Case Studies

Leveraging the AWS Cloud for Orbograph’s Healthcare Payment Automation Center Platform


Orbograph, a subsidiary of Orbotech, is a premier provider of recognition services and software for check processing in the financial industry and end-to-end electronic solutions in the healthcare revenue cycle management (RCM). Orbograph technologies are used by over 1,500 financial institutions, service bureaus, and billers, processing billions of checks and claims annually. Their solutions are utilized by 20 of the top 30 U.S. financial institutions with in-house check processing. In regards to health care payments, the Orbograph P2Post and E2Post services make use of innovative explanation of benefits (EOB) conversion technologies to automate the posting of receivables into practice management systems. Orbograph enables clients to envision more for their organization by reducing costs and managing risk, while ensuring that achieving more is a reality. See more at: https://www.orbograph.com/


The search for the Right Tools

The AWS ecosystem is vast and includes a wide variety of tools like S3, SQS, Route 53 and VPC. Distinguishing those necessary to fulfil specific requirements of an enterprise can be exhaustive if there is a lack of general understanding of how the system works. While DIY solutions seem appealing to some, the truth of the matter is that matching the necessary tools to ensure high quality performance and guaranteed security for a reasonable price is not possible without expert knowledge.


Emind is proficient and holds a lot experience in migrating companies of all sizes to AWS, in line with the appropriate regulatory compliance and were able to close a significant knowledge gap for Orbograph. Bridging the knowledge gap lead Orbograph to promptly link its HPAC platform to its customers, maximize business, minimize costs and provide the utmost in data protection.

Compliance & Network Security

The need for unparalleled system security is essential. Malicious traffic and security vulnerabilities pose threats to sensitive information as well as quality service provision. Data leakage occurs in the cloud and risks security threats as well as exposure to competitors. Additionally, intrusion protection is essential when handling any type of sensitive data on the web, stressing the need for a web application firewall (WAF) to inspect traffic in search of suspicious activity.


Orbograph was recommended by Emind to leverage a combination of Sophos UTM (Unified Threat Management) appliances to tackle Orbograph’s possible security threats, including intrusion detection and protection (IDS and IPS), as well as Dome9, a firewall management web application, to securely protect all of Orbograph’s sensitive data.

Data Security & Identity Access Management

Scanned Electronic Health Records (EHR) are defined as Protected Health Information (PHI) records, that hold private and confidential health information regarding individuals or populations. As a result, it is essential that all of these electronic assets be backed up and securely encrypted with managed encryption keys. As mentioned above, HIPAA’s strict regulatory compliance must be adhered to when dealing with personal health information, ensuring all security measures are followed. In addition, a high level of
control and authentication is needed when handling system access. Authorization grants access to various system users that are exposed to the data.


Orbograph, advised by Emind, utilized a third party tool for achieving central management, high availability and encryption of all data and storage volumes on their HPAC application. Porticor Virtual Private Data, the cloud encryption and key management solution, provides an encrypted sanctuary for data, such as virtual disks, databases, files, object storage, and more, enabling full HIPAA compliance. This all encompassing solution entails patented cloud key management alongside state of the art encryption, and focuses on the procedures necessary to manage encryption environments and encryption keys.
Additionally, in order to maintain access control and identification, Emind recommended Orbograph to utilize Microsoft Active Directory for identity management, authenticating and authorizing all access to the network and VPN (i.e. all AWS instances, including Linux and Windows). As a direct result, access to Orbograph cloud accounts, by means of AWS APIs, is authorized and authenticated by AWS IAM, in collaboration with AWS MFA, a two-factor authentication process based on Duo Security’s solution.

Tight Auditing & Data Archiving

Maintaining control, security and availability under the restrictions of HIPAA compliance generates the need to monitor and log all transactions, including access to resources, network activities, data and updates. In addition to that, all logged data is required to be archived for seven years.


With Emind’s advice, Orbograph leveraged AWS tools to ensure that logs from all system components are shipped in real time to a central log server. The data logs are then analyzed and stored, resulting in real-time, quality alerts. More recent log data is stored in a short term archive (AWS S3), available online for further analysis, and is then encrypted and archived in AWS Glacier for long term, cost efficient archiving (in line with the HIPAA seven year data archiving compliance requirements).

Complexity & Large Data Sets

The ability to scale Orbograph’s system’s large capacity on-demand is no easy feat, especially when dealing with complex cloud environments and a wide variety of data. In addition, maintaining, transferring and storing these large datasets creates quite the challenge, requiring dozens of terabytes.


Scalability is a direct benefit of migrating to the cloud. In addition, AWS’ infinite, durable and highly available S3 storage ensures data security. A state-of-the-art tracking mechanism is used to automatically add new RDS instances to backup lists, generating Amazon Machine Images (AMIs) on a regular basis. This not only inhibits data loss, but also protects Orbograph’s cloud environment for mission critical deployments. Orbograph assisted by Emind’s unique methodologies on the AWS Cloud, is now able to store all of their sensitive, complex data, carefree.

“Orbograph assisted by Emind’s unique methodologies on the AWS Cloud, is now able to store all of their sensitive, complex data, carefree.”

High Availability & Reliability

The mission critical aspect of Orbograph’s HPAC platform services requires it to be reliable and highly available at all times. Maintaining and enhancing existing disaster recovery mechanisms is essential, in addition to creating a robust backup strategy for its rapidly growing amount of data and digital assets.


Disaster recovery in the traditional world of IT is incredibly expensive due to the fact that a company must own all of the servers necessary to back up all of its data. Fortunately, the AWS Cloud has relieved a large portion of this burden by supporting flexibility and global distribution in multiple zones. Orbograph’s system is located in two availability zones in efforts to ensure high availability of the service. Applications and data are synced seamlessly and the failover mechanism is tested often to ensure robustness in the case of a failure.