Platform Technology

See how the Platform works, the technology involved, and what it means to be HITRUST CSF certified on top of cloud providers like AWS and Azure.

Infrastructure Layer

Infrastructure Layer

AWS and Azure provide VPCs, which cover a portion of compliance and security requirements.

Within a VPC, the Datica Platform is installed. Everything within the Platform is strictly managed in adherence to Datica policies. The Platform uses a combination of Kubernetes® and proprietary technology to orchestrate all DevOps duties for customers.

Platform Layer

Platform Layer

Customers create an account within the Datica Platform. It is through the account that they gain access to HIPAA-eligible AWS Primitives or Azure Services, which are strictly controlled by the Platform.

Within a customer account, the Platform containerizes all technology required to meet compliance controls from HIPAA, HITRUST, GDPR, and GxP. Things like logging, intrusion detection, and penetration testing, to name a few.

Application Layer

Application Layer

Customers deploy their applications to containerized environments. They can have multiple environments within their Datica account, managing any type of technical use case.

Administration of AWS Primitives or Azure Services are no longer required. Instead, customers simply allocate RAM to individual containers. Datica takes care of the rest.

Deployment is done either through a git push buildpack-based process or by pushing custom Docker containers.

Platform Architecture

See where each piece of the Platform fits, from logging and monitoring, to networking and load balancing. The animation below is a comprehensive architectural overview of the Platform.

 

Datica Platform Features

Features that not only show you how to be compliant, but actually make you compliant against the healthcare's most stringent security requirements.

Core Compliance

With the underlying infrastructure, operating system, and control plane locked down, CKS delivers an experience that feels like a standard Kubernetes cluster, but one that gets you HIPAA, HITRUST CSF, GxP, GDPR and more, with no additional configuration or work on your end.


Operating System

CoreOS is a container-only linux distribution. Datica installs, maintains and patches CoreOS as the central operating system for all CKS clusters.

Container Runtime

CRI-O is the first and only container-runtime specifically designed for Kubernetes and can run containers built by Docker, as well as any other OCI compliant image builder.

Networking

CKS is configured with flannel and nginx-ingress for encrypting network traffic. These tools provide a mature, secure solution to networking with a healthy community of supporters.

Logging

Logging is a central component of managing compliance in the cloud. Datica deploys an Elasticsearch, FluentD and Kibana (EFK) stack with all clusters.

Monitoring

CKS ships with a Prometheus instance to handle cluster monitoring, specifically CoreOS’s prometheus-operator, with a Grafana dashboard for visualizing activity.

Vulnerability Scanning

Vulnerability scanning is performed centrally by Datica on all CKS clusters using Nessus. In addition to Nessus, Falco also plays a major role ensuring vulnerabilities are managed.

Intrusion Detection

Like vulnerability scanning, Falco also plays a critical role in intrusion detection — Falco provides an easy way to build rules and output alerts immediately.

Volume Backups

CKS will automatically backup all volumes contained in a cluster. These backups are encrypted and cross region replicated.

Security & Compliance Services

Datica is the industry leader for compliance on the cloud. We provide our CKS customers a suite of professional services that ensure their success on the cloud.


Cloud Native Security Consulting

Datica provides services to maximize your success with using Kubernetes in your cloud account, including specific training on the security and compliance implications of Kubernetes, containers, and microservices.

Cloud Compliance Onramp

We work closely with CKS customers to help them adapt their security and compliance policies to the cloud and CKS, as well help them make informed decisions about the non-CKS cloud services they want to leverage for their cloud workloads.

Cloud Compliance Training

Configuring, deploying, and managing cloud workloads requires new thinking, and new training and education. Datica offers cloud training services tailored to your organization and users, be they operators, compliance officers, or software developers.

Integrate with any EHR

Modern healthcare applications must integrate with Electronic Health Records, like Epic or Cerner, in order to improve their value. Datica helps you get that job done in a secure, compliant, and scalable way.

EpicCernerMcKessonAllscriptseCinlicalWorksNextGenGreenwayGE Centricity

EHR Integration With Mirth Connect

 

Add a new environment to your account with the click of a button. OCI Mirth Connect is a pre-packaged configuration of all the open source integration tooling you need to integrate with EHRs.

The add-on includes:
  • Mirth configured to be highly-available
  • Load balancers
  • Redundant Postgres for initial data ingestion
  • Mirth alerting and monitoring
  • VPN management

We open sourced our Mirth HL7 transformations used over the past three years. With OCI Mirth, you can get started today using these tools. Or, should you require help integrating into a specific hospital, we offer professional services to project manage an integration to completion.

Test out your own version of Mirth today

Cloud Compliance Management System

Extending critical compliance controls

HCMS Dashboard

Continuous compliance, delivered.

Visibility into the continuous compliance and security provided by the Datica Platform is important to our customers. The HCMS is a compliance dashboard that gives insights into all compliance controls across customer environments.

The HCMS is shipping with initial versions of our Licensed Platform. To learn more about the HCMS, schedule time to talk with us today.

Platform Technical Capabilities

Datica supports two primary methods of getting your software running on the Platform: Buildpacks with git push, and Container Services with datica deploy. Between these two methods, Datica can support almost any technology imaginable on the application layer. When it comes to services with volumes, we're a bit more prescriptive, given how automatic backups and disaster recovery works.

>_
Common Languages

Datica supports hundreds of languages and frameworks. Here are a few popular ones:

  • Ruby
  • Node.js
  • Clojure
  • Python
  • Java
  • Gradle
  • Grails 3.x
  • Scala
  • Play 2.x
  • PHP
  • Go
Database hotswap
Database Support
  • Percona/MySQL
  • PostgreSQL
  • MongoDB
Network
Other Services
  • Redis
  • Memcached
  • RabbitMQ
Windows architecture support
  • Windows VMs on dedicated accounts
  • Microsoft SQL Server
BYOD

Datica also supports Container Services with Docker; learn more here.

Don't see a listed technology you wish to use? Contact sales to see additional compatability.

Frequently asked questions about our platform

  1. Does Datica own its own server infrastructure?
  2. Is Datica SOC2 compliant?
  3. Will I have to re-architect my application to deploy onto Datica’s platform-as-a-service?
  4. Can I use 3rd party applications?
  5. Does Datica offer SMS capabilities? Notifications? Transactional email?
  6. How is SSL managed?
  7. Does Datica provide staging or test environments?
  8. Do I need to manage my own load balancing? How does Datica manage it for me?
  9. Does Datica handle failovers?
  10. Does Datica handle regionalism through their cloud infrastructure partners?
  11. Can I buy CPU cores?
  12. What is the equivalent EC2 instance for one of your app containers?
  13. Does Datica support Windows VMs?
  14. Does Datica support custom deployment models, such as Chef or Puppet?
  15. If Datica uses Docker to orchestrate environments, can I bring my own Docker containers?
  16. Do we support Canada deployments?
  17. Do we support international deployments?
  18. Do we support Oracle DB via RDS?
  19. Does Datica have a DMZ network segment isolated from production environments?
  20. How do I manage a VPN on Datica?
  21. What are the differences between a site-to-site VPN and a Roadwarrior VPN?
  22. How does logging work on the Platform?
  23. Does Datica provide an SFTP service?
  24. Does Datica support AWS lambda?
  25. Does Datica support all AWS HIPAA eligible services?
  26. Do you integrate with [EHR]?
  27. Do you integrate with [data standard]?
  28. If I complete an Epic (or Cerner, or...) integration with Datica, does that mean I get access to all Epic (or Cerner, or...) customers?
  29. Does Datica provide sandboxes for integrations?
  30. Does Datica help with testing an integration?
  31. Does Datica help stress-test my integration?
  32. How many messages per second can Datica's integration stack handle?
  33. Can Datica help with Single-Sign-On within an EHR integration?
Does Datica own its own server infrastructure?

No. Datica sits on top of the top public infrastructure-as-a-service providers, like AWS, Microsoft Azure, and IBM SoftLayer. We help make their clouds fully HIPAA compliant.

Is Datica SOC2 compliant?

Yes.

Will I have to re-architect my application to deploy onto Datica’s platform-as-a-service?

It depends what your application architecture looks like. Many customers leverage Datica’s expertise in containerization to help re-architect their applications to be ready for a container-based future. Otherwise if your application already runs in the cloud, chances are it will run on Datica. You can leverage Datica’s Services offering to engage with us to assess your options.

Can I use 3rd party applications?

Usage of 3rd party applications within your architecture is up to you. Many customers leverage 3rd party apps, such as New Relic, within their environments. If you are curious about a specific app, ask our support team.

Does Datica offer SMS capabilities? Notifications? Transactional email?

Datica does not offer any transactional communication tools at this time. In general, those tools are not necessarily compliant—for example, you never want to send PHI over email. For usage of those tools in a compliant way—such as sending a link to a user to login—Datica does not offer those capabilities on the platform.

How is SSL managed?

SSL certificates are managed via our command line utility. We provide an SSL certs command that gives you the ability to install, update and delete certificates as needed. At this time we are not able to provide you with a certificate out of the box. You must purchase the certificate on your own. We recommend digicert for those looking to buy a certificate. For free certificates we recommend Let’s Encrypt.

Does Datica provide staging or test environments?

While we don’t provide any non-compliant environments, customers are more than welcome to deploy multiple applications within multiple environments on the Datica platform. Datica’s approach is to apply our industry-best management of compliance to all customer environments, bar none. Consequently, we do not offer staging environments at a cheaper price point. Customers looking for staging environments typically create parallel environments with fewer dedicated resources.

Do I need to manage my own load balancing? How does Datica manage it for me?

Datica provides load balancing for all customer applications. Our built-in service proxy service is placed as the gateway to your environment. This service load balances requests across containers of the same service to allow horizontal scaling. Typically, this is done via round robin.

Does Datica handle failovers?

Yes. Our Mongo and Redis services have automated failover pathways, while our Postgresql and MySQL services require Datica manual failovers.

Does Datica handle regionalism through their cloud infrastructure partners?

No. We can support Cross Region Replication for S3, but do not have environments that can span regions at this time.

Can I buy CPU cores?

No. Compute resources are fully managed through the Datica platform on top of the various IaaS providers. Customers instead purchase and allocate RAM within their environments.

What is the equivalent EC2 instance for one of your app containers?

Application containers typically reside on an m4.xlarge and can use anywhere from 1, 2, 4, 8, or 16GB of RAM. We can accommodate different types of instances depending on contract size and desired use case.

Does Datica support Windows VMs?

Yes.

Does Datica support custom deployment models, such as Chef or Puppet?

Yes, although only at certain customer tiers. If your deployment process is dependent upon one of those tools, be sure to talk to a Datica team member about that requirement.

If Datica uses Docker to orchestrate environments, can I bring my own Docker containers?

Yes.

Do we support Canada deployments?

Yes, Canadian deployments are available on the AWS Montreal AZ. This option is available to all customers.

Do we support international deployments?

International deployments are available for Enterprise Plan customers only. We do not support multi-tenant deployments outside of USA and Canada at this time.

Do we support Oracle DB via RDS?

Yes, we support Oracle via AWS’s RDS availability.

Does Datica have a DMZ network segment isolated from production environments?

Yes. View our policy notes here.

How do I manage a VPN on Datica?

Datica provisions VPNs on behalf of customers on the Platform. Datica’s cloud engineering & support team will provide customers with VPN credentials and information as needed. Customers can manage VPN permissions, ACLs and groups directly in the dashboard.

What are the differences between a site-to-site VPN and a Roadwarrior VPN?

Site-to-site VPNs are used during health system integration to create a permanent connection to a hardware device. Roadwarrior VPNs are provided transient connections, typically to workstations.

How does logging work on the Platform?

Datica provides an ELK stack (elastic search, logstash, and Kibana) to all customers on the Platform. Customers point to our logging endpoints to store their logs.

Does Datica provide an SFTP service?

Datica provides two primary SFTP solutions. Customers needing SFTP should reach out to our cloud engineering & support team.

Does Datica support AWS lambda?

We do not currently support Lambda.

Does Datica support all AWS HIPAA eligible services?

Of AWS’s 57 services, 27 are covered under their BAA as HIPAA Eligible. Of those, almost all have basic support through our platform, but there are a few we do not yet support. Discuss with our team service availability if you have questions about your architecture.

Do you integrate with [EHR]?

Datica has live, active integrations with 27 of the top 35 EHRs. More projects are planned to bring us closer to live integrations with the top 40. If you are needing integration services outside of that list, chances are we can still help you.

Do you integrate with [data standard]?

Datica has live integrations with almost every main data standard you can think of. There are some we are more proficient in than others—e.g. we have more integrations for HL7 with hospitals than we do for Claims with clearinghouses—but if there is a specific technology you are curious about, contact us.

If I complete an Epic (or Cerner, or...) integration with Datica, does that mean I get access to all Epic (or Cerner, or...) customers?

No. Healthcare integrations are inherently point-to-point. You will integrate with a specific site’s version of an EHR. It is a myth that you can connect once into an EHR and get access to their customer base.

Does Datica provide sandboxes for integrations?

We provide open APIs that anyone can test against. Those are found at hl7.datica.com and fhir.datica.com. Beyond that, extra requirements are scoped out with Datica’s Services team for an additional cost.

Does Datica help with testing an integration?

We most definitely do! Customers can engage with our Managed Integration services.

Does Datica help stress-test my integration?

Part of Datica’s Managed Integration service is to help scope out expected message volume and work with customers accordingly on setting up their environment to support that.

How many messages per second can Datica's integration stack handle?

The base product can handle close to 50msg/s. Supporting higher frequency of messages is as easy as dedicating more resources to the integration environment.

Can Datica help with Single-Sign-On within an EHR integration?

Potentially yes. It will depend on your type of integration. You will want to engage with our Managed Integration services to determine fit.


Get started with the Datica platform today

Learn about integrations