Building a Better Web
June 19–20, 2017: Training
June 20–22, 2017: Tutorials & Conference
San Jose, CA

Building a serverless electronic health record system from scratch

Ruthie Nachmany (Warby Parker)
4:25pm–5:05pm Thursday, June 22, 2017
Web Services and APIs
Location: 212 A/B Level: Intermediate
Secondary topics:  Case studies and comparisons, Microservices, Third parties
Average rating: ***..
(3.50, 2 ratings)

Who is this presentation for?

  • Software engineers, architects, and product managers

Prerequisite knowledge

  • Experience with AWS and basic familiarity with serverless architecture (useful but not required)

What you'll learn

  • Learn what to consider before building a serverless web application

Description

Warby Parker recently built an electronic health record system for its optometrists to use to conduct and store their eye exams. The company used this project as an opportunity to explore building a serverless web application on AWS. Ruthie Nachmany explores why Warby Parker decided to build its own electronic health record system and why it wanted to explore serverless architecture for this project. The project required easy extensibility, which enabled the team to easily add and monitor granular permissions, build a secure and eventually HIPAA-compliant data storage, and create something that provided a better solution than an out-of-the-box option. Ruthie shares details of the system’s implementation, challenges faced, and lessons learned along the way.

Topics include:

  • Authentication: Warby Parker uses Okta as an active directory service and Duo as a two-factor solution across all services. In order to do authentication in an AWS environment, the team decided to use Cognito as an identity broker for Okta, becoming one of the first partners on Okta’s OIDC implementation, as their more well-used SAML authentication was incompatible with the Cognito JavaScript SDK.
  • Serverless search: The team decided to use Cloudsearch (AWS’s hosted Elasticsearch solution). Due to CORS requirements, they needed to use API Gateway as an interface to Cloudsearch. Ruthie discusses how the team implemented this as well as potential HIPAA implications.
  • Encrypted data storage in transit and at rest: The team originally decided to use S3 to host scanned records and DynamoDB to host metadata around those records. As they implemented a full-featured form for optometrists to use in the second iteration of this implementation, they decided to use DynamoDB to host all exam data.
Photo of Ruthie Nachmany

Ruthie Nachmany

Warby Parker

Ruthie Nachmany is a software engineer at Warby Parker. When she’s not trying on glasses and building software that helps people try on glasses, she helps organize the the NYC Amazon Alexa meetup, a biweekly speaker series called NYC Salon, and a sunrise club.