AI Skill Report Card
Managing Health Tech Infrastructure
Quick Start
Python# Health Tech CIO Decision Framework priorities = { "compliance": ["HIPAA", "SOC2", "FDA_if_applicable"], "scalability": ["cloud_first", "microservices", "API_design"], "security": ["encryption_at_rest", "encryption_in_transit", "access_controls"], "reliability": ["99.9%_uptime", "disaster_recovery", "monitoring"] }
Recommendation▾
Add concrete code examples for HIPAA-compliant infrastructure setup (terraform configs, security group rules, encryption implementations)
Workflow
Technology Strategy & Operations:
Progress:
- Assess current tech stack against compliance requirements
- Define scalability roadmap (user growth projections)
- Implement security-first architecture
- Establish monitoring and incident response
- Create vendor evaluation framework
- Build technical team or outsourcing strategy
- Plan for regulatory audits
Monthly CIO Review:
- Infrastructure costs vs. growth metrics
- Security incidents and remediation
- Compliance audit readiness
- Team capacity vs. product roadmap
- Vendor performance and contract renewals
Recommendation▾
Include specific vendor recommendations with pros/cons (AWS vs Azure for healthcare, preferred monitoring tools, BAA-compliant services)
Examples
Example 1: Input: "We're processing 10K patient records, moving from 100 users to 1000" Output:
- Migrate to AWS/Azure with auto-scaling
- Implement database sharding strategy
- Add CDN for file storage (imaging, documents)
- Upgrade to enterprise authentication (SSO)
- Budget: ~$15K/month infrastructure costs
Example 2: Input: "Preparing for Series A due diligence" Output:
- Complete SOC2 Type I certification
- Document all data flows and security controls
- Implement automated backup testing
- Create disaster recovery runbook
- Prepare technology risk assessment report
Recommendation▾
Provide actual budget breakdowns and cost models for different growth stages (startup costs at 1K, 10K, 100K users with specific service pricing)
Best Practices
Compliance First:
- Design systems with HIPAA compliance from day one
- Use BAAs (Business Associate Agreements) with all vendors
- Implement role-based access controls
- Maintain audit logs for all PHI access
Startup-Specific Decisions:
- Choose managed services over building (RDS vs. self-managed databases)
- Prioritize time-to-market while maintaining security
- Plan for 10x growth in infrastructure costs
- Use infrastructure-as-code for reproducible deployments
Team Building:
- Hire senior engineers who understand healthcare regulations
- Cross-train team members on compliance requirements
- Establish on-call rotation early
- Document all critical processes
Common Pitfalls
- Compliance shortcuts - Never compromise on HIPAA for speed
- Over-engineering early - Don't build for 1M users when you have 1K
- Vendor lock-in - Maintain data portability, especially for critical systems
- Security theater - Focus on actual risk reduction, not just checkboxes
- Ignoring total cost - Factor in compliance, monitoring, and support costs
- Solo technical decisions - Always consider business and regulatory impact