HERA Digital Health

“We have an international healthcare application with strict data privacy requirements — the challenge was to address API security and data privacy issues with limited technical staff.”

HERA Digital Health’s mission is to provide a mobile health platform that connects refugee populations with healthcare services.

As the first step toward achieving the goal of “preventive healthcare made easy” for refugee mothers and children, HERA aims to increase the rate of prenatal checkups and childhood vaccinations among Syrian refugees living in Turkey under temporary protection. HERA plans to expand its coverage to provide services to refugees worldwide, starting with their current pilot in the US.

“Today’s healthcare systems are designed for people who stay in one place — not refugees,” says Aral Surmeli, MD MPH, CEO of HERA Digital Health. “So we made a simple mobile app to take care of refugee healthcare.”

During pregnancy, refugee women receive an average of one pregnancy checkup. The World Health Organization, meanwhile, recommends at least eight. What’s more, only 30-40% of refugee children are fully vaccinated.

For Syrian refugees in Turkey, a group that as of 2022 totals more than 3 million people, not having access to their vaccination records creates major problems. In some cases, doctors in Turkey are sometimes required to vaccinate people if there is no record on file.

Through its app, HERA is specifically focused on tackling the most important refugee healthcare issues and seeks to add features that have the biggest impact.

Why Project Galileo?

After HERA started in 2018, it implemented Cloudflare in its early stages in coordination with its first production launch.

“Our previous CTO had a startup using Cloudflare,” Surmeli notes. “He recommended the solution and Project Galileo as a nonprofit option.”

Adds HERA CTO Su Yuen Chin, “We have an international healthcare application with strict data privacy requirements — the challenge was to address API security and data privacy issues with limited technical staff.”

Entering new markets meant HERA had to keep up with new regulations. The organization found that Cloudflare helped with HIPAA compliance for their US pilot.

Since using Cloudflare, HERA has not had issues with being hacked. They particularly appreciate app security and visibility, such as using Bot Analytics to see which requests are humans vs. bots. Project Galileo has also delivered some performance improvements, which are useful when experiencing spikes of new user signups.

Improving security and performance

HERA’s first pilot started in 2019, and the organization is currently in v2.0 of their production app. Throughout this time, their goal has been to connect refugees to healthcare, track their healthcare records, recommend and schedule treatments, and provide specific info about where to find healthcare in their host country.

Since app users are providing very sensitive and valuable data, app security is essential.

“Our back-end is PostgreSQL and our front-end is Django,” comments Chin. “It is very important that our servers are protected as well as our APIs, something that Cloudflare does very well. We are mostly web developers, and we do not know how to do that.”

As part of their efforts for HIPAA compliance, HERA stepped up their API security and implemented two-factor authentication (2FA) for all administrator access and took steps such as phone number redaction.

HERA has also found Cloudflare Load Balancing to be useful, especially since they cannot always predict when refugee camp workers will be promoting the app and thus create usage spikes. "We do not have network engineers to manage load balancing — Cloudflare does it,” says Chin.

Cloudflare products HERA has deployed:

  • DNS
  • CDN
  • User Analytics
  • Load Balancing
  • API Security
What’s next for HERA

HERA sees their strength as being very close to the field, with experienced founders who understand refugees’ needs.

One area they are considering for the future relates to their health record module, where a user can store information locally on a phone. HERA is looking into ways to store this information using blockchain to create a permanent record for refugees.

They are also working to understand the impacts of GDPR and other data privacy regulations for operating in Turkey, particularly the effects for refugees who may be staying in a country only temporarily. “It is an interesting topic for the future — we need the highest levels of security to be ready for this and other future requirements,” says Surmeli.

A key priority for HERA is ensuring that their platform is scalable and modifiable, as well as a tool that every refugee around the world can use. “That is one of the great things about having Cloudflare in our architecture — we will be ready for the future,” concludes Surmeli.

HERA Digital Health

That is one of the great things about having Cloudflare in our architecture — we will be ready for the future.

Aral Surmeli, MD MPH
CEO