Introducing Autopilot, an AI coding assistant
Airplane for healthcare: PHI and data protection, scheduled operations, interfacing with third parties, and more

Airplane for healthcare: PHI and data protection, scheduled operations, interfacing with third parties, and more

Madhura Kumar
Head of Growth
Jan 13, 2022
8 min read

One of the primary challenges that B2B healthcare, consumer health, and biotech companies face when it comes to finding third-party software solutions is that they don't comply with the level of sensitivity necessary to be able to use the software. This includes:

  • Measures to control and lock down PHI (Protected Health Information) and PII (Personally Identifiable Information)
  • Regular and rigorous audit logs that are easily accessible
  • The ability to manage permission groups at the most granular level
  • Compliance with HIPAA, GXP, and other healthcare-related regulatory frameworks

As a result, many healthcare and healthtech companies choose to build a significant amount of tools in-house, taking time and resources away from the core product roadmap.

With Airplane, you can turn code into enterprise-grade internal applications in just minutes that anyone on your team can use, while still protecting your customers' data.

Why healthcare companies choose Airplane

Healthcare companies are focused on meeting rapidly evolving needs from their patients and customers, but at the same time, they still have many use cases that require high-quality internal tools to ensure the company can scale to meet external demands. Airplane solves these problems by:

  • Making it easy to set up  group-based permissions, approval flows, and data protection measures at the most granular level
  • Enabling support, risk, ops, customer success, marketing, product, and other non-engineers to safely run operations that were previously engineering-only
  • Eliminating the time that developers spend on running recurring eng-heavy operations and managing infra for internal tools
  • Limiting the level of interruptions that developers experience so they can move more quickly to build customer-facing products

Use cases

  • PHI and data protection
  • Scheduled operations and recurring data pulls
  • Interfacing with third parties and onboarding
  • Automating manual tasks
  • More use cases

PHI and data protection

One of the greatest challenges that heathcare and healthtech companies face is finding the right tools to help them grow quickly while maintaining strict rails around data protection and privacy. Data protection laws are even more stringent when it comes to PHI (Protected Health Information) and the consequences of a leak can be severe.

PHI includes things like:

  • Medical records and family history
  • Current prescriptions
  • Medical bills
  • Lab test results
  • History of healthcare services received
  • Billing information or any information that could be used to identify an individual in a health insurance company's records

This is why finding a scalable solution that limits who has access to what data is critical. Without this, Healthcare companies are unable to move as quickly because (1) the internal state of the company cannot keep up with external demands and growth and (2) the number of people able to contribute is limited causing resourcing bottlenecks.

With Airplane, you can limit who in your organization has access to PHI and ensure your team is able to contribute without putting your customers' data at risk.

For example, your customer success and support teams can use Airplane tasks to pull specific customer requests from a patient portal without having access to medical records, billing information, doctor's visit history, or any other data in the underlying dataset.

Here's what one of these tasks might look like on Airplane:

Group-based permissions

Using Airplane, you can create a group called Customer Success, add members of your team to that group, and give them access to the limited set of queries they'll need to answer the most common questions. Without access to view the task, individuals will not be able to see anything associated with it like logs and run history which can prevent accidental PHI leakage.

You can also layer approval flows, notifications, and audit logs on top of tasks and runbooks for additional protection.

Approval flows

Create approval flows so sensitive tasks have separate groups that are allowed to request and/or approve them. You can send requests to specified groups directly on Slack and member of the group can then execute the request or reject it.

Let's say a customer request requires access to sensitive data to resolve. You can use an approval flow to lock down who actually executes it by sending a request to individual approvers or to groups.

Here's an example of a runbook (a multi-step workflow) to look up a billing issue and then send a report with the sensitive details to a manager who has access to view such reports.

  • First, we look up a customer's billing information based on their ID.
  • Then, we send the details via a billing report to a customer success manager who has access to view that data.

I've set the reviewers to 'admins' and 'support managers' so individuals in those groups will receive the request and can approve or reject directly from Slack. The runbook has also been set up such that only specific customer success managers can receive billing reports and so they must be selected from the drop down menu.

You'll receive a confirmation that your request was sent and approvers will receive a notification to approve or reject it.

Safety and audit logs

Airplane is also SOC 2 compliant and you can self-host Airplane agents within your own VPC. Additionally, every operation is recorded in an audit log.

Not only can you see all the recent sessions for your runbook, but paginated logs can be downloaded as a CSV:

Recent sessions:

Download logs as CSV:

Scheduled operations and recurring data pulls

Rather than setting up manual checks or cron jobs across the mountain of systems required to run daily operations, you can use Airplane schedules to run recurring scripts that test data health and hygiene and ensure systems are up and running. Many engineering teams use Airplane as a simpler, more feature-rich scheduler than systems like cron or Airflow.

Let's say you want to be notified when an hourly data sync fails. You can write a script that checks that new rows of data have been added to the table and deploy this script to Airplane. You can now set up a schedule that runs the task hourly, checks to see that new rows are in the data table, and sends you a slack notification if new rows have not been added.

Cron jobs are one of the most common ways developers run tasks like this on a recurring basis to schedule a daily backup or run a monitoring script every hour, for example. However, Cron falls short in a number of ways:

  • You need to add logging logic manually
  • There are no notifications when runs fail
  • There's no easy way to see jobs you have running
  • You have to maintain the cron job and if there's a server failure causing the job to go down, you're responsible for monitoring and alerting

Airplane is a better alternative because it:

  • Generates audit logs automatically
  • Provides customizable notifications (can be sent via Slack, email, or in app)
  • Allows you to see and update config on scheduled tasks from the UI
  • Doesn't require maintenance from you after setup

More on replacing cron with scheduled tasks in Airplane in this blog post.

Interfacing with third parties and onboarding

Another common use case among healthcare companies is interfacing and sharing data across a number of third parties like insurance providers. Airplane can help you automate tasks like:

  • Import historical records from previous providers
  • Bulk onboard patients, doctors, or nurses
  • Create new accounts and sync data
  • Automatically upload signed insurance policies and store confirmations

Using Airplane you can easily connect to databases, APIs, and other external systems, known as resources, which can be used in any task or runbook. More on how to use resources to connect to external systems in our resources docs.

Let's say you just signed a new doctor, therapist, or nurse onto your platform and they would like to bring over all their patients' information to quickly get spun up. If you already have a script that takes data from an external system and formats it into the right schema for your DB, you can use Airplane to connect to REST APIs and make importing the data easy. You can also turn that script into a task that can be deployed by anyone on the team.

You no longer have to manually connect, download, upload, and reformat data because Airplane enables you to build tools to automate these processes quickly. Not only can you write once, store, and use your scripts many times, but you can also grant anyone on your team access to these tasks so that customer success can own the full onboarding process without engineers getting involved.

Automating manual tasks

Without internal tools in place, manual operations and repetitive tasks can become a huge bottleneck. These include things like:

  • Add a credit to a patient's account
  • Update information in the patient portal on behalf of a customer
  • Look up accounts with late payments
  • Look up the status of a monthly payment and send a reminder

Typically these issues come in through the customer success, support, or ops teams but require engineers to get involved every time to either directly write queries against a DB or hit a combination of internal and external APIs depending on the transaction.

Let's say you already have a REST API endpoint or a JS or Python script that lets you add a credit to a patient's account. Instead of repeatedly jumping in when these types of requests come up, or slowing things down for your company, you can deploy your scripts to Airplane in a couple of minutes, and Airplane will automatically add a UI, let you specify input validation rules, permissions, and more. What used to be a manual task involving a ping to the engineering team is now an app that anyone can use in Airplane.

Since things like adding money to a patient's account may be sensitive, you can also include an approval step requiring another person to confirm before the operation actually executes.

The below is an example of a task to issue a credit where manager approval is required for credits above $100.

More use cases

  • Account admin and user management: updating a user's email address, making a user an admin, extending a free trial period. Here's how you can build an internal admin panel in 10 minutes with Airplane.
  • Data / system hygiene: running specific tests though Airplane and notifying of system or operational failures
  • Feature flagging: turning features on and off without manual code changes or configuration updates
  • Customer onboarding: migrate a customer's historical data, set up accounts, set up billing, set their account plan and turn on/off features
  • Broader access to use SQL queries safely: limiting the number of devs who have access to prod DBs and instead granting analysts, customer success managers, and other engineers access to specific common SQL queries via Airplane


Here's a 3-minute walkthrough of the entire task creation process:

Airplane can help your healthcare company move quickly and safely by enabling you to put data protection and privacy first while still making internal operations accessible and automating your company's manual tasks.

If you liked anything you read or think Airplane would be a good fit for your business, say hello via chat or email [email protected]. Signing up takes about 30 seconds and you can check out our docs for more information.

Share this article:
Madhura Kumar
Head of Growth
Madhura Kumar is the Head of Growth and a founding team member at Airplane. Prior to Airplane, she led product and strategic initiatives at Palantir.

Subscribe to new blog posts from Airplane.