Healthcare Considerations for Modern Data Architectures: As modern healthcare creates more and more data, mining and using this data becomes critical for data-driven decision making, offering the potential for drastically improved health outcomes. However, the explosion of data sources and applications create challenges in how you architect solutions that not only are reliable, but also secure and compliant with HIPAA regulations. Moving from a traditional single database to distributed data stores with semi-structured or unstructured data involves careful consideration. Which data store to use can’t be the only consideration. Where to operate this data store, its ability to support encryption technologies, to be deployed in a distributed architecture, to create auditable transaction logs, and its scalability and resiliency all must be considered. Not all data store technologies will fit the bill, nor will all deployment methods – is cloud better or on-premise? Which cloud providers can support all my requirements? Once a well thought out data architecture is established, security must also be addressed, right up front in the design phase. Security best practices need to be followed to ensure sensitive data is protected properly, as it is gathered, as it is transmitted, and while it is stored and analyzed. Distributed data can be a great fit for modern cloud delivered services, but cloud-based applications also require a different approach than traditional applications. Cloud technologies are built to support automated workflows, and automation tools and run books are key to ensuring consistency and reliability of your data and operations, but also to maintain compliance with regulations throughout the lifecycle of your applications. All of these new technologies and approaches to data management are rife with pitfalls and challenges, but there IS hope! Understanding these issues and the best practices associated with each consideration can set you up for success.

1. Healthcare Considerations for Modern Data
Architectures
Pitfalls, Challenges and Best Practices
Data Day Health 2017
Presented by:
Toby Owen,VP Product Development

2. OnRamp
- Industry leading high security and hybrid hosting provider
- Operates multiple enterprise class data centers located in Austin,
Texas and Raleigh, North Carolina
- SSAE 16 SOC II and SOC 3 Audited, PCI and HIPAA compliant
company
- Specializes in helping organizations meet their rigorous
compliance requirement and keep their data safe
Toby Owen
- Vice President, Product Development, OnRamp
- 20 year IT veteran with operations and engineering
background
- Security, IT ops at scale, hybrid cloud, compliant
workload hosting

4. AGENDA
GOAL: Designing an app for Healthcare… that’s compliant!
Data Stores
App Design
Where to Run It
Dev Lifecycle
Takeaways
Q & A

5. Refresher on (or intro to) databases
CAP theorem
C = Consistency
A = Availability
P = PartitionTolerance

6. Database ReferenceGuide – at a glance
*Adapted from http://blog.nahurst.com/visual-guide-to-nosql-systems

7. Why do we care?
• Scaling vertically versus horizontally
- Costs of scaling up can grow exponentially
- Scaling horizontally is linear
- Limits to scaling vertically, “indefinite” horizontal
scale limit
• Data sources are increasingly distributed
• Horizontal scaling provides better geo-
resiliency at the same time
• Not all data needs strict ACID compliance
 More arguments favor distributed data stores

8. RDBMS and ACID
• Definition: Atomicity, Consistency, Isolation, Durability
• Favors Consistency overAvailability
• Examples
- MSSQL
- MySQL
- Postgres
- Greenplum
- VoltDB

9. Is scalability and ACID a false tradeoff?
• Scalability and ACID are difficult to satisfy at the same time
• Not all data requires strict ACID compliance
• Relational can be a bottleneck
- Simpler models might simplify operations – easier and more efficient
• New relational DBs can be very fast AND scalable
• Many NoSQL DB’s adding features to look more like RDBMS
• Take-away: understand your data (shape and use case) and pick the
right solution

10. NoSQL and BASE
• NoSQL Definition
- SOME of the following: non-relational, distributed, open-source, horizontally
scalable, schema free, easy replication support, simple API
• BASE Definition: Basically Available, Soft state, Eventual consistency
- All data reads will eventually yield the same result
• Favors Availability over Consistency
• Let’s focus some time here exploring NoSQL databases/datastores
- Considerations based on scalability, encryption and key management

11. • Document oriented Database (JSON). Considered “semi-structured” data
• Scalability - built in via automatic sharding (range, hash, zone)
- EA FIFA game (250+ servers),Yandex (10’s billion objects,TBs of data, growing at 10MM files uploads/day)
• Security – encryption in-transit
- SSL/TLS client support (data in-transit)
- MongoDB Enterprise Advanced supports FIPS 140-2
- Atlas (Mongo-aaS on Amazon) does NOT support FIPS mode
• Security – encryption at-rest
- App level, external filesystem, disk level, or natively (encrypted storage engine). Native suports FIOPS 140-2
• Security – key management
- Each DB has a separate Key
- Can be integrated with external KMS
- Supports key rotation without downtime (via rolling restarts of replica set)
- Native encryption is only available via Enterprise Advanced version!

12. • Row-oriented
• Scalability – peer-to-peer distributed system, data across all nodes
- Each node contains commit log, exchanges data across cluster every second
- All writes are automatically partitioned and replicated throughout cluster
- Apple (75,000 nodes, 10PB); Netflix (2,500 nodes, 420TB, 1 trillion requests/day)
• Security – encryption in-transit
- SupportsTLS/SSL, separate configs for client-server and server-server
- FIPS compliance supported
• Security – encryption at-rest
- Open-sourceCassandra relies on filesystem encryption
- Datastax (commercial version) supports at-rest encryption
• Security – key management
- Open-sourceCassandra relies on filesystem encryption’s key management tools (can be complex)
- Datastax (commercial version) has native KMIP support

13. • Not really a database – distributed filesystem (HDFS) plus application interface (MapReduce)
• Scalability – designed for large file distribution across 100’s and 1000’s of servers, streaming
access and large data sets
- (compute cheaper to move than data)
- Facebook (21PB, 2000 machines), Spotify (1300 nodes, 42PB storage, 20TB a day ingested, 200TB a day
generated by Hadoop)
• Security – encryption in-transit
- HDFS supports transparent encryption
• Security – encryption at-rest
- Supported by HDFS, application, database, or disk-level
- Lots of options for commercial support and tools to simplify management
• Security – key management
- Natively supports it’s own KMS
- Again, more commercial options exist to simplify

14. LOTS of others
• KeyValue
- Redis
- DynamoDB
• Document Oriented
- CouchDB
- DocumentDB
• Time Series
• Graph
• + 225 more! (nosql-database.org for basic info and comparisons)

15. So you’ve chosen your datastore(s)
Now what?
Application architecture!

16. Application design
SOME Considerations for HIPAA and HITECH
• HITECH – each app zone requires firewall isolation
- Web, app, database
• Key Management
- Key Management System (KMS)
- Hardware Security Module (HSM)
- Keys database
- Key splitting – for transferring clear-text cipher keys

17. ReferenceArchitecture

18. And more
• Many other security considerations around compliant application
architecture
- Shared storage resources and shared IaaS
Supporting encryption at-rest may not be enough to achieve HIPAA or HITRUST
compliance.
- Verifiable (compliant) destruction of data in a shared environment
- Encryption keys need to be managed in accordance with shared secrets or
‘key splitting’ schemes (e.g. Shamir’s secret sharing)

19. Next?
We’ve chosen the right datastores…
We’ve designed our application to
support HITRUST or HIPAA…
Where will the app run?

20. Hybrid is the likely reality
• Consuming 3rd party data sources
• Capabilities of each data or app
component provider
• BAA with each provider
• Peril of failing to plan

21. How to keep all this compliant?
• Lots to consider to get it right
• Start at the beginning – your development
lifecycle
• Automate everything
• Dev/Test/Staging/Production should all account
for secure design
• Use Containers ?
• Maybe get some help

22. KeyTakeaways
• Distributed data is becoming the new norm
• Data is different – data usage should dictate data technology
- (no one-size-fits-all)
• ApplicationArchitecture is key to achieving compliance
• Must consider all locations where app is running
• Consider compliance in all phases of app development (starting with
design)
• Automation in development pipeline is key to building-in and maintaining
compliance throughout app lifecycle
• Final consideration – are you now a service provider?

24. Toby Owen
VP, Product Development
OnRamp
towen@onr.com
@tobydowen
linkedin.com/in/tobyowen

25. Resources
• Databases and scaling:
- http://stackoverflow.com/questions/12215002/why-are-relational-databases-having-scalability-issues
- http://blog.nahurst.com/visual-guide-to-nosql-systems
- http://nosql-database.org/
• MongoDB
- https://www.mongodb.com/mongodb-architecture
- https://webassets.mongodb.com/_com_assets/collateral/MongoDB_Security_Architecture_WP.pdf
• Cassandra
- http://cassandra.apache.org/doc/latest/operating/security.html?highlight=encryption
- http://stackoverflow.com/questions/32584253/how-to-use-cassandra-with-tde-transparent-data-encryption
- http://dba.stackexchange.com/questions/6909/cassandra-encryption-at-rest
- http://www.datastax.com/products/datastax-enterprise
• Hadoop
- https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html
- Hadoop at Scale: Spotify http://cdn.oreillystatic.com/en/assets/1/event/118/The%20Evolution%20of%20Hadoop%20at%20Spotify-
%20Through%20Failures%20and%20Pain%20Presentation.pdf
• Key management
- https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing