Case study · Healthcare
HIPAA-aligned CI/CD for a digital-health platform across three regions
The challenge
A digital-health platform serving providers in Ireland, the US, and Germany had inconsistent CI/CD pipelines per region, manual deploy approvals that took 24–48 hours, and HIPAA evidence collection that required a 3-engineer week every audit cycle. Reliability was good (99.95%) but on-call was burning out the team.
What we did
We unified the CI/CD onto GitHub Actions with environment-specific approval policies, wired evidence collection into the pipeline (signed deploys, change records, artifact provenance), introduced SLO-based alert hygiene that cut page volume 70%, and ran a four-week on-call coaching cycle including two tabletop exercises.
Results
99.99%
uptime sustained
Across three regions, sustained for two consecutive quarters post-engagement.
70%
page-volume reduction
Alert hygiene tied to SLOs; mean time-to-acknowledge improved from 12 minutes to 4 minutes.
90%
less audit-prep time
Evidence pipelines cut quarterly audit prep from 120 engineering hours to ~12.
6 hours
average lead time for changes
Down from 24–48 hours; same approval rigor, less manual handling.
"Audit prep used to dominate a quarter. Now the evidence pipeline produces the packet automatically and the team is back on product work."