Versions Compared

Old Version 2

changes.mady.by.user Ben Derr

Saved on

compared with

New Version Current

changes.mady.by.user Ben Derr

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Tidepool's HIPAA-compliant cloud platform is hosted on Amazon Web Services (AWS) with data hosted in MongoDB Atlas.

Live Search
spaceKey@self
additionalpage excerpt
placeholderSearch this space
typepage

Architecture overview

Tip

  • All data, at all times, is transmitted using secure, industry-standard, encrypted protocols (HTTPS, TLS 1.2).

  • All data, at all times, is encrypted at rest using AES-256-bit encryption.

Tidepool has multiple, isolated network and compute environments, environments and clusters used for different purposes, architected and informed by AWS recommendations for HIPAA-compliant services:

  • PRD - our production Production server environment; this is where all end-user data is stored, including PHI covered under HIPAA.

  • INT - our integration Integration test environment for 3rd party developers to use as a test sandbox for their applications that access our APIs; this environment may also contain PHI covered under HIPAA.

  • Analytics - may contain PHI under analysis and/or in the process of being de-identified for use in the Big Data Donation Projectenvironment

    • This is a private environment, with no non-Tidepool access.

Other environments that are hosted on HIPAA-compliant services but do not host PHI:

  • Ops - operational Operational clusters and environment hosting tools, monitoring, analytics, logging and alerting facilities; this environment is not used for PHI covered under HIPAA.

  • Sandbox environments - testing/evaluation ops environment for tools and technology; this environment is not used for PHI covered under HIPAA.

  • QA1 and QA2 QA environments - development environmentenvironments, for day-to-day iteration by our development staff; this environment is not used for PHI covered under HIPAA.

The PRD Production environment features multiple auto-scaling groups and is hosted in multiple Availability Zones.

The production Production database is hosted in triplicate (primary-secondary-secondary) in multiple Availability Zones, and is additionally backed up hourly.

Page Tree

Tip

All of our servers are currently hosted in the us-west-2 Region of AWS.

The overall system architecture is shown below. A more detailed diagram and description of the production Production environment (PRD) follows in Service Architecture.

Figure 1: Tidepool Overall AWS System Architecture

The PRD Production environment is logically isolated in its own Virtual Private Cloud (VPC) from other environments. Different network environments can access each other only as explicitly permitted via policy and permissions managed in Infrastructure as Code (e.g. GitOPS), and are operated under a zero-trust network policy. Non-authenticated traffic is not permitted and all traffic is encrypted within clusters using TLS.

Redundant servers are maintained in multiple Availability Zones within AWS US-West 2; detailed in Availability Zones.