GUI,” says Vidals. “Our engineers think Google CLI is very cool. They can do everything in Google Cloud without a GUI. If they know how, they can accomplish their task in Google Cloud CLI with two line commands instead of 100 clicks. It’s a superior user experience to moving browser tabs around.”

Results

After working with SADA and Google Cloud, HIPAA Vault has successfully transitioned from an on-prem to a cloud business model that offers a variety of HIPAA hosting solutions, such as HIPAA WordPress. When they were operating on-premises, HIPAA Vault had to capitalize leasing expenses (capex) for their equipment, resulting in large periodic charges on their balance sheet. Since moving to Google Cloud, HIPAA Vault can smooth out their cost flow by switching to an operating expense (opex) methodology to pay for their cloud consumption.

Moving to Google Cloud allowed us to change from capex to opex. We’re not capitalizing equipment leases and amortizing all that financial burden; we just pay our Google Cloud bill every month. From a financial perspective, a capex-to-opex change is important because it helps us leverage the company’s finances to be able to continue growing. After unshackling ourselves from the capex ceiling, we were able to grow the business to 10 times its previous size.

Gil Vidals | CEO of HIPAA Vault

With better business continuity and disaster recovery capabilities that decrease data backup and restoration times and improve cost effectiveness, HIPAA Vault anticipates exploiting Google Cloud more in the future. “We know how to deploy HIPAA-compliant hosting solutions in Google Cloud, but we can get better if we keep exploring, trying, and testing,” says Vidals. “We have the whole host of Google Cloud security tools, APIs, and services laid out before us. If we’re smart, we’ll begin leveraging those.”