Serverless API Integration for Healthcare Startup

At AMJ Cloud Technologies, we partnered with HealthWave, a healthcare startup, to design and deploy a serverless API solution that streamlined patient data access and appointment scheduling. By leveraging AWS API Gateway and Lambda, we delivered a secure, scalable, and cost-effective platform that empowered the startup to focus on innovation while ensuring HIPAA compliance.

Situation

HealthWave needed a robust and scalable API to handle patient data retrieval and appointment scheduling for their mobile and web applications. The system required HIPAA compliance, cost efficiency to fit their startup budget, and the ability to handle traffic spikes during peak usage times, such as flu season. Lacking in-house cloud expertise, they sought a solution with minimal operational overhead, high availability, and low latency.

Task

Our goal was to design and implement a serverless API using AWS API Gateway and Lambda, supporting GET methods for patient data retrieval and POST methods for appointment scheduling. The solution needed to integrate with Amazon DynamoDB for data persistence, incorporate security measures (IAM roles, API key authentication, request validation), and be deployed using AWS CloudFormation for reproducibility. Key objectives included:

• Achieve 60% cost savings compared to traditional solutions.
• Ensure sub-100ms latency for 10,000 concurrent requests.
• Meet HIPAA compliance through robust security.
• Reduce infrastructure management time by 95%.
• Complete the project within three months.

Action

To meet HealthWave’s requirements, we took the following actions:

1. Architecture Design:

   • Designed a serverless architecture with AWS API Gateway for HTTP requests and AWS Lambda for processing logic, eliminating server management.
   • Selected Amazon DynamoDB for its scalability and low-latency data access, storing patient profiles and appointment records.
   • Integrated AWS CloudWatch for monitoring, AWS IAM for access control, AWS WAF for API security, and Amazon SNS for patient notifications.
   • Deployed the API to a custom domain (api.healthwave.io) using Amazon Route 53.

2. API Gateway Configuration:

   • GET Method: Configured /patient/{id} to retrieve patient data via Lambda proxy integration, querying DynamoDB by patient ID.
   • POST Method: Set up /appointment to handle scheduling, validating JSON payloads with API Gateway’s request validation.
   • Enabled API key authentication and throttling to secure and manage traffic.
   • Deployed to a “Prod” stage for production use.

3. Lambda Function Development:

   • GET Lambda Function (Python): Parsed the patient ID from the event, queried DynamoDB using boto3, and returned JSON responses with error handling.

     import json
     import boto3
     from botocore.exceptions import ClientError
      
     dynamodb = boto3.resource('dynamodb')
     table = dynamodb.Table('PatientData')
      
     def lambda_handler(event, context):
         try:
             patient_id = event['pathParameters']['id']
             response = table.get_item(Key={'PatientID': patient_id})
             if 'Item' in response:
                 return {
                     'statusCode': 200,
                     'body': json.dumps(response['Item'])
                 }
             else:
                 return {
                     'statusCode': 404,
                     'body': json.dumps({'message': 'Patient not found'})
                 }
         except ClientError as e:
             return {
                 'statusCode': 500,
                 'body': json.dumps({'message': 'Internal server error'})
             }

   • POST Lambda Function (Python): Validated JSON payloads, stored appointments in DynamoDB, and sent email notifications via SNS.

     import json
     import boto3
     from botocore.exceptions import ClientError
      
     dynamodb = boto3.resource('dynamodb')
     sns = boto3.client('sns')
     table = dynamodb.Table('Appointments')
      
     def lambda_handler(event, context):
         try:
             body = json.loads(event['body'])
             appointment = {
                 'AppointmentID': body['appointment_id'],
                 'PatientID': body['patient_id'],
                 'Time': body['time']
             }
             table.put_item(Item=appointment)
             sns.publish(
                 TopicArn='arn:aws:sns:us-east-1:123456789012:AppointmentNotifications',
                 Message=f"Appointment scheduled for {body['patient_id']} at {body['time']}"
             )
             return {
                 'statusCode': 200,
                 'body': json.dumps({'message': 'Appointment scheduled successfully'})
             }
         except (ClientError, KeyError) as e:
             return {
                 'statusCode': 400,
                 'body': json.dumps({'message': 'Invalid request'})
             }

4. Security Implementation:

   • Configured IAM roles with least privilege, limiting Lambda access to DynamoDB and SNS.
   • Enabled encryption at rest for DynamoDB and in transit for API Gateway using TLS 1.2.
   • Used AWS WAF to block malicious requests and API Gateway request validation for payload integrity, ensuring HIPAA compliance.

5. Infrastructure as Code (IaC):

   • Deployed the stack using AWS CloudFormation, defining API Gateway, Lambda, DynamoDB, IAM, and CloudWatch resources.

   • Stored templates in an S3 bucket and integrated with AWS CodePipeline for automated deployments.

     Resources:
       PatientDataTable:
         Type: AWS::DynamoDB::Table
         Properties:
           TableName: PatientData
           AttributeDefinitions:
             - AttributeName: PatientID
               AttributeType: S
           KeySchema:
             - AttributeName: PatientID
               KeyType: HASH
           BillingMode: PAY_PER_REQUEST

6. Monitoring and Optimization:

   • Set up CloudWatch dashboards for API latency, error rates, and Lambda invocations.
   • Configured DynamoDB auto-scaling and Lambda concurrency limits for cost control.
   • Conducted load testing with Artillery to optimize Lambda memory allocation.

Result

The serverless API solution delivered transformative outcomes for HealthWave:

• 60% Cost Reduction: Serverless pricing and auto-scaling saved 60% compared to EC2-based solutions.
• Sub-100ms Latency: Handled 10,000 concurrent requests with low latency, ensuring seamless user experiences.
• HIPAA Compliance: Encryption, IAM, and WAF secured patient data, earning regulatory approval.
• 95% Operational Time Reduction: Eliminated server management, freeing the team for product development.
• 25% User Growth: Enabled telehealth analytics expansion, driving user growth.

This project highlights AMJ Cloud Technologies’ expertise in delivering secure, scalable, and cost-effective cloud solutions for healthcare startups.

Technologies Used

• AWS API Gateway: Managed HTTP requests.
• AWS Lambda: Processed serverless logic.
• Amazon DynamoDB: Stored scalable data.
• AWS CloudFormation: Automated infrastructure.
• AWS CloudWatch: Monitored performance.
• AWS IAM: Secured access.
• AWS WAF: Protected APIs.
• Amazon SNS: Sent notifications.
• Amazon Route 53: Managed DNS.

Key Takeaways

This project demonstrated the power of serverless architectures in healthcare, enabling cost efficiency, scalability, and compliance. AMJ Cloud Technologies continues to empower startups with innovative cloud solutions.

Architectural Diagram