Patient Records Database
Overview
Primary relational database storing all patient clinical data including demographics, encounters, problems, allergies, medications, and immunizations.
🔒 PHI Storage
This database contains Protected Health Information (PHI) and is subject to HIPAA regulations. All access is audited and encrypted.
Database Schema
patients- Demographics, MRN, identifiersencounters- Visits and admissionsproblems- Active and historical problemsallergies- Allergies and adverse reactionsmedications- Medication historyimmunizations- Vaccination records
clinical_notes- SOAP notes, progress notesvital_signs- BP, HR, temp, etc.lab_orders- Laboratory test orderslab_results- Laboratory test resultsimaging_orders- Radiology ordersprescriptions- Medication prescriptions
audit_log- All PHI access logged (HIPAA)consent_records- Patient consent and authorizationsuser_sessions- Active user sessions
Retention: 7 years per HIPAA requirements
Technical Details
Specifications:
- Version: PostgreSQL 15.x
- Size: 2.5 TB
- Backup: Daily full backup, hourly incremental
- Replication: Multi-AZ with read replicas
- Encryption: AES-256 encryption at rest, TLS 1.2+ in transit
Performance:
- IOPS: 50,000 provisioned
- Connections: Max 500 concurrent
- Query Performance: P95 < 100ms for patient lookup
- Uptime SLA: 99.95%
Data Classification
⚠️ PHI Handling
All queries must include patient context for audit logging. Use prepared statements to prevent SQL injection.
-
Highly Sensitive Data
Contains full patient medical records, diagnoses, treatment history
-
HIPAA Protected
All access must be logged with user, timestamp, patient ID, and purpose
-
Minimum Necessary
Only retrieve data necessary for the specific use case
-
De-identification
Analytics and reporting use de-identified data from separate warehouse
Access Patterns
- EHR Service: Read/Write all patient clinical data
- Patient Portal Service: Read patient data (filtered by patient)
- Appointment Service: Read patient demographics, write appointment records
- Lab Order Service: Write lab orders, read patient allergies
- Results Reporting Service: Write lab/imaging results
Disaster Recovery
- RPO: 15 minutes (maximum data loss)
- RTO: 4 hours (recovery time objective)
- Backup Retention: 30 days online, 7 years archive
- Geographic Redundancy: Secondary region (us-west-2)