Glossary - Vantrexia Documentation

A

AES-256: Advanced Encryption Standard with a 256-bit key length. Vantrexia uses AES-256 for field-level encryption of Protected Health Information (PHI) stored in the database, meeting HIPAA requirements for data at rest encryption.
API (Application Programming Interface): A set of defined rules and protocols that allow software applications to communicate with each other. Vantrexia exposes a RESTful API with 150+ endpoints for managing patients, observations, billing, and triage workflows.
ARM64: A 64-bit processor architecture commonly used in modern servers and Apple Silicon Macs. Vantrexia's Docker images are built for both ARM64 and AMD64 architectures to support a wide range of deployment environments.
Audit Log: A chronological record of system activities, including user logins, data access, modifications, and administrative actions. Vantrexia maintains HIPAA-compliant audit logs with a 7-year retention policy, tracking who accessed what data, when, and from where.

B

BAA (Business Associate Agreement): A legally binding contract required under HIPAA between a covered entity (healthcare provider) and a business associate (like Vantrexia) that handles PHI. The BAA defines the responsibilities and safeguards each party must maintain to protect patient data.
Billing Period: A 30-day calendar window during which patient RPM activity is tracked for billing purposes. CMS requires a minimum of 16 days of device readings within a billing period to qualify for CPT code 99457 reimbursement.
Blood Pressure: A vital sign measurement consisting of two values: systolic (pressure when the heart beats) and diastolic (pressure when the heart rests between beats), measured in mmHg. Normal blood pressure is typically below 120/80 mmHg. Vantrexia monitors blood pressure readings from connected RPM devices and triggers triage alerts when readings fall outside configured thresholds.

C

CCPA (California Consumer Privacy Act): A California state privacy law that grants consumers rights over their personal information, including the right to know, delete, and opt out of the sale of their data. Vantrexia implements CCPA-compliant data handling practices alongside HIPAA requirements.
Celery: A distributed task queue for Python used by Vantrexia to process asynchronous background jobs such as sending push notifications, generating billing reports, syncing data with eClinicalWorks, and running scheduled compliance checks. Celery uses Redis as its message broker.
CMS-1500: The standard claim form used by healthcare providers to bill Medicare, Medicaid, and most commercial insurance payers. Vantrexia generates CMS-1500-compatible billing data for RPM services using appropriate CPT codes.
CPT Code (Current Procedural Terminology): A standardized set of medical codes maintained by the AMA used to describe healthcare services for billing purposes. Key RPM CPT codes supported by Vantrexia include: 99453 (initial device setup), 99454 (monthly device supply/data transmission), 99457 (first 20 min clinical monitoring), and 99458 (additional 20 min monitoring).

D

Diastolic: The lower number in a blood pressure reading, representing the pressure in the arteries when the heart muscle rests between beats. Measured in millimeters of mercury (mmHg). A normal diastolic pressure is typically below 80 mmHg.
Django: A high-level Python web framework that Vantrexia uses as its backend foundation. Django provides an ORM for database access, a robust admin interface, built-in security features, and a modular app architecture. Vantrexia runs on Django 4.2 LTS.
Docker: A containerization platform used by Vantrexia to package and deploy its application services (backend, frontend, Celery workers, Redis, PostgreSQL, Nginx) as isolated, reproducible containers managed via Docker Compose.
DRF (Django REST Framework): A powerful toolkit for building RESTful Web APIs in Django. Vantrexia uses DRF for serialization, authentication, permissions, pagination, throttling, and OpenAPI schema generation across all 150+ API endpoints.

E

eClinicalWorks (eCW): A leading Electronic Medical Record (EMR) system used by healthcare organizations. Vantrexia integrates with eClinicalWorks via FHIR R4 APIs to synchronize patient demographics, practitioners, and clinical observations bidirectionally.
EMR (Electronic Medical Record): A digital version of a patient's paper chart, containing their medical history, diagnoses, medications, treatment plans, and lab results. Vantrexia syncs RPM data with EMR systems like eClinicalWorks to provide clinicians a unified view of patient health.
Encryption at Rest: The practice of encrypting stored data so that it is unreadable without the proper decryption key. Vantrexia uses AES-256 field-level encryption via django-encrypted-model-fields for PHI stored in PostgreSQL, ensuring compliance with HIPAA's data protection requirements.

F

FCM (Firebase Cloud Messaging): Google's cross-platform messaging service used by Vantrexia to deliver real-time push notifications to provider and staff mobile devices. FCM notifications alert clinicians to critical patient vitals, triage escalations, and system events.
Field-Level Encryption: A symmetric encryption method using AES-256 provided by the django-encrypted-model-fields library that guarantees encrypted data cannot be manipulated or read without the key. Vantrexia uses field-level encryption via the FIELD_ENCRYPTION_KEY for securing all PHI/PII fields in the database.
FHIR (Fast Healthcare Interoperability Resources): An international standard for exchanging healthcare data electronically, developed by HL7 International. Vantrexia implements FHIR R4 resources (Patient, Practitioner, Observation, Device) for interoperability with EMR systems like eClinicalWorks and supports standard FHIR search parameters.

G

GDPR (General Data Protection Regulation): A European Union regulation on data protection and privacy. While primarily focused on EU residents, Vantrexia implements GDPR-aligned practices including data minimization, right to erasure, consent management, and data portability to support organizations with international patients.
GHCR (GitHub Container Registry): GitHub's container image registry where Vantrexia stores its Docker images as part of the CI/CD pipeline. GHCR provides version-tagged images that are pulled during production deployments via GitHub Actions.
GPIO (General-Purpose Input/Output): Hardware pins on computing devices used for interfacing with external sensors and peripherals. Relevant in the context of MioConnect hub hardware, which uses GPIO for communicating with connected medical devices like blood pressure monitors and pulse oximeters.

H

Health Card: A visual card component in the Vantrexia dashboard that displays a patient's most recent vital sign readings, trends, and triage status at a glance. Health cards use color-coded indicators (green, yellow, red) based on configured thresholds.
HIPAA (Health Insurance Portability and Accountability Act): A U.S. federal law that establishes national standards for the protection of sensitive patient health information. Vantrexia is designed to be HIPAA-compliant, implementing administrative, physical, and technical safeguards including encryption, access controls, audit logging, and BAA support.
HL7 (Health Level Seven): An international set of standards for the transfer of clinical and administrative health data between software applications. HL7 v2 messages and the newer FHIR (HL7's latest standard) are both relevant to Vantrexia's interoperability strategy.
Hub (MioConnect Cellular Hub): A MioConnect cellular gateway device placed in a patient's home that automatically collects readings from paired Bluetooth medical devices (blood pressure monitors, pulse oximeters, weight scales) and transmits them over a cellular connection to the Vantrexia platform. No patient Wi-Fi or smartphone is required.

I

IdP (Identity Provider): A service that manages user identity information and provides authentication services. Vantrexia supports integration with external identity providers via OAuth 2.0 and SSO for enterprise deployments, allowing organizations to use their existing authentication infrastructure.
Ingestion Pipeline: The automated data processing workflow that receives raw device readings from MioConnect hubs, validates the data, normalizes it into FHIR-compatible Observation resources, applies triage rules, and stores it in the database. The pipeline runs as an asynchronous Celery task for high throughput.

J

JWKS (JSON Web Key Set): A set of public keys used to verify JSON Web Tokens (JWTs). Vantrexia publishes a JWKS endpoint that external systems can use to validate tokens issued by the platform, enabling secure service-to-service authentication.
JWT (JSON Web Token): A compact, URL-safe token format used for securely transmitting claims between parties. Vantrexia uses JWTs for API authentication, issuing short-lived access tokens (15 minutes) and longer-lived refresh tokens (1 day) to balance security with user experience.

K

KPI (Key Performance Indicator): A measurable value that demonstrates how effectively an organization is achieving its objectives. Vantrexia's dashboard tracks RPM-specific KPIs including patient adherence rates, billing eligibility percentages, average response times, and device connectivity metrics.

L

Lockout (Account Security): A security mechanism that temporarily disables a user account after a configurable number of consecutive failed login attempts (default: 5). Lockout prevents brute-force password attacks and is logged in the audit trail. Administrators can manually clear lockouts via the admin panel or API.

M

MioConnect: A cellular-connected medical device gateway platform integrated with Vantrexia. MioConnect hubs are placed in patients' homes and automatically collect vital sign readings from paired Bluetooth medical devices, transmitting them to Vantrexia over a cellular data connection without requiring Wi-Fi or a smartphone.
Multi-Factor Authentication (MFA/2FA): A security method that requires users to provide two or more verification factors to gain access to an account. Vantrexia supports TOTP-based MFA (compatible with Google Authenticator, Authy, etc.) for all user roles, and MFA is mandatory for administrative accounts.

N

Nginx: A high-performance web server and reverse proxy used by Vantrexia to handle incoming HTTP/HTTPS requests, terminate TLS connections, serve static files, and route API requests to the Django backend. Nginx also provides rate limiting, request buffering, and load balancing capabilities.

O

OAuth 2.0: An industry-standard authorization framework that enables third-party applications to access resources on behalf of a user without exposing credentials. Vantrexia uses OAuth 2.0 with PKCE for secure authentication flows with external EMR systems like eClinicalWorks.
Observation (FHIR Resource): A FHIR resource type that represents a measurement or assertion about a patient. In Vantrexia, observations include vital sign readings (blood pressure, blood glucose, SpO2, weight) received from RPM devices, each coded with standardized LOINC codes and linked to the originating patient and device.

P

PHI (Protected Health Information): Any individually identifiable health information that is created, received, maintained, or transmitted by a covered entity or business associate. PHI includes patient names, dates, medical record numbers, and clinical data. Vantrexia encrypts all PHI with AES-256 and restricts access through RBAC.
PII (Personally Identifiable Information): Any data that could potentially identify a specific individual, such as name, address, phone number, email, or Social Security number. While broader than PHI, PII protections are enforced in Vantrexia under both HIPAA and CCPA/GDPR requirements.
PKCE (Proof Key for Code Exchange): An extension to the OAuth 2.0 authorization code flow that prevents authorization code interception attacks. Vantrexia uses PKCE for all OAuth flows, particularly when integrating with eClinicalWorks FHIR APIs, ensuring secure token exchange even in public client scenarios.
Practice (Healthcare Organization): A healthcare organization or clinical group that uses the Vantrexia platform to manage their RPM program. Vantrexia supports multi-practice deployments, allowing each practice to have its own patients, providers, billing configuration, triage rules, and administrative settings while sharing the same platform instance.

R

RBAC (Role-Based Access Control): A security model that restricts system access based on the roles assigned to individual users. Vantrexia implements seven roles: Admin (full system access), Clinical Manager (clinical team management), Provider (clinical data and patient management), Nurse (clinical operations), MA (patient data entry), Data Monitor (data monitoring and quality), and Patient (view own data only). Each role has a defined set of permissions enforced at the API level.
Redis: An in-memory data store used by Vantrexia as a message broker for Celery task queues, a caching layer for frequently accessed data (e.g., user sessions, configuration), and a backend for real-time features like WebSocket notifications. Vantrexia runs Redis 7.
RPM (Remote Patient Monitoring): A healthcare delivery method that uses connected medical devices to collect patient health data outside of traditional clinical settings. Vantrexia is a comprehensive RPM platform that enables providers to monitor patient vitals, manage triage workflows, and bill for RPM services under CMS guidelines.
RTO/RPO (Recovery Time Objective / Recovery Point Objective): Disaster recovery metrics. RTO is the maximum acceptable downtime after a failure (Vantrexia target: 4 hours). RPO is the maximum acceptable data loss measured in time (Vantrexia target: 24 hours), achieved through regular automated backups.

S

SLA (Service Level Agreement): A formal commitment between a service provider and a customer that defines performance standards such as uptime, response times, and support availability. Vantrexia targets 99.9% uptime SLA for production deployments with defined escalation procedures for outages.
SSO (Single Sign-On): An authentication method that allows users to log in once and access multiple applications without re-entering credentials. Vantrexia supports SSO integration with enterprise identity providers via OAuth 2.0 and SAML, enabling seamless access for healthcare organizations with existing IdP infrastructure.
Systolic: The upper number in a blood pressure reading, representing the pressure in the arteries when the heart contracts and pumps blood. Measured in millimeters of mercury (mmHg). A normal systolic pressure is typically below 120 mmHg. Vantrexia triage rules commonly use systolic thresholds to detect hypertension.

T

Telemetry: The automated collection and transmission of data from remote medical devices to the Vantrexia platform. Telemetry data includes vital sign measurements, device status information, battery levels, and connectivity metrics from MioConnect hubs and paired medical devices.
TLS 1.3 (Transport Layer Security): The latest version of the cryptographic protocol used to secure communications over a network. Vantrexia enforces TLS 1.3 for all API communications, web traffic, and data transmission between services, ensuring data in transit is encrypted and protected against eavesdropping and tampering.
TOTP (Time-Based One-Time Password): An algorithm that generates a temporary passcode using the current time and a shared secret key. Vantrexia uses TOTP for multi-factor authentication, compatible with authenticator apps like Google Authenticator, Authy, and Microsoft Authenticator. Codes refresh every 30 seconds.
Triage: The process of prioritizing patients based on the severity of their condition. Vantrexia's exception-based triage engine automatically evaluates incoming vital sign readings against provider-configured thresholds and escalation rules, flagging patients who need immediate clinical attention with color-coded severity levels (green, yellow, red).

V

Vantrexia: A comprehensive Remote Patient Monitoring (RPM) platform designed for healthcare providers. Vantrexia connects to medical devices via MioConnect, integrates with EMR systems like eClinicalWorks, manages clinical triage workflows, automates CPT-based billing, and provides real-time dashboards — all while maintaining full HIPAA compliance.
Vital Signs: Physiological measurements that indicate the status of a patient's essential body functions. Vantrexia monitors key vital signs including blood pressure (systolic/diastolic), blood oxygen saturation (SpO2/pulse oximetry), body weight, and blood glucose. These readings are collected from RPM devices and used to drive triage decisions and clinical workflows.

W

WCAG (Web Content Accessibility Guidelines): A set of international standards for making web content accessible to people with disabilities. Vantrexia's documentation site and web application follow WCAG 2.1 AA guidelines, including proper semantic markup, keyboard navigation, screen reader support, sufficient color contrast, and focus management.
Webhook: An HTTP callback mechanism that sends real-time notifications to an external URL when specific events occur. Vantrexia supports webhook subscriptions for events such as new patient observations, triage alerts, billing period completions, and device connectivity changes, enabling integration with third-party systems and custom workflows.