Architecture

There are 4 channels to interact with the PKB application:

  1. Users interacting with the GUI via web browser URL
  2. Users interacting via mobile application
  3. HL7 API inbound to PKB via integration over SOAP
  4. REST API 2-way read/write FHIR messaging standard

All 4 channels are encrypted in transit via https and passed onwards to the firewall to further secure inbound traffic to PKB.


From this point traffic is passed to the core PKB platform hosted virtually as a Software as a Service (SaaS) which is clustered to dynamically handle requests in the following order:

  1. Data is processed by the Wildfly layer
  2. Data is then encrypted via Asymmetric Cryptography, each data point utilizes a unique private/public key pair to ensure only the owner and those consented to view data can access it. More info here
  3. Data is stored in our Clinical Document Repository

In the reverse, when data is being requested the order of events is reversed.

  1. Data is pulled from relevant tables at the data repository layer
  2. The data processing layer repackages it into a format required by the requestor
  3. Data is decrypted and transmitted back through the firewall over https to the requestor

The PKB data storage layer is backed up on a nightly basis and the core platform is asynchronously replicated to a disaster recovery site to ensure high availability.

Video explaining: