Platform Technology

See how the Platform works, the technology involved, and what it means to be HITRUST CSF certified on top of cloud providers like AWS and Azure.

Infrastructure Layer

Infrastructure Layer

AWS and Azure provide VPCs, which cover a portion of compliance and security requirements.

Within a VPC, the Datica Platform is installed. Everything within the Platform is strictly managed in adherence to Datica policies. The Platform uses a combination of Kubernetes and proprietary technology to orchestrate all DevOps duties for customers.

Platform Layer

Platform Layer

Customers create an account within the Datica Platform. It is through the account that they gain access to HIPAA-eligible AWS Primitives or Azure Services, which are strictly controlled by the Platform.

Within a customer account, the Platform containerizes all technology required to meet compliance controls from HIPAA, HITRUST, GDPR, and GxP. Things like logging, intrusion detection, and penetration testing, to name a few.

Application Layer

Application Layer

Customers deploy their applications to containerized environments. They can have multiple environments within their Datica account, managing any type of technical use case.

Administration of AWS Primitives or Azure Services are no longer required. Instead, customers simply allocate RAM to individual containers. Datica takes care of the rest.

Deployment is done either through a git push buildpack-based process or by pushing custom Docker containers.

Platform Architecture

See where each piece of the Platform fits, from logging and monitoring, to networking and load balancing. The animation below is a comprehensive architectural overview of the Platform.

 

Datica Platform Features

Features that not only show you how to be compliant, but actually make you compliant against the healthcare's most stringent security requirements.

Core Compliance

The components all customers receive on the Platform which ensure compliance to HIPAA, HITRUST, GDPR, and GxP.


Intrusion Detection

OSSEC pre-configured to meet all compliance requirements

Datica takes advantage of OSSEC, the industry-leading open-source intrusion detection software. As is the case with all controls required for both HIPAA compliance, GDPR compliance, GxP compliance, and HITRUST certification, IDS comes pre-installed and pre-configured for all production environments. Customers currently can not swap out OSSEC for another tool.

Vulnerability Scanning

Nessus pre-configured to meet all compliance requirements

Datica utilizes Nessus Professional for vulnerability scanning. As a core requirement for HIPAA compliance, GDPR compliance, GxP compliance, and HITRUST certification, vulnerability scanning comes installed and pre-configured to work automatically with your application environment. Customers currently cannot swap out Nessus for another tool.

Load Balancing

HA environments for mission-critical products

Datica customers run mission-critical applications impacting patient lives. Being able to support the resiliency of those applications is inherit to the Platform. Our “Service Proxy” service is responsible for routing traffic from the outside world to your environment. The service proxy can handle highly-available (“HA”) applications and will automatically load balance depending on the traffic situation. Additionally, the Platform supports highly-available services all the way down the user’s critical path.

Logging

Centralized logging through an ELK stack

Datica provides a complete ELK (Elasticsearch, Logstash, and Kibana) stack for logging. With Elasticsearch and Logstash working behind the scenes to log system-level activity, users can ship additional application-level logs to their central logging container. All logs are exposed via the Kibana dashboard that sits alongside your Platform environment. Before shipping any of your application logs, the Datica ELK stack comes pre-configured with important information about your infrastructure that map to compliance requirements.

Monitoring

Sensu container pre-configured for extensive compliance monitoring

Monitoring is a critical component of not only HIPAA compliance, but also running a product application in the cloud. Datica’s monitoring stack runs on Sensu with an Uchiwa dashboard on the frontend. The entire package sits in a container instantiated within each customer environment. We ship our monitoring instance with important alerts pre-configured for you.

Nightly Backups

Nightly backup and replication with granular controls

Datica prides itself on being a full, turnkey solution to compliance in the cloud. To that end, we configure all databases to run nightly backups with full replication. Additionally, we have both CLI and dashboard functionality to help you manage your backup versions. One such feature is granular control over jobs, which allows developers to selectively start and stop process jobs to simulate disaster and recovery.

Disaster Recovery

Business continuity supported with multiple region failover

Business continuity across all technical components are a central part of most compliance frameworks, especially HIPAA and GDPR. Disaster Recovery plays a key role in Business Continuity protocols. Datica supports DR by supporting failover across multiple cloud regions.

Services

Available environment services for customers on the Platform.


Custom Docker Containers

Bring your own Docker containers for maximum flexibility

The core compliance features on the Datica Platform have always ran on Docker containers. In addition to containerized compliance services, customers can push their own a Docker images directly to their Platform environments, skipping the buildpack and “git push” process entirely. There are many benefits to this alternative deployment model, but the one customer enjoy most is the predictability that exactly that Docker image will exactly on the Platform as it does anywhere else Docker is ran, including your localhost.

Service Files

Complete control over an environment services configuration

Service files are one of the most used features across the entire Platform. With Service Files, users are able to customize the services that make up their environment(s). Some Service Files are created when the Service is created — others are created later. For example, every time a Site is added, a Service File is added to the Environment’s Service Proxy to manage the NGINX configuration for the site. This gives users near full control over how each service is configured on the Platform.

Open Source Language Support

Trust that your application stack will be supported

Configure your environments with any code service built on top of the most common open source languages. Ruby, Python, Java, Node, PHP, Go, you name it: your choice of language can run inside of a code service Docker container on the Datica platform. For more information, read about our Buildpacks.

Database Services

Postgres, MySQL, and MongoDB support available

Because Datica provides disaster recovery and backups out of the box, we also manage databases for our customers. With options for Postgres, MongoDB, and Percona (MySQL), users can maintain the flexibility of the cloud, while offloading database management to the Platform.

Object Storage

Store files and objects in a scalable and compliant way

Datica extends AWS S3 or Azure Storage functionality with our own Object Storage feature. All Object Storage is fully HIPAA compliant, GDPR compliant, GxP compliant, and HITRUST certified. All Object Storage is backed up and logged automatically. Customers access Object Storage endpoints via the Platform.

Caching Services

Redis and Memcached support for caching management

In addition to Database services, Datica also manages implementations of Caches with Redis and Memcached. Whether you’re relying on session caching, or need a pub-sub solution, Datica provides the tooling to allow you to maintain control in a secure and compliant manner. Customers can elect to deploy containers with Redis or Memcache and scale RAM as needed. Note: We recommend Redis is best used as a caching tool and not an HA database replacement. For database options, consider our native support for Postgres, MySQL, or Mongo. We also provide additional database options through custom services.

Messaging Services

RabbitMQ containerized and configured to support compliant data strategies

Exchanging data and building scalable data strategies are a chief concern for Platform users. With RabbitMQ on the Datica Platform, users can maintain those strategies in a compliant manner. RabbitMQ is available for customers to self-deploy as a container in their environments.

Code Releases + Rollbacks

Manage current releases and rollback to previous releases

The Platform provides users with release management functionality. Each push to the platform is logged as a release. This allows users to rollback and tag releases accordingly. Code Release and Rollback functionality is available to all Platform customers, both Hosted and Licensed.

Buildpacks

Deploying is as simple as git push datica master

We don’t expect every user and developer on the Platform to build their own Docker images. That’s why we’re dedicated to continuing support for our buildpack functionality. This allows users to simply run git push and the Platform takes care of the rest of the work for you. Support for all official buildpacks are standard on the Platform, while custom buildpacks are also possible and encouraged if necessary.

Mirth Connect

One-click-installations of Mirth Connect for EHR integration

Mirth is an open source enterprise integration engine that we use to power EHR integrations for our customers. With more than 160 site-to-site integration projects across various health systems in the last three years, and millions of transactions processed per day, Mirth has proven it can handle the hardest and most mission-critical use cases. With Datica’s one-click installation of Mirth (OCI), customers can get started with EHR integration in literally the click of a button. We’ve also put extensive work into open sourcing our Mirth transforms so developers can start building even quicker. View the open source project here.

Secure Connectivity

The Platform provides a number of different ways to securely connect inside and out of your environments.


Let's Encrypt (SSL)

Free SSL certificates on that Platform via Let’s Encrypt

Datica is proud to offer free SSL certificates through Let’s Encrypt. With Let’s Encrypt, users can create free SSL certificates that automatically renew before expiring. When Let’s Encrypt certificates renew, the updated certificate will be automatically placed inside of your Datica environment without needing a redeploy.

Bring your own SSL cert

Configure your own cert with just a few CLI commands

In addition to Let’s Encrypt support, Datica also allows users to configure their own custom SSL certificates. With the Datica CLI certs command, users can opt to bring their own SSL certificates to the Platform in just a few simple commands.

VPN Management

Site-to-site and workstation VPN appliance management on demand

The Platform supports both site-to-site and workstation VPN appliance types, using StrongSwan and RoadWarrior, respectively. For users looking to access programs like Mirth, or gain access to their database, workstation VPNs are available to all customers. If you’re connecting to EHRs and working with health systems on data exchange, Datica supports site-to-site connections that ensure you’re getting the data where and when you need it.

GoAnywhere FTP

SFTP and SCP protocol support

Datica is proud to support GoAnywhere. GoAnywhere MFT allows customers to give their users access to securely exchanging files among different organizations using SFTP and SCP protocols. GoAnywhere is a great option when considering large data transport.

Proftpd

Proftpd server support for any environment type

In addition to GoAnywhere, the Datica Platform supports Proftpd, which is a useful alternative in certain situations for secure connectivity.

Account Management

The Platform strives for as much self-service and granular administrative as possible to give you maximum control and flexibility while still maintaining tight compliance controls.


Contracting and BAA Management

Single-click Business Associate Agreement management—hurrah!

Not only does Datica provide the strongest Business Associate Agreement on the cloud in healthcare (publicly viewable here), but we offer an extremely streamlined process for signing an MSA and BAA. When creating an account, simply check a box and your new environment(s) will be fully HIPAA compliant, GDPR compliant, GxP compliant, and HITRUST certified. No redlining, no drawn out process.

Self-service Environment Management

Create, manage, and scale services within your environments

Datica gives customers full control over creating new HIPAA compliant, GDPR compliant, GxP compliant, HITRUST certified environments.

No longer will you have to think about about capacity provisioning, standing up servers, or managing infrastructure, and then worry if it was done in a compliant way. Simply select the services you need to make your application run, and hit go.

Services are what makes up a Datica environment. Some services are pre-shipped with each environment in order to maintain compliance controls, others are selected directly by users. Adding services to new and existing environments is as easy as clicking a button through our self-service functionality.

Self-service Storage Scaling

Scale storage volumes on-the-fly

Database services on the Datica Platform come pre-shipped with attached storage devices (EBS volumes for those familiar with AWS nomenclature, or Page Blobs for those on Azure). While we don’t give users the ability to scale database RAM on their own, we do give them complete control over storage.

Self-service Billing

Full control over billing management and logging

Datica’s self-service billing functionality puts control into users hands with the ability to manage credit card information and invoice viewing. Additionally, all billing activity is logged and viewable by admins in the Organization Audit Logs feature.

Access Controls Lists

Create and manage Groups within your account, all tied to compliance

Datica’s “Groups” functionality gives administrators the ability to selectively build lists of access controls that can then be assigned to users. We currently offer 18 discrete controls to manage.

Multi-factor Authentication

Organization-level MFA policy management

We consider multi-factor authentication table stakes when it comes to managing online accounts. Datica’s multi-factor authentication feature not only gives individual account owners the ability to implement MFA for their account, but admins and organization owners the ability to mandate an MFA policy across their entire organization — with options for both email and Google Authenticator.

Organization Audit Logs

Full transparency into all organization activity within your account

Understanding the activity happening within your organization on Datica is important to Business Associates and Covered Entities within the regulations of HIPAA, GDPR, and GxP. With Datica’s organizational Audit Log feature, you gain insight into all activity within in the Datica Platform happening within your account.

Platform Metrics

View details on CPU, memory, and network usage

The Platform supports metrics reporting for CPU, Memory and Network usage. These metrics are available across user selected environment services and can be viewed in both the dashboard and CLI. Platform Metrics functionality is available to all Platform customers, both Hosted and Licensed.

Integrate with any EHR

Modern healthcare applications must integrate with Electronic Health Records, like Epic or Cerner, in order to improve their value. Datica helps you get that job done in a secure, compliant, and scalable way.

EpicCernerMcKessonAllscriptseCinlicalWorksNextGenGreenwayGE Centricity

EHR Integration With Mirth Connect

 

Add a new environment to your account with the click of a button. OCI Mirth Connect is a pre-packaged configuration of all the open source integration tooling you need to integrate with EHRs.

The add-on includes:
  • Mirth configured to be highly-available
  • Load balancers
  • Redundant Postgres for initial data ingestion
  • Mirth alerting and monitoring
  • VPN management

We open sourced our Mirth HL7 transformations used over the past three years. With OCI Mirth, you can get started today using these tools. Or, should you require help integrating into a specific hospital, we offer professional services to project manage an integration to completion.

Test out your own version of Mirth today chevron-right

Healthcare Compliance Management System

Extending critical compliance controls

HCMS Dashboard

Continuous compliance, delivered.

Visibility into the continuous compliance and security provided by the Datica Platform is important to our customers. The HCMS is a compliance dashboard that gives insights into all compliance controls across customer environments.

The HCMS is shipping with initial versions of our Licensed Platform. To learn more about the HCMS, schedule time to talk with us today.

Platform Technical Capabilities

Datica supports two primary methods of getting your software running on the Platform: Buildpacks with git push, and Container Services with datica deploy. Between these two methods, Datica can support almost any technology imaginable on the application layer. When it comes to services with volumes, we're a bit more prescriptive, given how automatic backups and disaster recovery works.

>_
Common Languages

Datica supports hundreds of languages and frameworks. Here are a few popular ones:

  • Ruby
  • Node.js
  • Clojure
  • Python
  • Java
  • Gradle
  • Grails 3.x
  • Scala
  • Play 2.x
  • PHP
  • Go
Database hotswap
Database Support
  • Percona/MySQL
  • PostgreSQL
  • MongoDB
Network
Other Services
  • Redis
  • Memcached
  • RabbitMQ
Windows architecture support
  • Windows VMs on dedicated accounts
  • Microsoft SQL Server
BYOD

Datica also supports Container Services with Docker; learn more here.

Don't see a listed technology you wish to use? Contact sales to see additional compatability.

Frequently asked questions about our platform

  1. Does Datica own its own server infrastructure?
  2. Is Datica SOC2 compliant?
  3. Will I have to re-architect my application to deploy onto Datica’s platform-as-a-service?
  4. Can I use 3rd party applications?
  5. Does Datica offer SMS capabilities? Notifications? Transactional email?
  6. How is SSL managed?
  7. Does Datica provide staging or test environments?
  8. Do I need to manage my own load balancing? How does Datica manage it for me?
  9. Does Datica handle failovers?
  10. Does Datica handle regionalism through their cloud infrastructure partners?
  11. Can I buy CPU cores?
  12. What is the equivalent EC2 instance for one of your app containers?
  13. Does Datica support Windows VMs?
  14. Does Datica support custom deployment models, such as Chef or Puppet?
  15. If Datica uses Docker to orchestrate environments, can I bring my own Docker containers?
  16. Do we support Canada deployments?
  17. Do we support international deployments?
  18. Do we support Oracle DB via RDS?
  19. Does Datica have a DMZ network segment isolated from production environments?
  20. How do I manage a VPN on Datica?
  21. What are the differences between a site-to-site VPN and a Roadwarrior VPN?
  22. How does logging work on the Platform?
  23. Does Datica provide an SFTP service?
  24. Does Datica support AWS lambda?
  25. Does Datica support all AWS HIPAA eligible services?
  26. Do you integrate with [EHR]?
  27. Do you integrate with [data standard]?
  28. If I complete an Epic (or Cerner, or...) integration with Datica, does that mean I get access to all Epic (or Cerner, or...) customers?
  29. Does Datica provide sandboxes for integrations?
  30. Does Datica help with testing an integration?
  31. Does Datica help stress-test my integration?
  32. How many messages per second can Datica's integration stack handle?
  33. Can Datica help with Single-Sign-On within an EHR integration?
Does Datica own its own server infrastructure?

No. Datica sits on top of the top public infrastructure-as-a-service providers, like AWS, Microsoft Azure, and IBM SoftLayer. We help make their clouds fully HIPAA compliant.

Is Datica SOC2 compliant?

Yes.

Will I have to re-architect my application to deploy onto Datica’s platform-as-a-service?

It depends what your application architecture looks like. Many customers leverage Datica’s expertise in containerization to help re-architect their applications to be ready for a container-based future. Otherwise if your application already runs in the cloud, chances are it will run on Datica. You can leverage Datica’s Services offering to engage with us to assess your options.

Can I use 3rd party applications?

Usage of 3rd party applications within your architecture is up to you. Many customers leverage 3rd party apps, such as New Relic, within their environments. If you are curious about a specific app, ask our support team.

Does Datica offer SMS capabilities? Notifications? Transactional email?

Datica does not offer any transactional communication tools at this time. In general, those tools are not necessarily compliant—for example, you never want to send PHI over email. For usage of those tools in a compliant way—such as sending a link to a user to login—Datica does not offer those capabilities on the platform.

How is SSL managed?

SSL certificates are managed via our command line utility. We provide an SSL certs command that gives you the ability to install, update and delete certificates as needed. At this time we are not able to provide you with a certificate out of the box. You must purchase the certificate on your own. We recommend digicert for those looking to buy a certificate. For free certificates we recommend Let’s Encrypt.

Does Datica provide staging or test environments?

While we don’t provide any non-compliant environments, customers are more than welcome to deploy multiple applications within multiple environments on the Datica platform. Datica’s approach is to apply our industry-best management of compliance to all customer environments, bar none. Consequently, we do not offer staging environments at a cheaper price point. Customers looking for staging environments typically create parallel environments with fewer dedicated resources.

Do I need to manage my own load balancing? How does Datica manage it for me?

Datica provides load balancing for all customer applications. Our built-in service proxy service is placed as the gateway to your environment. This service load balances requests across containers of the same service to allow horizontal scaling. Typically, this is done via round robin.

Does Datica handle failovers?

Yes. Our Mongo and Redis services have automated failover pathways, while our Postgresql and MySQL services require Datica manual failovers.

Does Datica handle regionalism through their cloud infrastructure partners?

No. We can support Cross Region Replication for S3, but do not have environments that can span regions at this time.

Can I buy CPU cores?

No. Compute resources are fully managed through the Datica platform on top of the various IaaS providers. Customers instead purchase and allocate RAM within their environments.

What is the equivalent EC2 instance for one of your app containers?

Application containers typically reside on an m4.xlarge and can use anywhere from 1, 2, 4, 8, or 16GB of RAM. We can accommodate different types of instances depending on contract size and desired use case.

Does Datica support Windows VMs?

Yes.

Does Datica support custom deployment models, such as Chef or Puppet?

Yes, although only at certain customer tiers. If your deployment process is dependent upon one of those tools, be sure to talk to a Datica team member about that requirement.

If Datica uses Docker to orchestrate environments, can I bring my own Docker containers?

Yes.

Do we support Canada deployments?

Yes, Canadian deployments are available on the AWS Montreal AZ. This option is available to all customers.

Do we support international deployments?

International deployments are available for Enterprise Plan customers only. We do not support multi-tenant deployments outside of USA and Canada at this time.

Do we support Oracle DB via RDS?

Yes, we support Oracle via AWS’s RDS availability.

Does Datica have a DMZ network segment isolated from production environments?

Yes. View our policy notes here.

How do I manage a VPN on Datica?

Datica provisions VPNs on behalf of customers on the Platform. Datica’s cloud engineering & support team will provide customers with VPN credentials and information as needed. Customers can manage VPN permissions, ACLs and groups directly in the dashboard.

What are the differences between a site-to-site VPN and a Roadwarrior VPN?

Site-to-site VPNs are used during health system integration to create a permanent connection to a hardware device. Roadwarrior VPNs are provided transient connections, typically to workstations.

How does logging work on the Platform?

Datica provides an ELK stack (elastic search, logstash, and Kibana) to all customers on the Platform. Customers point to our logging endpoints to store their logs.

Does Datica provide an SFTP service?

Datica provides two primary SFTP solutions. Customers needing SFTP should reach out to our cloud engineering & support team.

Does Datica support AWS lambda?

We do not currently support Lambda.

Does Datica support all AWS HIPAA eligible services?

Of AWS’s 57 services, 27 are covered under their BAA as HIPAA Eligible. Of those, almost all have basic support through our platform, but there are a few we do not yet support. Discuss with our team service availability if you have questions about your architecture.

Do you integrate with [EHR]?

Datica has live, active integrations with 27 of the top 35 EHRs. More projects are planned to bring us closer to live integrations with the top 40. If you are needing integration services outside of that list, chances are we can still help you.

Do you integrate with [data standard]?

Datica has live integrations with almost every main data standard you can think of. There are some we are more proficient in than others—e.g. we have more integrations for HL7 with hospitals than we do for Claims with clearinghouses—but if there is a specific technology you are curious about, contact us.

If I complete an Epic (or Cerner, or...) integration with Datica, does that mean I get access to all Epic (or Cerner, or...) customers?

No. Healthcare integrations are inherently point-to-point. You will integrate with a specific site’s version of an EHR. It is a myth that you can connect once into an EHR and get access to their customer base.

Does Datica provide sandboxes for integrations?

We provide open APIs that anyone can test against. Those are found at hl7.datica.com and fhir.datica.com. Beyond that, extra requirements are scoped out with Datica’s Services team for an additional cost.

Does Datica help with testing an integration?

We most definitely do! Customers can engage with our Managed Integration services.

Does Datica help stress-test my integration?

Part of Datica’s Managed Integration service is to help scope out expected message volume and work with customers accordingly on setting up their environment to support that.

How many messages per second can Datica's integration stack handle?

The base product can handle close to 50msg/s. Supporting higher frequency of messages is as easy as dedicating more resources to the integration environment.

Can Datica help with Single-Sign-On within an EHR integration?

Potentially yes. It will depend on your type of integration. You will want to engage with our Managed Integration services to determine fit.


Get started with the Datica platform today

Learn about integrations chevron-right