Secure Digital Therapeutics at Scale: How Click Therapeutics Leverages AWS for Compliance

As part of the Charting a Path for Compliance in Life Sciences panel hosted by PTP on February 27, 2025, Han Chiu, Chief Technology Officer at Click Therapeutics, delivered a compelling presentation on how cloud-first infrastructure and software-as-a-medical-device (SaMD) models are transforming patient outcomes while aligning with life sciences compliance standards.

The Rise of Prescription Digital Therapeutics

Click Therapeutics stands at the forefront of digital therapeutics innovation, developing FDA-regulated, AI-powered software treatments for mental health and neurological conditions. These software-based therapies are prescribed by physicians, clinically validated through randomized trials, and built with privacy, scalability, and security—a core requirement in managed IT services for life sciences.

With over 23 years in tech and four years at Click, Han Chiu oversees everything from product design to machine learning and cloud infrastructure. In his presentation, he walked through Click’s journey—from launching migraine and major depressive disorder treatments to managing high-stakes clinical trials that demand compliance with HIPAA, GDPR, ISO 27001, and SaMD requirements.

Watch the full video on YouTube

Security and Compliance: A Startup Imperative

Despite being a fast-growing startup, Click runs over 60 isolated Kubernetes clusters to manage its concurrent clinical trials, real-world evidence programs, and commercial development. To maintain data privacy and meet evolving regulatory frameworks, Chiu outlined how their team leverages secure IT services for biotech with best practices tailored to life sciences IT support environments:

• AWS-native security tools such as AWS Certificate Manager, AWS Config, GuardDuty, and CloudTrail
• Serverless and managed services like EKS on Fargate, S3, DynamoDB, and RDS
• Zero-trust identity architecture with Okta to enforce access control from company-managed devices only
• End-to-end encryption for data at rest and in transit across all services
• Private certificates to secure internal cluster communications
• Infrastructure as Code (IaC) for repeatability, traceability, and scalability

Infrastructure as Code: Enabling Repeatability and Trust

For Chiu and his team, infrastructure as code isn’t optional—it’s foundational. Click defines its entire infrastructure in software, ensuring no changes are deployed without code review, unit testing, and continuous delivery pipelines. This approach supports biotech IT support needs while reducing risk, streamlining audits, and enabling rapid innovation.

Key Takeaways for Life Sciences Startups

Chiu closed with a reality check for startups: business complexity increases dramatically in life sciences due to high compliance stakes. Rather than manually building secure systems from scratch, he encouraged organizations to offload as much as possible to trusted cloud providers like AWS. By embracing serverless services, zero-trust access, and automation through IaC, companies can adopt IT managed services for biotech that scale without compromising compliance or patient safety.

“The only way to operate efficiently at scale is infrastructure as code,” Chiu emphasized. “It’s how our small team supports over 60 secure Kubernetes clusters while focusing on innovation.”