EHR Healthcare is a leading provider of electronic health record software to the medical industry.
EHR Healthcare provides their software as a service to multi- national medical offices, hospitals, and insurance providers.
Solution concept - Due to rapid changes in the healthcare and insurance industry, EHR Healthcare's business has been growing exponentially year over year.
They need to be able to scale their environment, adapt their disaster recovery plan, and roll out new continuous deployment capabilities to update their software at a fast pace.
Google Cloud has been chosen to replace their current colocation facilities.
Existing technical environment - EHR's software is currently hosted in multiple colocation facilities.
The lease on one of the data centers is about to expire.
Customer-facing applications are web-based, and many have recently been containerized to run on a group of Kubernetes clusters.
Data is stored in a mixture of relational and NoSQL databases (MySQL, MS SQL Server, Redis, and MongoDB)
EHR is hosting several legacy file- and API-based integrations with insurance providers on-premises.
These systems are scheduled to be replaced over the next several years.
There is no plan to upgrade or move these systems at the current time.
Users are managed via Microsoft Active Directory.
Monitoring is currently being done via various open source tools.
Alerts are sent via email and are often ignored.
Business requirements - On-board new insurance providers as quickly as possible.
Provide a minimum 99.9% availability for all customer-facing systems.
Provide centralized visibility and proactive action on system performance and usage.
Increase ability to provide insights into healthcare trends.
Reduce latency to all customers.
Maintain regulatory compliance.
Decrease infrastructure administration costs.
Make predictions and generate reports on industry trends based on provider data.
Technical requirements - Maintain legacy interfaces to insurance providers with connectivity to both on-premises systems and cloud providers.
Provide a consistent way to manage customer-facing applications that are container-based.
Provide a secure and high-performance connection between on-premises systems and Google Cloud.
Provide consistent logging, log retention, monitoring, and alerting capabilities.
Maintain and manage multiple container-based environments.
Dynamically scale and provision new environments.
Create interfaces to ingest and process data from new providers.
Executive statement -
Click on the arrows to vote for the correct answer
A. B. C. D. E.BD.
The business requirements of EHR Healthcare are to scale their environment, adapt their disaster recovery plan, and roll out new continuous deployment capabilities. Google Cloud has been chosen to replace their current colocation facilities, and the existing technical environment is hosted in multiple colocation facilities. The lease on one of the data centers is about to expire, and customer-facing applications are web-based, and many have recently been containerized to run on a group of Kubernetes clusters. Data is stored in a mixture of relational and NoSQL databases. EHR is hosting several legacy file- and API-based integrations with insurance providers on-premises.
Based on the given scenario and requirements, option B is the best answer. Advising EHR to execute a Business Associate Agreement (BAA) with Google Cloud ensures regulatory compliance, which is a business requirement. A BAA is required by HIPAA regulations when a covered entity engages with a business associate to perform services that involve the use or disclosure of protected health information (PHI). Google Cloud is HIPAA-compliant, and signing a BAA with Google Cloud ensures that EHR's PHI is protected while using Google Cloud's services.
Option A is incorrect because it only verifies EHR's product usage against the list of compliant products on the Google Cloud compliance page, but it does not ensure regulatory compliance or address any other business requirements.
Option C is incorrect because Firebase Authentication is used for mobile and web applications, not for user-facing applications that are web-based. Moreover, Firebase Authentication does not ensure regulatory compliance or address any other business requirements.
Option D is incorrect because although Prometheus is a monitoring and alerting toolkit, it does not detect and prevent security breaches on EHR's web-based applications, and it does not address any other business requirements.
Option E is incorrect because although GKE private clusters are a secure way to run Kubernetes workloads, it does not ensure regulatory compliance, provide centralized visibility and proactive action on system performance and usage, provide consistent logging, log retention, monitoring, and alerting capabilities, or address any other business requirements.