Skip to main content

Engineering Transparency

Architecture Decision Records

Every engineering choice documented, debated, and validated. Browse the decisions that shape a production healthcare platform.

33
Decisions
6
Categories
4,448+
Validating Tests
8
HIPAA-Mapped
ADR-0001Accepted

Externalize Secrets and Credentials

Problem Statement:

security2025-12-0651 testsHIPAA
ADR-001Accepted

Event Sourcing for Clinical Event Services

HDIM clinical services needed to maintain immutable audit trails, enable temporal queries (state at any point in time), support event replay for data corrections, and provide complete forensic capability for healthcare quality measures. Traditional CRUD patterns with UPDATE/DELETE statements make it

data2026-01-19175 testsHIPAA
ADR-0002Accepted

Implement Tenant Isolation Security

Problem Statement:

security2025-12-0645 testsHIPAA
ADR-002Accepted

Gateway Modularization with Specialized Domain Gateways

HDIM had a single monolithic Kong/Spring gateway service handling all API requests (general-purpose, admin, clinical, FHIR) with duplicated authentication logic, mixed domain concerns, and inability to apply domain-specific optimizations. This created code duplication, poor scalability, and made it

infrastructure2026-01-1962 tests
ADR-0003Accepted

Adopt Circuit Breaker Pattern with Resilience4j

Problem Statement:

reliability2025-12-06
ADR-003Accepted

Apache Kafka for Event Streaming

HDIM required an enterprise event streaming platform to enable asynchronous microservice communication, event replay capability, and guaranteed message delivery. The system needed to support publishing events from one service and consuming them in multiple services reliably.

data2026-01-19 (Decision Made: Oct 2025, Phase 4)202 tests
ADR-0004Accepted

HashiCorp Vault for Secrets Management

Problem Statement:

security2025-12-06HIPAA
ADR-004Accepted

PostgreSQL Multi-Database Architecture

HDIM needed database isolation strategy for 29+ microservices. Shared database would create coupling; separate database servers would be expensive and complex. PostgreSQL supports multiple logical databases per instance—enabling service isolation with single infrastructure footprint.

data2026-01-19 (Decision Made: Phase 1, Sept 2025)29 tests
ADR-0005Accepted

PostgreSQL Read Replicas for Scalability

Problem Statement:

data2025-12-06
ADR-0005Accepted

HAPI FHIR for FHIR R4 Implementation

HDIM requires a FHIR R4 compliant server for storing and serving clinical resources (Patient, Observation, Condition, MedicationRequest, etc.). The implementation must support:

clinical2024-Q3
ADR-005Accepted

Liquibase for All Database Migrations

HDIM had mixed database migration approaches (Flyway in some services, no migrations in others) creating inconsistency, version control issues, and unsafe schema changes. Needed standardized migration tool with rollback support for production safety.

data2026-01-19 (Decision Made: Phase 3, Nov 2025)29 tests
ADR-0006Accepted

API Gateway with Resilience Patterns

Problem Statement:

reliability2025-12-0638 tests
ADR-0006Accepted

Apache Kafka for Event Streaming

HDIM's 28 microservices require asynchronous communication for:

data2024-Q3202 tests
ADR-006Accepted

TDD Swarm Development Methodology

Traditional sequential development (one team per week) was too slow for healthcare delivery timelines. HDIM needed concurrent team execution (RED-GREEN-REFACTOR cycles) to accelerate feature delivery while maintaining quality.

governance2026-01-19 (Decision Made: Phase 2, Oct 2025)613 tests
ADR-0007Accepted

PostgreSQL for Primary Database

HDIM requires a primary database for:

data2024-Q3
ADR-007Accepted

Gateway-Trust Authentication Pattern

Backend services needed authentication without performing repeated JWT validation or database lookups. Validating JWT in every service creates bottleneck; trusting gateway headers is more efficient.

security2026-01-19 (Decision Made: Phase 1.9, Oct 2025)52 testsHIPAA
ADR-0008Accepted

Redis Caching Strategy with HIPAA-Compliant TTL

HDIM requires caching for:

infrastructure2024-Q3HIPAA
ADR-008Accepted

OpenTelemetry for Distributed Tracing

HDIM had 51 microservices communicating via HTTP, Kafka, and direct calls. Tracing a single user request across all services was impossible without manual log aggregation. Needed automatic trace propagation and visualization.

infrastructure2026-01-19 (Decision Made: Phase 5, Jan 2026)
ADR-0009Accepted

Spring Boot 3.x for Backend Services

HDIM requires a backend framework for 28 microservices that provides:

infrastructure2024-Q3
ADR-009Accepted

Multi-Tenant Isolation at Row Level

HDIM serves multiple healthcare organizations (tenants) with strict isolation requirements. Patient data from Tenant A must never be visible to Tenant B. Required database-level isolation enforcement.

security2026-01-19 (Decision Made: Phase 1, Sept 2025)45 testsHIPAA
ADR-0010Accepted

Kong as API Gateway

HDIM's 28 microservices require an API gateway to:

infrastructure2024-Q3
ADR-010Accepted

HIPAA Compliance - PHI Cache TTL ≤ 5 Minutes

HDIM caches Protected Health Information (PHI) in Redis for performance. HIPAA regulations require reasonable safeguards for PHI; indefinite caching violates compliance. Need to balance performance with security.

security2026-01-19 (Decision Made: Phase 1, Sept 2025)613 testsHIPAA
ADR-011Accepted

Shared Module Integration for Microservices

HDIM uses shared modules (authentication, audit, persistence) to provide cross-cutting concerns. These modules use @AutoConfiguration with @EntityScan and @ComponentScan that force-register entities and beans in every consuming service. When a service has its own database that doesn't contain the ta

infrastructure2026-03-02
ADR-012Accepted

Human-in-the-Loop LinkedIn Integration

HDIM needs a sustainable content distribution workflow for LinkedIn — the primary channel for reaching healthcare payers, ACOs, and clinical quality leaders. Manual posting is inconsistent; fully automated posting is reputationally risky for a pre-revenue startup. A middle path is needed: AI drafts,

infrastructure2025-12-01
ADR-013Accepted

HIE Data Pipeline Architecture

HDIM's data source connectors (EHR connector, CDR processor, CMS connector) and evaluation engine (CQL engine, care gap service) were implemented as independent services. Data could be pulled from external systems but had no automated path to FHIR persistence or downstream quality measure evaluation

clinical2025-12-01813 tests
ADR-0014Accepted

AI-Human Release Orchestration and Approval Tokens

Architecture decision record

governance2026-03-07
ADR-0015Accepted

Preflight Stability Gate as Mandatory Release Precondition

Architecture decision record

governance2026-03-07
ADR-0016Accepted

Contract Testing Strictness and Compatibility Policy

Architecture decision record

reliability2026-03-0724 tests
ADR-0017Accepted

Runtime Polling Budget and Status Cache Coalescing

Architecture decision record

infrastructure2026-03-07
ADR-0018Accepted

Upstream CI Security/Performance Freshness Gates for Release Policy

Architecture decision record

governance2026-03-07
ADR-0019Accepted

Release Evidence Provenance and Artifact Retention

Architecture decision record

governance2026-03-07
ADR-0020Accepted

Event Pipeline Failure Handling and Tenant-Safe DLQ Controls

Architecture decision record

reliability2026-03-07
ADR-0021Accepted

AI Agent Platform Governance (PHI, Tooling, Versioning)

Architecture decision record

governance2026-03-071455 tests
View raw ADRs on GitHub

Architecture Overview · Validation Dashboard