At a Glance

Industry: Healthcare Technology

Goal: Modernize Sleuth, a proprietary healthcare payment integrity platform, from a manually operated MVP into a fully automated, HIPAA-compliant, cloud-native AWS solution capable of onboarding enterprise payer clients at scale.

Services & Technologies

OpsGuru Services: Cloud-Native Application Modernization, Automated ETL Pipeline Engineering, Infrastructure as Code (IaC), Healthcare Compliance & Security Architecture, UI/UX Modernization.

Tech Stack

Data Pipeline & AI: AWS Glue, AWS Glue DataBrew, AWS Step Functions, AWS Lambda, AWS Transfer Family, Amazon S3, Amazon EventBridge, Amazon SNS.

Infrastructure & Security: HashiCorp Terraform (IaC), AWS Control Tower, AWS Config, AWS CloudTrail, Amazon GuardDuty, AWS Security Hub, AWS KMS, AWS WAF, AWS Shield, Amazon CloudWatch

Application & API: Amazon ECS (Fargate), Amazon API Gateway, Application Load Balancer, Amazon CloudFront, Amazon RDS (MS SQL Server), Docker, Node.js, Prisma (ORM), GitHub Actions (CI/CD)

Outcomes

• End-to-End Automation: Manual Excel workflows replaced by a serverless ETL pipeline for ingesting and processing large healthcare claims files, with end-to-end staging time benchmarked at under 5 hours.

• Enterprise-Grade Compliance: 99–100% scores on HIPAA and CIS benchmarks via automated PII/PHI discovery, redaction, and continuously audited IaC.

• Scalable Multi-Tenant Architecture: New payer environments provisioned automatically via Terraform, eliminating linear manual setup.

• Acquisition-Ready Platform: The AWS environment met Healthworks' HITRUST, SOC 2, and PCI requirements immediately upon handover.

Reimagining Healthcare Payment Integrity for the Enterprise

Healthcare payment integrity is a high-stakes, data-intensive discipline with little tolerance for error. Medicare and Medicaid alone reported over $95 billion in improper payments in 2025. Despite the importance of these processes, the teams doing this work have historically been trapped in the same operational bottleneck: enormous volumes of claims data processed through labor-intensive, spreadsheet-driven workflows that simply do not scale.

Forensic Claims Solutions (FCS), acquired by Healthworks, set out to solve exactly this problem. Co-founded by Craig Mills and Mike McGauley, FCS developed Sleuth. This proprietary platform runs statistical models for shadow adjudication against payer claims data to detect anomalies and improper payments. 

After three years of hands-on building, the founders had proven that the model worked and that enterprise payer relationships were within reach. FCS needed to make a decisive architectural leap from an MVP-grade tool to an automated, HIPAA-compliant, cloud-native platform capable of serving major payer clients. They partnered with OpsGuru to make that transition in a single, structured engagement, even as a mid-project acquisition by Healthworks raised the compliance bar to an enterprise level.

Bridging the Gap Between a Working MVP and a Production-Ready Platform

For FCS, the gap between where Sleuth was and where it needed to be was as much operational as it was architectural.

A Platform Built for Proof, Not Scale

The version of Sleuth that existed at the start of the engagement demonstrated the concept, won early clients, and validated the business model. But it had been built for proof, not production scale. The SQL backend was architected as a batch-processing engine rather than an optimized application database; the frontend was inaccessible via a browser; and there was no secure login, workflow tracking, or role-based access.

Client Capacity Bottlenecked by Manual Hours

Every month, processing a new client's claims file required the founder to run SQL scripts manually, transform data in Excel, and perform post-processing steps. This created a direct, linear relationship between founder hours and client capacity. Onboarding multiple large clients simultaneously, or running analytical engines concurrently, was structurally unsupported under this model.

Establishing Compliance Baseline For Enterprise Payers

As a healthcare data company handling Protected Health Information (PHI) and Personally Identifiable Information (PII), FCS faced strict regulatory obligations under HIPAA. As they matured, SOC 2 compliance would become a commercial requirement for enterprise payer relationships.

Mid-Project Acquisition That Brought New Compliance Requirements

Midway through the modernization engagement, FCS was acquired by Healthworks. The acquisition introduced Healthworks' compliance team into the project scope, requiring the newly built AWS environment to immediately meet Healthworks' HITRUST, PCI, and SOC 2 assessment standards on top of an already aggressive delivery timeline.

The Solution: A Phased Approach to Compliant, Cloud-Native Modernization on AWS

OpsGuru approached the Sleuth modernization as a structured, phased engagement designed to reduce delivery risk, align technical progress with business goals, and ensure that compliance was built in from the start.

Phase 1: Architecture Before Build

Before any infrastructure was provisioned, OpsGuru conducted a comprehensive architectural assessment of FCS's existing environment. This phase defined the sequencing logic for the entire engagement, from which components to build first, and where compliance architecture needed to be in place before data could move, to how the team would avoid building into dead ends under time pressure. Key deliverables included:

• A detailed architectural findings and recommendations report

• A prioritized implementation roadmap

• AWS consumption cost estimates

Phase 2: Automation, Security, and the Modern Application

The execution phase tackled three parallel workstreams:

• Fully Automated Serverless Pipeline: A data pipeline orchestrated by AWS Step Functions ingests large monthly claims files via AWS Transfer Family, processes them through AWS Glue and Glue DataBrew, with PHI and PII redactions applied inline before any data reaches the application database.

• Security and Compliance Infrastructure: A secure AWS Landing Zone was established using AWS Control Tower, with Amazon GuardDuty, AWS Security Hub, and AWS Config providing continuous threat detection and compliance monitoring. All infrastructure was defined in Terraform, creating a version-controlled, audit-ready deployment history that would prove critical during Healthworks' compliance assessments.

• Application Modernization: The existing desktop application was rebuilt as a React single-page application, containerized with Docker, and deployed to Amazon ECS (Fargate) behind an Application Load Balancer and CloudFront CDN.  This gives analysts a centralized portal to track ingestion status, manage workflow state, and generate configurable client reports.

Phase 3: Production Validation and Launch

The final phase focused on end-to-end validation, production cutover, and knowledge transfer:

• The full pipeline was run against live claims data for an active client, the first time this processing had occurred without manual intervention.

• Pipeline execution was benchmarked, and security configuration scores were validated against HIPAA and CIS benchmarks.

• All Terraform modules and GitHub Actions CI/CD pipelines were handed over with comprehensive documentation.

“OpsGuru took a platform we'd built from the ground up and gave it the infrastructure to match its ambition. They navigated the complexity of a live acquisition, met every compliance requirement our new partners put in front of them, and delivered a system our team can confidently operate and grow. The result is a platform that's ready for the enterprise clients we've always been building toward." - Craig Mills, Co-Founder, Forensic Claims Solutions (acquired by Healthworks)

The Outcome: A Scalable, Acquisition-Ready Platform Built for the Next Stage of FCS's Growth

The outcomes of this engagement operate at two levels: the technical capabilities that now exist within the Sleuth platform and the organizational trajectory those capabilities enable.

Technical Outcomes: A Platform Built to Scale

• Automated Claims Processing: The December claims cycle for an active payer client, previously a multi-day manual effort, was processed end-to-end by the automated pipeline in under 5 hours with no manual intervention. File decompression alone was benchmarked at 20 minutes.

• Inline PHI/PII Protection: PHI and PII are dynamically discovered and redacted within the ETL pipeline itself, before data reaches storage, eliminating a class of compliance risk that previously required manual review.

• Automated Multi-Tenant Provisioning: New payer clients are onboarded by provisioning isolated, compliant database and storage environments through Terraform, replacing a process that previously required hands-on founder setup for every new client.

• Compliance at 99-100%: The platform achieves near-perfect scores on HIPAA and CIS benchmark checks through continuous automated monitoring via AWS Security Hub, GuardDuty, and Config, with a version-controlled IaC audit trail that satisfies SOC 2 requirements.

Organizational Outcomes: From a Validated MVP to an Acquirable Asset

• Founder Hours Reclaimed: FCS can now onboard and run multiple clients concurrently without the founders in the processing loop.

• Acquisition-Ready on Delivery: Built on documented, auditable Terraform IaC with centralized security reporting from day one, the environment met Healthworks' HITRUST, PCI, and SOC 2 requirements immediately, without post-acquisition remediation.

• A Team Empowered to Own the Platform: Comprehensive documentation, GitHub CI/CD pipelines, and Terraform-managed infrastructure give FCS's team the tools to deploy, configure, and extend the platform independently.

• A Business Model That Can Now Execute: Automated onboarding, scalable pipeline architecture, and enterprise-grade compliance transform Sleuth from a proof-of-concept into a commercially viable product capable of competing for major payer contracts.