System Architecture
Multi-tenant healthcare infrastructure built for HIPAA compliance, horizontal scalability, and sub-100ms API response times.
Platform Architecture
From client applications through the API gateway to infrastructure engines and the data layer — every request is authenticated, authorized, and audit-logged.
Client Applications connect via REST APIs, SDKs, or direct integration. All traffic passes through the API Gateway, which handles authentication, rate limiting, and request routing.
Rymeda Platform engines process domain-specific logic — care delivery, revenue cycle, compliance, ORIS, provider network, and commerce. Each engine is independently deployable and horizontally scalable.
Data Layer uses MongoDB for primary storage with per-tenant data isolation, AWS S3 for encrypted object storage, and Redis for session caching and job queues.
Multi-Tenant Architecture
Every organization operates in a fully isolated tenant with its own data partition, access policies, and compliance configuration.
Organization Isolation
Each organization gets a unique tenant ID. All database queries are scoped to the tenant — cross-tenant data access is architecturally impossible.
HIPAA Boundaries
PHI is encrypted at rest and in transit. Tenant boundaries enforce BAA-compliant data isolation. Audit trails capture every access.
Data Partitioning
Database collections use compound indexes with tenant ID as the partition key. This ensures query isolation and horizontal scalability.
Role-Based Access Control
RBAC with organization-scoped roles: Admin, Clinical Director, Provider, Billing, Compliance Officer, and custom roles.
Tenant Resolution Flow
Request → API Gateway
├─ Extract bearer token
├─ Validate token with Cognito
├─ Resolve organizationId from token claims
├─ Inject tenant context into request pipeline
└─ All downstream queries scoped to tenant
// Every database query includes tenant scope:
db.collection('sessions').find({
organizationId: ctx.tenantId, // injected by middleware
status: 'scheduled',
})Data Models
Core data models that power the Rymeda platform. All models include tenant isolation, audit timestamps, and soft-delete support.
Patient
Core patient/client record with demographics, insurance, and care relationships.
| Field | Type |
|---|---|
idreqUnique patient identifier | string |
firstNamereqLegal first name | string |
lastNamereqLegal last name | string |
dateOfBirthreqDate of birth | string (ISO 8601) |
statusreq"active" | "inactive" | "discharged" | enum |
insuranceInfoPrimary insurance details | InsuranceInfo |
primaryProviderIdAssigned primary provider | string |
organizationIdreqOwning organization (tenant) | string |
createdAtreqRecord creation timestamp | string (ISO 8601) |
updatedAtreqLast modification timestamp | string (ISO 8601) |
Provider
Healthcare provider with credentials, specialties, and organizational membership.
| Field | Type |
|---|---|
idreqUnique provider identifier | string |
firstNamereqProvider first name | string |
lastNamereqProvider last name | string |
npireqNational Provider Identifier (10 digits) | string |
specialtyreqPrimary specialty code | string |
credentialStatusreq"active" | "pending" | "expired" | "revoked" | enum |
organizationIdreqOrganization membership | string |
licenseStatesLicensed state codes | string[] |
createdAtreqRecord creation timestamp | string (ISO 8601) |
Session
Care session or encounter with scheduling, duration, and outcome tracking.
| Field | Type |
|---|---|
idreqUnique session identifier | string |
clientIdreqAssociated patient | string |
providerIdreqAssigned provider | string |
serviceTypereqService type code (e.g., "behavioral_health") | string |
statusreq"scheduled" | "in_progress" | "completed" | "cancelled" | "no_show" | enum |
startTimereqScheduled or actual start time | string (ISO 8601) |
endTimeActual end time (null until completed) | string (ISO 8601) |
scheduledDurationreqScheduled duration in minutes | number |
notesAssociated progress notes | ProgressNote[] |
createdAtreqRecord creation timestamp | string (ISO 8601) |
Claim
Insurance claim with CPT/ICD codes, payer details, and lifecycle status.
| Field | Type |
|---|---|
idreqUnique claim identifier | string |
clientIdreqPatient associated with claim | string |
sessionIdreqOriginating care session | string |
payerIdreqInsurance payer | string |
statusreq"draft" | "submitted" | "accepted" | "denied" | "paid" | "appealed" | enum |
cptCodesreqProcedure codes | string[] |
icdCodesreqDiagnosis codes | string[] |
totalAmountreqBilled amount in USD | number |
paidAmountAmount paid (null until payment received) | number |
submittedAtSubmission timestamp | string (ISO 8601) |
ComplianceArtifact
Compliance document, certificate, or attestation with expiration tracking.
| Field | Type |
|---|---|
idreqUnique artifact identifier | string |
typereq"policy" | "training_certificate" | "attestation" | "audit_report" | enum |
titlereqDocument title | string |
statusreq"active" | "expired" | "superseded" | enum |
userIdAssociated user (for certificates) | string |
fileUrlSecure download URL | string |
expiresAtExpiration date | string (ISO 8601) |
createdAtreqUpload timestamp | string (ISO 8601) |
AuditLog
Immutable audit trail entry capturing every data access and mutation.
| Field | Type |
|---|---|
idreqUnique audit entry identifier | string |
actionreq"create" | "read" | "update" | "delete" | "export" | enum |
resourceTypereqResource type (e.g., "care_session", "claim") | string |
resourceIdreqAffected resource identifier | string |
userIdreqUser who performed the action | string |
ipAddressreqClient IP address | string |
userAgentClient user agent string | string |
metadataAdditional context (varies by action) | object |
timestampreqWhen the action occurred | string (ISO 8601) |
OrisWorkflow
AI-driven automation workflow with trigger conditions and execution history.
| Field | Type |
|---|---|
idreqUnique workflow identifier | string |
namereqHuman-readable workflow name | string |
triggerreq"event" | "schedule" | "manual" | "threshold" | enum |
triggerConfigreqTrigger-specific configuration | object |
actionsreqOrdered list of actions to execute | WorkflowAction[] |
statusreq"active" | "paused" | "disabled" | enum |
lastRunAtLast execution timestamp | string (ISO 8601) |
lastRunStatus"success" | "failed" | "partial" | enum |
createdAtreqWorkflow creation timestamp | string (ISO 8601) |
Encryption Model
Defense-in-depth encryption strategy protecting data at rest, in transit, and during processing.
At Rest — AES-256
- All database volumes encrypted with AES-256-GCM
- S3 objects encrypted with SSE-KMS
- Backups encrypted with separate key hierarchy
- Field-level encryption for PII and PHI
In Transit — TLS 1.3
- TLS 1.3 enforced on all external connections
- Mutual TLS (mTLS) for service-to-service
- Certificate pinning for mobile clients
- HSTS headers with 1-year max-age
Key Management — KMS
- AWS KMS with hardware security modules (HSM)
- Automatic key rotation every 365 days
- Per-tenant encryption keys for data isolation
- Key usage logged in CloudTrail
Encryption in Practice
// Field-level encryption for PHI
{
"id": "client_123",
"firstName": "ENC[AES256:abc123...]", // encrypted
"lastName": "ENC[AES256:def456...]", // encrypted
"dateOfBirth": "ENC[AES256:ghi789...]", // encrypted
"status": "active", // not PHI
"organizationId": "org_100", // not PHI
"createdAt": "2024-06-01T12:00:00Z" // not PHI
}
// Decryption happens at the application layer
// using per-tenant KMS data keys.
// Audit log entry created for every decryption.Infrastructure Highlights
Multi-AZ deployment with automatic failover and health monitoring.
Edge caching, connection pooling, and optimized query paths.
Annual SOC 2 audit with continuous monitoring and evidence collection.
Business Associate Agreements and full HIPAA compliance program.
All services auto-scale based on CPU, memory, and request volume.
Primary in us-east-1, disaster recovery in us-west-2.
Ready to build on Rymeda?
Explore the API reference or talk to our engineering team about your architecture needs.