Skip to main content
HomeDocsArchitecture

Architecture

Cloud Health Office is a cloud-native multi-tenant SaaS platform that processes healthcare EDI transactions for unlimited health plans. Configuration-driven, backend-agnostic, and deployable to any Kubernetes cluster.

Cloud Health Office platform overview showing 36 microservices, 9 adjudication engines, 7 FHIR R4 APIs, and multi-cloud deployment
Platform overview — 36 microservices, 9 engines, 6 parsers, 7 FHIR APIs, 17 Argo Workflows

Overview

The platform runs on Kubernetes (AKS, EKS, or GKE) with Argo Workflows for orchestration. All payer-specific logic is defined in configuration files — no custom code per tenant. New payers can be onboarded in under 1 hour through the interactive CLI wizard or self-service portal.

Key Design Objectives

PrincipleImplementation
Multi-Tenant SaaSSingle codebase serves unlimited payers with per-tenant isolation via X-Tenant-ID header routing
Zero-Code OnboardingAdd new payers through configuration — less than 1 hour to production
Backend AgnosticWorks with any claims admin system (QNXT, Facets, HealthEdge, Epic, custom) via ICoreAdminAdapter pattern
Cloud AgnosticDeploy to Azure, AWS, GCP, or on-premises with Kubernetes and Helm charts
Standards-BasedX12 EDI (270/275/277/278/834/835/837), FHIR R4, Da Vinci IGs, HL7, USCDI

Platform Components

Microservices (36)

Member, Coverage, Claims, Eligibility, Authorization, Provider, Benefit Plan, Reference Data, Sponsor, Claims Scrubbing, Capitation, Payment, Pricing API, Terminology Service, Provider Verification, and more. Each service owns its domain data and communicates via Azure Service Bus messaging. The Terminology Service provides FHIR ConceptMap/$translate for SNOMED CT ↔ CPT/ICD-10-CM crosswalk — required for Da Vinci CRD, DTR, and PAS workflows. The Provider Verification Service aggregates NPPES, OIG/LEIE, PECOS, CMS Open Payments, and FSMB data into a composite integrity score per NPI.

Calculation Engines (9)

Benefit Engine (HDHP/HSA, aggregate family accumulators, DRG inpatient), Fee Schedule Engine (DRG lookup, Medicaid cross-schedule, multiple procedure ranking), NCCI Engine, COB Engine, Risk Adjustment Engine, Encounter Engine, Claims Scrub Engine, Capitation Engine, and Operating Mode Engine.

X12 Parsers (6)

837 Claims, 835 Remittance, 834 Enrollment, 276/277 Claim Status, 278 Prior Auth, and X12 Encoder. All written in C# (.NET 8) with zero external dependencies.

Claims Adjudication Pipeline

The 10-step claims adjudication pipeline processes an 837 from SFTP ingestion through Argo Workflows to real-time adjudication with full benefit calculation, completing in under 500ms end-to-end.

837 claims adjudication pipeline showing 10-step flow from SFTP ingestion through Kafka, claims service API, benefit engine, to approved or denied outcome
10-step claims adjudication flow — SFTP ingestion through Argo Workflows to real-time adjudication

Pipeline Steps

The pipeline executes: get claim, validate codes, verify coverage, validate provider, check prior auth, get benefits, apply NCCI/MUE edits, calculate allowed amount, calculate cost-sharing (copay/coinsurance/deductible), and update claim status. Each step is individually testable and observable.

Multi-Tenant Design

Every API request carries an X-Tenant-ID header that determines data isolation, configuration routing, and audit logging. The configuration-driven approach means no code changes are required to onboard new payers — only a JSON configuration file defining clearinghouse mappings, benefit rules, and EDI trading partner details.

The Config-to-Workflow Generator takes a payer's configuration file and generates complete Argo Workflow YAML and Bicep infrastructure definitions, enabling automated environment provisioning.

Infrastructure

ComponentTechnologyPurpose
OrchestrationArgo WorkflowsKubernetes-native DAG workflow execution
Event TriggersArgo EventsSFTP, webhook, and schedule-based triggers
MessagingAzure Service Bus / KafkaAsync inter-service communication
StorageAzure Storage Gen2HIPAA-compliant EDI file data lake
SecretsKey Vault / HashiCorp VaultSecrets management, automated rotation
MonitoringPrometheus + Grafana, App InsightsMetrics, dashboards, PHI-safe logging
DatabaseMongoDB / Cosmos DBDocument store with tenant partitioning
CacheRedisAccumulator service, session cache

HIPAA Security

The platform addresses HIPAA technical safeguards with private endpoints for complete network isolation of PHI, PHI masking in Application Insights using DCR-based redaction, customer-managed encryption keys (BYOK), 7-year data lifecycle management with automated tiering, and 18 automated CI/CD tests to prevent PHI exposure in logs and telemetry.

Full architecture document

For the complete 1,100+ line architecture specification including data flow diagrams, ADRs, and SFTP multi-tenant design, see the ARCHITECTURE.md on GitHub.

← Previous
CMS-0057-F Compliance