GenAI in Action: Automating Compliance & DR for Therapa

Therapa is a next-generation, cloud-native collaboration platform designed to connect therapists, support staff, and patients in a secure, real-time environment. It is a digital health provider specialising in AI-driven emotional wellness. Its platform must function within healthcare regulations while supporting a rapidly growing user base exceeding 100,000 sessions per month. Although revenue figures are not publicly disclosed, the company operates under HIPAA and GDPR, emphasising the importance of strict data security and compliance controls. 

As Therapa prepared to scale its service to over 100,000 active monthly sessions, its existing infrastructure struggled to meet the demands for both high availability and strict regulatory compliance (HIPAA/GDPR). Therefore, Therapa partnered with Cloud Bridge to design and implement a fully automated and resilient cloud platform, not only to address these immediate challenges, but also to establish a future-ready foundation for innovation, including the integration of next-generation AI services.

 Challenge: 

Therapa’s original deployment faced critical limitations that threatened its growth and operational stability. The company was confronted with a series of significant issues: 

• Operational Unreliability: The platform experienced frequent unplanned outages, averaging 2–4 hours per month, which jeopardised patient care continuity. 

• Manual and Inefficient Workflows: The process for data restoration was entirely manual, creating a potential data loss window of up to 30 minutes and consuming valuable staff time. There was also a lack of a consistent long term archiving strategy. 

• Compliance and Financial Risk: These operational gaps exposed Therapa to multimillion pound fines and severe reputational damage under stringent HIPAA and GDPR. The manual approach also made scaling difficult and costly. 

• Stalled Innovation: The existing architecture was not designed to support modern, data-driven services, making it challenging to introduce advanced features or adopt new technologies without significant rework. 

Solution: 

Cloud Bridge developed a comprehensive, multi-faceted solution based on AWS best practices for regulated and mission-critical workloads. The design emphasised resilience, automation, cost-efficiency, and extensibility, delivering a platform that not only addressed Therapa’s immediate issues but also laid the groundwork for future growth innovation. 

The implementation process included the following key configurations: 

• Automated Governance and Security: A multi-account AWS landing zone was deployed under Control Tower governance to enforce security policies and regulatory compliance. All logs (CloudTrail, Config, GuardDuty, VPCflow) were funnelled into a central S3 data lake with WORM (Write Once, Read Many) retention policies enforced by Object Lock. 

• High-Availability and Performance: Production workloads were configured for high availability across two Availability Zones (us-east-1a and 1b) behind an AWS WAF-protected Application Load Balancer. This was supported by stateless application servers in Auto Scaling groups, a MultiAZ RDS PostgreSQL cluster and ElastiCache for Redis for tiered caching to achieve sub-100 ms data fetches. Custom CloudWatch metrics were implemented for end-to-end infrastructure monitoring, including P95 API latencies. 

• Automated Disaster Recovery (DR): A warm-standby DR environment was established in a separate AWS region (useast2) and kept in sync via S3 cross-region replication and automated RDS read-replica promotion scripts. Route 53 failover health checks were configured to automatically switch traffic to the secondary region in under two hours. 

• Gen AI and Future Readiness: To prepare for future AI capabilities, key data ingestion pipelines were refactored into event-driven, serverless workflows. This design ensures seamless and low-effort integration with technologies such as Amazon Bedrock and other Machine Learning services, allowing Therapa to adopt Generative AI without major re-platforming. 

Initial GenAI use case – automated care summaries and journaling prompts: During discovery workshops, Therapa and Cloud Bridge identified automated session summaries and journaling prompts as the first Gen AI application (self-assessment UCR-001). Transcripts, mood logs, and therapist notes are ingested into S3; an event triggers a Lambda function that invokes a Bedrock or SageMaker model to generate a concise session recap and personalised journaling suggestions. The output is stored in a secure bucket and surfaced back to therapists and patients via the app. 

Benefits: 

The new automated infrastructure delivered a secure, highly resilient and scalable platform, resulting in critical business benefits that extended far beyond operational stability: 

• Superior Platform Availability and Performance: The new architecture delivered 99.99 % platform availability, eliminating unplanned outages. Performance tuning with tiered caching strategies ensured a fast and responsive user experience. 

• Cost-Efficiency and Productivity Gains: By right-sizing EC2 instance families, Cloud Bridge helped Therapa achieve a 15% reduction in monthly compute spend. Furthermore, the elimination of manual restoration chores saved over 1,000 staff-hours per year, allowing staff to focus on innovation. 

• Robust Compliance and Data Safety: The fully automated DR strategy and backup solutions ensured a Recovery Point Objective (RPO) ≤ 15 minutes and a Recovery Time Objective (RTO) ≤ 2 hours. Logs are protected with WORM retention, ensuring compliance with HIPAA and GDPR. 

• Generative AI-Ready Foundation: Bedrock inference now accounts for roughly 30 000 ARR — about 20% of Therapa’s total AWS spend, demonstrating that session-summarisation features are live and meeting the GenerativeAI competency’s revenue thresholds (self-assessment PS004). The event-driven architecture simplifies the addition of further AI-powered capabilities. 

Lessons Learned & Next Steps:

Unmet goals: A stretch objective was to provision a fully redundant warm-standby environment within four hours of kick-off; the first DR drill averaged six hours due to Terraform state-propagation delays and manual IAM adjustments (self assessment CO002). Another goal—to remove all manual intervention from backup-restore validation—was only partially achieved because some Lambda functions timed out when restoring large EBS volumes. 

Actions taken: Cloud Bridge refactored the Terraform workflow by centralising state management in an S3backed remote state and automating cross-account role creation, shaving two hours off the next drill. They increased Lambda timeouts for large-volume restores, added dynamic retry logic and split oversized volumes for parallel restores. Future enhancements include integrating more granular cost controls and adopting phased rollouts to optimise GenAI model usage. 

Connecting infrastructure to GenAI: With the DR and compliance foundations in place, Therapa is poised to expand its GenAI capabilities. The event-driven pipelines ingest session data, trigger Bedrock for summarisation and store the output in secure S3 buckets. Future work will integrate retrieval-augmented generation (RAG) patterns to enrich summaries with relevant historical context and incorporate patient-specific journaling suggestions, further personalising the therapeutic experience.