Customer Overview
Regional Health Network (RHN) operates a network of clinics, urgent care centers, and specialty practices across the Midwest. With over 300,000 patient encounters annually, their digital infrastructure handles sensitive health information subject to strict HIPAA regulations.
RHN's AWS environment supports their electronic health records (EHR) integration, patient portal, telehealth platform, and administrative systems. Security and compliance are non-negotiable—but that doesn't mean cost optimization is impossible.
The Challenge
The Compliance Constraint
Healthcare organizations face unique challenges when optimizing cloud costs:
Change control requirements: Every infrastructure modification requires documentation, approval, and audit trails. "Quick wins" take weeks, not days.
Zero tolerance for downtime: Patient care systems cannot have performance degradation. Risk tolerance for optimization is near zero.
Data residency rules: Patient data must remain in specific regions. Multi-region optimization strategies may not apply.
Audit readiness: Any optimization must maintain—or improve—compliance posture. Cutting corners is not an option.
The Business Pressure
Despite these constraints, RHN faced mounting pressure:
- AWS spend had grown 45% year-over-year
- Healthcare reimbursements were declining
- The board demanded cost discipline across all departments
- IT budget was under scrutiny as a "cost center"
"We needed to reduce costs, but we couldn't compromise on security or compliance. Every recommendation had to pass our security review before implementation. That ruled out most off-the-shelf optimization advice."
— CISO, Regional Health Network
Previous Attempts
RHN had tried optimizing before with limited success:
- Generic consulting engagement: Recommendations ignored healthcare-specific constraints
- AWS Cost Explorer: Useful for visibility but didn't provide actionable guidance
- Internal initiative: IT team lacked time and expertise to properly analyze
The Solution
A Different Approach
We recognized that healthcare optimization requires a different playbook. Our engagement focused on:
- Understanding constraints first: Before recommending any changes, we mapped compliance requirements, change control processes, and risk tolerance
- Security review integration: Every recommendation included security implications for their review team
- Documentation support: We provided change documentation in their required format
- Conservative implementation: Smaller changes, more validation, slower rollout
Assessment Findings
Our scanner identified $520,000 in potential annual savings. However, not all savings were immediately actionable:
| Category | Annual Opportunity | Implementation Complexity |
|---|---|---|
| Idle non-PHI instances | $48,000 | Low |
| Oversized databases | $180,000 | Medium |
| Reserved Instance gaps | $240,000 | Low |
| Orphaned storage | $32,000 | Low |
| Architectural optimization | $120,000+ | High |
Immediately actionable: $300,000 without significant change control burden
Implementation Strategy
Phase 1: Quick Wins (Month 1)
Focus on changes that don't touch PHI systems:
- Development and staging environments (non-PHI)
- Administrative systems (HR, finance)
- Orphaned resources with no data classification
These changes followed standard IT change management rather than clinical system protocols.
Results: $80,000 annual savings achieved in 4 weeks
Phase 2: Compute Optimization (Month 2-3)
For production systems containing PHI:
- Detailed analysis: 30 days of performance data collection
- Security review: Each recommendation vetted by CISO team
- Change documentation: Full RFC (Request for Change) packages
- Staged implementation: One system at a time with extended monitoring
We right-sized 23 EC2 instances supporting clinical applications. Average utilization improved from 18% to 45% with no performance impact.
Results: $96,000 additional annual savings
Phase 3: Database Optimization (Month 4-5)
RDS instances are often the largest cost drivers—and the most sensitive to change:
- Performance Insights analysis: Identified queries, not just utilization
- Read replica optimization: Right-sized replicas independent of primary
- Storage optimization: Converted to gp3 with appropriate IOPS
- Reserved Instance planning: 1-year commitments for stable workloads
Results: $72,000 additional annual savings
Phase 4: Commitment Optimization (Ongoing)
With right-sizing complete, we implemented a RI/Savings Plan strategy:
- Compute Savings Plans for variable workloads (flexibility for growth)
- Reserved Instances for known, stable databases (maximum discount)
- On-demand for development and testing (no commitment needed)
Coverage: Increased from 22% to 68%
Compliance Throughout
Every optimization was validated against HIPAA requirements:
| Control | Before | After | Status |
|---|---|---|---|
| Encryption at rest | Yes | Yes | Maintained |
| Encryption in transit | Yes | Yes | Maintained |
| Access logging | Enabled | Enhanced | Improved |
| Backup retention | 7 days | 30 days | Improved |
| MFA enforcement | Partial | Complete | Improved |
The optimization process actually improved their compliance posture by standardizing configurations and removing legacy resources that complicated audits.
The Results
Financial Impact
| Metric | Before | After | Annual Impact |
|---|---|---|---|
| Monthly AWS spend | $43,000 | $30,000 | $156,000 saved |
| RI/SP coverage | 22% | 68% | Locked in savings |
| Cost predictability | ±20% | ±5% | Better budgeting |
Compliance Impact
- Zero compliance findings in subsequent HIPAA audit
- Improved documentation for all AWS resources
- Cleaner inventory with proper data classification
- Enhanced logging and monitoring capabilities
Operational Impact
- Reduced complexity (fewer idle resources to manage)
- Better performance visibility (CloudWatch Agent deployed)
- Standardized tagging (enabled cost allocation by department)
- Improved disaster recovery (cleanup revealed gaps in backup coverage)
Customer Perspective
"What set Sentasity apart was their patience with our process. They understood that healthcare can't move as fast as a startup. They worked within our change control requirements and provided documentation that satisfied our auditors. The savings were significant, but maintaining compliance was the real win."
— CIO, Regional Health Network
"I was skeptical that we could optimize significantly given our constraints. They proved me wrong—not by cutting corners, but by being thorough enough to find opportunities I didn't know existed. Our security posture actually improved."
— CISO, Regional Health Network
Lessons for Healthcare Organizations
What Worked
- Starting with non-PHI systems: Built confidence before touching clinical workloads
- Security partnership: CISO team was involved from day one
- Documentation-first approach: Every change had an audit trail
- Patient rollout: One system at a time with extended monitoring
Key Recommendations
For healthcare organizations considering optimization:
- Don't assume compliance prevents optimization: It just requires a different approach
- Engage security early: Make them partners, not gatekeepers
- Document everything: Audit readiness improves with good documentation
- Start with development: Quick wins build organizational confidence
- Consider managed billing: Ongoing expertise maintains optimization over time
Healthcare-Specific Optimization
Optimizing healthcare workloads requires understanding HIPAA, change control, and clinical system requirements. Our team has experience with healthcare organizations of all sizes.
Start your free scan to see your optimization opportunities. We'll work within your compliance requirements to deliver meaningful savings.
Or schedule a call to discuss healthcare-specific optimization strategies.
