A highly secure and compliant payment platform on AWS for Whitecoat
- Familiar, mobile based app that reduces processes for consumers of healthcare services
- Secure application, best-practice security architecture, PCI and IRAP compliant, preserves consumer privacy
- Adds value for health care practitioners by providing a more efficient fee-processing and rebate-claim service
Whitecoat is Australia’s most comprehensive online health practitioner directory and customer review website.
Launched in 2013, Whitecoat provides services for Australians to search and compare health care providers to allow them to make better and more informed choices when selecting health care providers.
Its network of healthcare professionals has grown to over 210,000 Australia-wide across 40 different provider types and its goal is to become the largest directory of its type in the world.
Whitecoat identified an opportunity in the healthcare industry to develop a new payment product that could process claim and benefit refunds in a single transaction for consumers, and in real-time for the health care providers.
This application would disrupt the status quo, which generally required a dual process of claiming each refund separately at the point of service with traditional swipe membership cards.
Mobile-based, it would integrate a single platform for payment of approvals and claims with Whitecoat’s existing offering of moderated reviews on providers, cost estimates and appointment bookings.
The project scope was complex, in particular due to significant industry and government security requirements.
Whitecoat began developing the application functionality, but recognised it needed specialist assistance to create a highly secure, scalable platform.
It was vital that the platform, payment provider solution and complete operating environment adhered with compliance requirements – in particular PCI DSS and the Australian Federal Government IRAP.
This presented a continuous compliance challenge of adhering with over 1000 controls while maintaining the scalability and agility benefits of an AWS environment.
CMD Solutions was engaged to build and configure Whitecoat’s AWS platform to align with industry best practice architecture and facilitate the enablement of the platform.
The project focused on providing an efficient, scalable and secure AWS platform to support the Whitecoat payment platform while also putting the necessary controls and procedures in place for continuous security compliance.
Infrastructure As Code DevOps methods were used to create infrastructure and application deployment pipelines that included the security controls needed to underpin Whitecoat’s client data.
The ‘security-first’ approach encouraged a security by design philosophy and security controls were built into every layer of the solution within each environment.
The project utilised AWS to build a multi account, multi VPC defence in depth environment. An encrypt everywhere mantra is achieved using KMS and TLS to secure data at rest and in-flight.
AWS IAM provides the backbone of identity management and is integral in maintaining a least privilege access policy.
Hardened operating system images that include a range of necessary security controls are used within deployment pipelines that support zero downtime blue green release patterns with a highly resilient architecture.
The product developed by Whitecoat, CommBank Health Claim, was announced in October 2018 and became available for consumers in February 2019.
This progressive product was made possible by leveraging the AWS technology and using innovative ways of providing elasticity and efficiency while maintaining a strong continuous compliance posture.