This is a technical overview of the Archangel system which describes the architecture, device, and browser requirements and outlines some important points about our hosting model security features (including HIPAA compliance measures).
Architecture
Archangel operates as a web-services back-end supporting front end clients from native mobile apps under iOS and Android as well as popular browsers. The back-end is java based, while the frontend clients are native. Archangel operates on iOS and Android mobile devices as well as desktop browsers on Macs and PCs. Mobile clients support both on-line and off-line mode. All services are hosted in the Amazon AWS cloud in a redundant high availability configuration.
Supported Hardware and Operating Systems
The Archangel MOBILE application
- iPhone 6S or newer running iOS 9.0 or newer
- iPad 5th Generation or newer running 10.2.1 or newer
- iPad Mini 4 or newer running iOS 9.0 or newer
- iPad Air 3 or newer running iOS 12.2 or newer
- Android phones and tablets running OS version 4.2 or newer
The Archangel WEB Application - Supported browsers:
- All major web browsers (Chrome, Safari, Edge, Firefox)
- Helpful links for iOS and Android device compatibility:
It is recommended device operating systems are regularly updated to the most recent released version available to realize the benefits to performance and security.
Storage Requirements (for phone/tablet)
The Archangel application requires a minimum of 200 MB of available capacity on a phone or tablet to operate in either the ONLINE or OFFLINE connection modes.
While there is no minimal configuration for desktop/laptop memory or processing power, performance limitations based on minimal hardware configuration can occur.
Data Encryption
All PII data in Archangel is encrypted using industry standard AES-256 encryption algorithms. Connections to the browser are all secure using HTTPS. Data that is in transit between the source and the read replicas is encrypted, even when replicating across AWS Regions.
Security
User accounts time out automatically and require strong passwords which must be changed at regular intervals. Devices that support biometrics (iOS, Android) are supported for even stronger security and use of these is recommended.
An audit trail of all actions are kept including clinician visits, orders, approvals, and any security issues. This is viewable by the administrator and captures all access to patient data and wound assessments as well as any administrative functions taken such as managing users.
Archangel provides configurable role-based access to ensure a customer instance allows only those users with sufficient permissions to view and approve data and transactions in the system. The creation of accounts with only the appropriate access levels is done via the system administrator assigned to the client account.
Bandwidth Usage
The Archangel application can operate over Wi-Fi or Cellular data. In general, a patient visit includes an assessment, treatment and ordering information that may include capturing images (and video if selected) which are uploaded to the cloud for analysis. In the event a user performs 5 assessments per day, for a typical 20-day month, cellular usage would be at least 1GB of data assuming no Wi-Fi usage. We recommend operating Archangel over Wi-Fi, but cellular usage may be necessary if Wi-Fi is not available. We recommend unlimited cellular data plans or data plans of at least 3GB to accommodate unexpected data usage needs(this requirement excludes any data usage from other applications the user may be using).
Software Updates and System Maintenance
Archangel updates its client and server software regularly to improve capabilities and offer a more feature rich experience to our customers. These updates are typically done in the evening’s EST time between midnight and 3 am ET on weekends. Down time is typically only a few minutes for upgrades.
Archangel system maintenance is performed off hours, but due to our high availability backend configuration with multiple servers this does not impact access to the system. We use an Amazon Multi-AZ configuration that provides a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to a standby replica to provide data redundancy, eliminate I/O freezes, and minimize latency spikes during system backups.
Certifications (references HCL Volt MX and AWS)
The HCL Volt MX platform used for the development of Archangel is PCI DSS certified, SSAE 16 SOC 2 compliant, HIPAA compliant, ISO 27001:2013 certified, and STIG/SRG compliance with DISA
Archangel uses AWS secure AWS environment to process, maintain, and store protected health information enabling compliance to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA). Archangel itself provides appropriate Access Controls, Audit Controls, integrity, authentication and transmission security.
