Technical Architecture
REV.health is built on 9 interlocking subsystems spanning cloud infrastructure, data, AI/ML, mobile, identity, resilience, and audit.
9 Subsystems Overview
1. Cloud Infrastructure
Azure (primary): Cosmos DB (OLTP), Azure OpenAI, Microsoft Fabric (analytics/ETL).
AWS (secondary): HealthLake (FHIR store), MSK/Kafka (event streaming), S3 (document store with Object Lock), Bedrock (fallback LLM inference).
2. Multi-Tenancy
| Tier | Isolation | Data Strategy | Target Org Size |
|---|---|---|---|
| T1 — Standard | Partition key | Shared Cosmos database, OrganizationID partition | Small & mid practices |
| T2 — Dedicated DB | Database-level | Dedicated Cosmos database per org, shared account | Large groups & MSOs |
| T3 — Dedicated Account | Account + VNet | Dedicated Cosmos account, isolated VNet, customer-managed keys | Health systems & enterprise |
3. Data Architecture
- OLTP: Azure Cosmos DB (NoSQL API) — partition-key multi-tenancy
- FHIR facade: FHIR R4 read/write over Cosmos documents
- Event store: Kafka (MSK) — append-only clinical event log
- Document store: S3 with Object Lock (WORM) for scanned documents, consent forms, attachments
- Analytics: ClickHouse for real-time operational analytics; Microsoft Fabric for batch ETL & reporting
4. API Design
- FHIR R4 + US Core 7.0.0
- SMART on FHIR v2.2.0
- Bulk Data Access v2.0.0
- CDS Hooks 2.0
- Da Vinci Implementation Guides (PAS, CRD, DTR, PDex, HRex)
- gRPC for internal service-to-service communication
5. AI/ML Pipeline
All clinical AI flows through a governed 5-stage pipeline:
- Redaction Gateway — strip/tokenize PHI before LLM inference
- LLM Gateway — route to Azure OpenAI or Bedrock based on load/cost/capability
- Domain Models — fine-tuned models for coding, NLP, scribe, CDS
- Human-in-the-Loop — clinician review queues for AI suggestions above confidence threshold
- Governance Committee — quarterly model audit, bias review, performance metrics
6. Mobile
- Clinician: iPad-first responsive web app (Angular 21, PWA)
- Patient: React Native / Flutter native app (iOS + Android)
7. IAM (Identity & Access Management)
- SAML 2.0 / OIDC SSO federation
- AAL2 for clinical access; AAL3 for EPCS (biometric + hardware token)
- RBAC + ABAC hybrid — role grants base permissions, attribute policies refine per context
8. Resilience & DR
| Service Tier | RTO | RPO | Examples |
|---|---|---|---|
| Tier 1 — Critical | 4 hours | 5 minutes | Clinical documentation, eRx, scheduling, patient portal |
| Tier 2 — Important | 24 hours | 1 hour | Analytics, reporting, bulk data export, batch jobs |
9. Audit & Logging
- Hash-chained append-only audit log
- Archived to S3 Object Lock (WORM compliance)
- 10-year retention policy (HIPAA + state mandates)
- Every clinical data read/write produces an audit entry with actor, resource, justification, and authorization chain
Architecture Diagram
graph TD
subgraph Client["Client Layer"]
CL1["Angular 21 PWA
(Clinician)"]
CL2["React Native / Flutter
(Patient)"]
CL3["Third-party Apps
(SMART on FHIR)"]
end
subgraph Edge["Edge Layer"]
CDN["Component CDN"]
WAF["WAF / DDoS"]
APIGW["API Gateway"]
end
subgraph App["Application Layer"]
FHIR["FHIR R4 Facade"]
AUTH["IAM / SSO"]
AI["AI/ML Pipeline"]
CDS["CDS Hooks Engine"]
GRPC["gRPC Services"]
end
subgraph Data["Data Layer"]
COSMOS["Cosmos DB
(OLTP)"]
KAFKA["Kafka / MSK
(Event Store)"]
S3["S3 Object Lock
(Documents)"]
CH["ClickHouse
(Analytics)"]
FABRIC["Microsoft Fabric
(ETL)"]
end
CL1 --> CDN
CL2 --> APIGW
CL3 --> APIGW
CDN --> WAF --> APIGW
APIGW --> FHIR
APIGW --> AUTH
APIGW --> AI
APIGW --> CDS
FHIR --> GRPC
CDS --> GRPC
AI --> GRPC
GRPC --> COSMOS
GRPC --> KAFKA
GRPC --> S3
KAFKA --> CH
KAFKA --> FABRIC