System Architecture
Vantrexia is a multi-tenant SaaS platform purpose-built for Remote Patient Monitoring (RPM) to EMR integration. The system ingests vitals data from connected medical devices, transforms it into FHIR R4-compliant resources, applies clinical triage rules, and synchronizes observations with eClinicalWorks — all while maintaining HIPAA compliance at every layer.
Vantrexia follows a modular monolith pattern — a single Django application organized into discrete, loosely coupled apps. This approach delivers the simplicity and deployment speed of a monolith while maintaining clear boundaries between domains (authentication, ingestion, billing, FHIR, etc.). The architecture is designed to be horizontally scalable when needed, with Celery workers handling the heavy async processing.
Platform Overview
The platform serves medical practices that need to monitor patients with chronic conditions (hypertension, diabetes, COPD, heart failure) at scale. A single clinician can monitor up to 100 patients simultaneously using exception-based triage, while the automated billing engine captures all billable CPT codes without manual intervention.
Key architectural goals:
- HIPAA-first design — AES-256 encryption at the field level, immutable audit logs, RBAC, auto session expiry
- Real-time data flow — Device readings arrive via webhooks and are processed within seconds
- EMR synchronization — Bidirectional sync with eClinicalWorks for patients and observations
- Automated revenue capture — Celery-powered billing engine runs every 4 hours
- Cost efficiency — Full production stack runs on a single EC2 t4g.medium (~$57/month)
Technology Stack
| Layer | Technology | Version | Purpose |
|---|---|---|---|
| Frontend | React SPA | Vite + TypeScript + Tailwind CSS | Provider dashboard, admin UI, triage views, billing console |
| Backend | Django / Django REST Framework | Django 4.2 / DRF 3.15 | REST API, business logic, FHIR R4 compliance, webhook processing |
| Database | PostgreSQL | 15 | Primary data store with field-level AES-256 encryption for all PHI |
| Cache / Broker | Redis | 7 | EncryptedRedisCache for sessions, Celery message broker, rate limiting |
| Task Queue | Celery + Celery Beat | 5.x | Async processing: billing runs, EMR sync, data ingestion, alerting |
| Reverse Proxy | Nginx | Latest | TLS termination, static file serving, rate limiting, request routing |
| Containerization | Docker Compose | — | Multi-container orchestration for all services |
| CI/CD | GitHub Actions | — | Automated testing, linting, Docker build, production deploy |
Backend Application Structure
The Django backend is organized into eight discrete apps, each owning a specific domain. All apps share a common PostgreSQL database but communicate through well-defined internal APIs (service functions and serializers), not direct model access across app boundaries.
| App | Responsibility | Key Models / Features |
|---|---|---|
authentication |
User management, JWT auth, RBAC, privacy controls | CustomUser, Role, AuditLog, PrivacyRequest, ConsentRecord, TOTP 2FA |
core |
Patient records, observations, triage, billing | Patient, Observation, AlertThreshold, TriageQueue, BillingRecord, CPT codes |
ecw_integration |
eClinicalWorks EMR bidirectional sync | JWT auth to eCW, patient import/export, observation push, conflict resolution |
fhir_transform |
FHIR R4 resource transformation | Patient → FHIR Patient, Observation → FHIR Observation, Bundle generation |
ingestion |
Device data intake and normalization | Webhook receiver, payload validation, unit conversion, deduplication |
mio_integration |
MioConnect device platform interface | Webhook processing, device enrollment, transmission tracking |
monitoring |
System health and operational metrics | Health checks (DB, Redis, Celery, eCW), uptime tracking, error rates |
settings |
Practice-level configuration | Alert thresholds, notification preferences, billing rules, integration config |
Each app registers its own URL routes under /api/v1/{app_name}/. The core app is the largest, containing the primary clinical models. Other apps interact with core models through Django's ORM but define their own serializers and views.
End-to-End Data Flow
The following diagram shows the complete path a vital sign reading takes from a patient's device to the clinician's dashboard and the EMR system:
┌──────────────┐ ┌──────────────────┐ ┌──────────────────────┐
│ RPM Device │────▶│ MioConnect Cloud │────▶│ Vantrexia Webhook │
│ (BP, SpO2, │ │ (Device Gateway) │ │ POST /api/v1/ │
│ Glucose, │ │ │ │ ingestion/webhook/ │
│ Weight) │ └──────────────────┘ └──────────┬───────────┘
└──────────────┘ │
▼
┌──────────────────────┐
│ Ingestion Service │
│ • Validate payload │
│ • Normalize units │
│ • Deduplicate │
│ • Assign patient │
└──────────┬───────────┘
│
▼
┌──────────────────────┐
│ FHIR Transform │
│ • Map to FHIR R4 │
│ • Create Observation│
│ • Encrypt PHI │
│ • Write to DB │
└──────────┬───────────┘
│
┌─────────────────────┼─────────────────────┐
▼ ▼ ▼
┌────────────────┐ ┌────────────────────┐ ┌────────────────┐
│ Triage Engine │ │ Billing Engine │ │ eCW Sync │
│ • Threshold │ │ • CPT Code Match │ │ • Push to EMR │
│ evaluation │ │ • Auto-generate │ │ • FHIR Bundle │
│ • Risk score │ │ claims │ │ • Conflict │
│ • Push alerts │ │ • Revenue track │ │ resolution │
└────────────────┘ └────────────────────┘ └────────────────┘Step-by-Step Flow
Device Transmission
The patient's RPM device (blood pressure monitor, pulse oximeter, glucose meter, or weight scale) takes a reading and transmits it over Bluetooth/cellular to MioConnect Cloud, the device gateway platform. MioConnect normalizes the raw device data and forwards it as a structured JSON payload.
Webhook Ingestion
MioConnect sends an HTTPS POST to /api/v1/ingestion/webhook/. The Ingestion Service validates the request signature, parses the payload, normalizes measurement units (mmHg, mg/dL, lbs → kg), deduplicates against recent readings, and assigns the data to the correct patient via device serial number lookup.
FHIR Transformation
The FHIR Transform service converts the normalized reading into a FHIR R4 Observation resource. All PHI fields are encrypted with AES-256 before writing to PostgreSQL. The FHIR resource includes proper coding (LOINC codes), units (UCUM), and references back to the Patient resource.
Triage & Alerting
The triage engine evaluates the new observation against the patient's configured alert thresholds. If a threshold is breached, the system updates the patient's risk score (0–100), generates a triage queue entry, and triggers push notifications via APNs/FCM. Clinicians see the flagged patient in their real-time triage dashboard.
Billing Capture
Every transmission increments the patient's monthly device-day counter. The billing engine (Celery task running every 4 hours) evaluates whether CPT thresholds have been met (e.g., 16 device-days for 99454) and auto-generates billing records for eligible CPT codes (99453, 99454, 99457, 99458).
EMR Synchronization
The eCW Integration app packages the FHIR Observation into a Bundle and pushes it to eClinicalWorks via their REST API using JWT authentication. The sync engine handles conflict resolution, retry logic, and maintains an audit trail of every EMR write operation.
Infrastructure & Deployment
Vantrexia runs as a set of Docker containers orchestrated by Docker Compose on a single AWS EC2 instance. The architecture prioritizes simplicity and cost efficiency while maintaining production-grade reliability.
| Component | Service / Instance | Est. Monthly Cost |
|---|---|---|
| Compute | EC2 t4g.medium (2 vCPU, 4 GB RAM, ARM64) | ~$27 |
| Database | RDS PostgreSQL 15 (db.t4g.micro, 20 GB gp3) | ~$15 |
| Storage | S3 (static assets, backups, encrypted exports) | ~$3 |
| Cache | Redis 7 (Docker container on EC2) | Included in compute |
| AWS SES (transactional email) | ~$2 | |
| Networking | ALB + Route 53 + ACM (TLS certificates) | ~$10 |
| Total | ~$57/month |
Docker Compose Services
The production docker-compose.prod.yml defines the following services:
┌─────────────────────────────────────────────────────┐
│ EC2 t4g.medium │
│ │
│ ┌─────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Nginx │ │ Django │ │ Celery │ │
│ │ :443 │─▶│ Daphne │ │ Worker │ │
│ │ :80 │ │ :8000 │ │ │ │
│ └─────────┘ └──────────┘ └──────────┘ │
│ │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Celery │ │ Redis 7 │ │ Postgres │ (or RDS) │
│ │ Beat │ │ :6379 │ │ :5432 │ │
│ │ (sched.) │ │ │ │ │ │
│ └──────────┘ └──────────┘ └──────────┘ │
└─────────────────────────────────────────────────────┘- Nginx — TLS termination, static file serving, reverse proxy to Daphne, rate limiting (100 req/min per IP)
- Django (Daphne) — ASGI server serving the REST API on port 8000
- Celery Worker — Processes async tasks: EMR sync, data ingestion, alert notifications, billing runs
- Celery Beat — Scheduler for periodic tasks: billing engine (every 4h), device billing (2:00 AM daily), health checks (every 5 min)
- Redis 7 — Celery message broker, encrypted session cache (
EncryptedRedisCache), rate limit counters - PostgreSQL 15 — Primary data store (local container or RDS in production)
External Service Integrations
Vantrexia integrates with the following external services, each serving a specific role in the RPM workflow:
| Service | Purpose | Protocol | Notes |
|---|---|---|---|
| MioConnect | Device gateway — receives vitals from RPM hardware | HTTPS Webhooks (inbound) | Supports BP, SpO2, glucose, weight devices. HMAC-signed payloads. |
| eClinicalWorks (eCW) | EMR — bidirectional patient and observation sync | REST API + JWT Auth | Patient import, observation push, FHIR R4 Bundles. Retry with exponential backoff. |
| APNs (Apple) | iOS push notifications | HTTP/2 + .p8 token auth | HIPAA-safe payloads — PHI is stripped before delivery. Uses AuthKey_GSZ5ZQQ6L2.p8. |
| FCM (Firebase) | Android push notifications | HTTPS + service account | Same HIPAA-safe sanitization as APNs. Configured via GoogleService-Info.plist. |
| AWS SES | Transactional email | SMTP / SES API | Password resets, alerts, admin notifications. No PHI in email bodies. |
| AWS S3 | Object storage | AWS SDK | Static assets, encrypted data exports, database backups. |
Security Architecture
Security is not a bolt-on — it is woven into every layer of the Vantrexia architecture. The system is designed to meet HIPAA Security Rule requirements for technical, administrative, and physical safeguards.
| Layer | Mechanism | Implementation |
|---|---|---|
| Authentication | JWT + TOTP 2FA | 15-minute access tokens, 24-hour refresh tokens, optional TOTP-based two-factor authentication |
| Authorization | Role-Based Access Control (RBAC) | 7 roles (Admin, Clinical Manager, Provider, Nurse, MA, Data Monitor, Patient) with per-endpoint permission checks |
| Encryption at Rest | AES-256 (django-encrypted-model-fields) | All PHI fields use EncryptedCharField, EncryptedJSONField, EncryptedDateField, EncryptedEmailField |
| Encryption in Transit | TLS 1.2+ (enforced) | Nginx terminates TLS with ACM certificates. HSTS header enabled. |
| Audit Logging | Immutable audit trail | Every PHI access, modification, export, and deletion is recorded. 7-year retention policy. |
| Session Management | 30-minute inactivity timeout | Encrypted Redis sessions. Automatic logout on timeout. Single-device enforcement available. |
| Brute Force Protection | 5 attempts → 30-min lockout | Progressive delay after each failed login attempt. Admin can manually clear lockouts. |
| Cache Security | EncryptedRedisCache | All cached data (including sessions) is encrypted before writing to Redis. |
All secrets (database credentials, API keys, encryption keys, JWT secrets) are injected as environment variables via GitHub Secrets in CI/CD and .env files in local development. No secrets are committed to source control. The FIELD_ENCRYPTION_KEY used for AES-256 PHI encryption is a Fernet-compatible key rotated quarterly.
API Request Lifecycle
Every API request passes through multiple middleware layers before reaching the view handler:
Client Request (HTTPS)
│
▼
┌──────────────────────────────┐
│ Nginx (TLS Termination) │ ─── Rate Limit: 100 req/min/IP
└──────────┬───────────────────┘
▼
┌──────────────────────────────┐
│ Django Middleware Stack │
│ 1. SecurityMiddleware │ ─── HSTS, Content-Type sniffing
│ 2. SessionMiddleware │ ─── Encrypted Redis sessions
│ 3. AuthenticationMiddleware │ ─── JWT token validation
│ 4. AuditMiddleware │ ─── Log request metadata
│ 5. RBACMiddleware │ ─── Role-based permission check
│ 6. EncryptionMiddleware │ ─── Decrypt/encrypt PHI fields
└──────────┬───────────────────┘
▼
┌──────────────────────────────┐
│ DRF View / ViewSet │ ─── Business logic + serialization
└──────────┬───────────────────┘
▼
┌──────────────────────────────┐
│ PostgreSQL (Encrypted PHI) │
└──────────────────────────────┘Next Steps
Set up locally: Follow the Installation Guide to get the full stack running with Docker Compose in under 5 minutes.
API Reference: See the API Overview for complete endpoint documentation with request/response examples.
Compliance: Read the HIPAA Compliance page for detailed security safeguard documentation.
Integrations: Learn about the eClinicalWorks and MioConnect integrations.