Cloud303 Spurs Taproot’s Leap to Next-Gen Cancer Research



  • 3 October 2023
Share this post
AWS Funding Secured by Cloud303
  • Well-Architected
  • Migration Acceleration Program 2.0

About the Customer

Taproot Health is building a new generation of real-world data. Their prospective, regulatory-grade data fill a missing research gap, bridging the current efforts of others and providing a more comprehensive picture of cancer patients. These data are needed by all stakeholders to advance cancer care.

Executive Summary

Taproot is a company dedicated to advancing cancer research. They partner with patients, clinics, researchers, and businesses to collect data and build a model that necessary to make advancements in the field.

One of the biggest issues facing cancer research is small or incomplete data sets. To address this issue, Taproot collects regulatory-grade data from community and and academic centers all over the country in combination with complete patient data and outcomes that are linked to biomarker data to provide a complete dataset picture of care.

Cancer is a huge issue to tackle and is difficult for any one group or company to solve. In order to provide unity amongst researchers Taproot strives to connect and share all data that can be used in the development of cures and help finance further research to improve patient care.

The Challenge

Taproot came to Cloud303 - an AWS Premier Consulting Partner - needing a net new workload deployed. Taproot was running into huge hurdles finding off-the-shelf solutions to cater to the needs of their multi-faceted, highly customized EHR application, which included a myriad of technologies encompassing in the areas of Application Development, Product Development, AI and Machine Learning, Customized ERP solutions, Application Integration, Technology Consulting, Project Management and Quality Assurance Consulting. After a successful Well-Architected Review with Cloud303, with a focus on HIPAA-compliance and scalability, Taproot was convinced that AWS had all the services needed to host their architecture.

Why Cloud303?

  • Automation Expertise Cloud303 excels in automating tedious and complex tasks, making development and operations more efficient. Our expertise in CI/CD pipelines, Infrastructure as Code, containerization and automated testing ensures a faster time-to-market and more robust DevOps strategy.
  • Scalability and Performance With a deep understanding of microservices, containerization, and orchestration, Cloud303 provides scalable solutions that can handle varying workloads without sacrificing performance, ensuring that your systems can handle future demands.
  • Collaboration and Culture Recognizing that DevOps is as much about people and culture as it is about tools and processes, Cloud303 helps foster a culture of collaboration between development and operations teams to facilitate better teamwork and collective ownership of projects.
  • Proven Track Record Cloud303 has a strong history of successful partnerships within the Microsoft industry. Our commitment to excellence, reliability, and client-focused solutions have made us a trusted partner.

Engagement Overview

Cloud303's engagements follow a streamlined five-phase lifecycle: Requirements, Design, Implementation, Testing, and Maintenance. Initially, a comprehensive assessment is conducted through a Well-Architected Review to identify client needs. This is followed by a scoping call to fine-tune the architectural design, upon which a Statement of Work (SoW) is agreed and signed.

The implementation phase kicks in next, closely adhering to the approved designs. Rigorous testing ensures that all components meet the client's specifications and industry standards. Finally, clients have the option to either manage the deployed solutions themselves or to enroll in Cloud303's Managed Services for ongoing maintenance, an option many choose due to their high satisfaction with the services provided.

The Solution

Patients log in and enter data into Taproot's Electronic Data Capture (EDC) and Electronic Health Records (EHR) application, which is hosted in containers powered by Amazon Elastic Compute Cloud (EC2) instances on Amazon Elastic Container Service (ECS).

All the cancer/clinical research data is stored in a three-pronged MongoDB cluster hosted on EC2 instances, with replica sets spanning multi-AZs. Route 53 is used to manage Taproot's DNS. Taproot's CICD pipeline is orchestrated by AWS CodePipeline and AWS CodeBuild, with the codebase being version controlled using GitHub.

AWS Config rules are configured according to AWS' Operational Best Practices for HIPAA Security. Amazon CloudWatch alarms and AWS CloudTrail logs storage are also configured to be HIPAA-compliant.

Cloud303 scoped out the project and optimized the EHR platform by configuring compute-optimized c5.2xlarge EC2 instances to power the Docker containers running in Amazon ECS. The workload was spread in private subnets over multiple availability zones in an Auto Scaling Group behind an Application Load Balancer in the North Virginia region for high availability.

The development pipeline was orchestrated using AWS CodePipeline, with AWS CodeBuild and AWS CodeCommit which integrated perfectly with GitHub as the version control system. Cloud303 built the Docker image and pushed this image to an Amazon Elastic Container Registry (ECR), and then deployed it to ECS on EC2.

All testing of the application's backend was conducted in a development environment. Topic branches based off the main branch were used for feature and bug fixes. These feature branches isolate work in progress from the completed work in the main branch.

With autoscaling configured with a step scaling policy triggered by Amazon CloudWatch metrics, the ECS containers were powered by c5.2xlarge instances spread across two AZs during the development phase as a proof of concept (PoC) in the Dev account. The containers were set up to scale horizontally if CPU utilization exceeds 80%, and to scale in if CPU utilization falls below 60%. Following three months of monitoring, it was decided to scale the workload in the production environment to match demand, with the minimum and desired number of instances set at five and the maximum number set to twelve. Utilizing native right-sizing and cost-optimization capabilities from AWS, this was accomplished.

To achieve the best possible outcome in this regard, ECS cluster auto scaling (CAS) was enabled to provide more control over the scaling of the EC2 instances within the cluster, with the ECS Service configured to send metrics to CloudWatch, which triggers an alarm to add more tasks in the ECS Service, with the capacity provider set up to target the autoscaling group, using the CapacityProviderReservation metric.

The entire infrastructure was encrypted at-rest and in-transit using AWS Key Mangement service (KMS) with automated annual key rotation in order to comply with HIPAA regulations.

Engineer Quote

Taproot Health's focus on advancing cancer research is inspiring, and it required a backend architecture that matched its ambition. We meticulously architected a HIPAA-compliant, scalable, and high-availability solution on AWS. Now, Taproot doesn't have to focus on infrastructure hurdles, but can continue their vital work with the peace of mind that their data is secure, compliant, and readily available.

Sujaiy Shivakumar Co-founder/CTO, Cloud303


Cloud303 built a resilient, scalable, highly available backend architecture for Taproot's EDC/EHR application. Through the use of AWS' conformance packs, the application was able to be built robustly, while conforming to HIPAA requirements.

Taproot's business has benefited greatly from running their containerized workload on AWS. They are set up to save their logs for the required six years under HIPAA, both at the application level and the account level. Additionally, end-to-end encryption is featured both in transit and at rest.

Taproot now has considerably more control over the resources they are using when compared to their prior application hosted using a managed provider. As a result, Taproot no longer has trouble controlling their infrastructure and adjusting security settings when necessary.

Through the use of AWS' conformance packs, the application was able to be built robustly, while conforming to HIPAA requirements.