A secure, certified environment
Now, a hosted private cloud in a Sungard AS data centre provides the dedicated performance, high availability and tight security P3 needs. Cloud pricing keeps costs in line as the company grows and adds more services.
Nearly 400 employees spread across four states connect to applications and data in the cloud, comprising hundreds of Windows-based servers running in a VMware environment.
The physical and virtual security features of a Sungard AS data centre elevate P3’s security posture. Multiple layers of firewalls within the private cloud infrastructure further fortify protection, readying P3 for safeguarding patient data, even amidst increasing threats.
“With COVID, the U.S. healthcare industry has become a prime target,” says Goodey, noting the ransomware warnings issued by the FBI, Homeland Security and other government entities near the end of 2019. “If you have an open network with no firewalls between, you open yourself up to a lot of damage. With separate firewalls between each virtual network, the Sungard AS environment enabled us to be more proactive about our protection.”
Each year, P3’s environment receives certification from the Health Information Trust Alliance (HITRUST).
“For us, having a relationship with Sungard AS has been key to receiving certification. A lot of the security controls we need actually fall under their umbrella, such as maintaining backups, encryption and firewall rules,” Goodey says.
"Being able to have infrastructure provided to us as a service alleviates us from the burden of having to maintain security controls ourselves.”
A managed, tested and resilient connected cloud
To let P3 staff attend to other priorities, Sungard AS manages the hardware infrastructure, up to and including the operating system, as well as patches and updates. For uninterrupted access, Sungard AS backs up critical systems hourly, while others are backed up nightly. The full environment, including the eight terabytes of medical records, is backed up weekly.
A web portal provides visibility and control into the infrastructure. Goodey receives daily performance and backup reports but can also access the portal to create other reports or to submit tickets and changes that need to be made.
P3 also takes advantage of disaster recovery services from Sungard AS. While the primary data centre is in Aurora, Colo., data replicates to a geographically separated secondary data centre in Philadelphia, Pa. This solution is covered by a Recovery Time Objective (RTO) of 8 hours, with a Recovery Point Objective (RPO) of 4 hours.
“The ability to have fully redundant systems replicated in real time, and all within the Sungard AS infrastructure, is a huge benefit for us,” Goodey says, adding the importance of annual testing.
"Testing gives us a better understanding of how long we really need to access the environment, from start to finish,” he continues. “You have your SLAs (service level agreements), but to actually go through the recovery process is different. It helps us set expectations about what needs to be done before the environment is fully available to us.”