What We’re Working On: MedStack Active Monitoring 2.0



Introducing: What We’re Working On

This month, we’re excited to introduce a brand new column on our blog. Most who know us think of MedStack as an operations company, focused on running and managing services for our customers to help them deliver applications into the healthcare industry and protect the integrity, security, privacy and flow of the health data within them. While that’s true, we are also working on a few things behind the scenes to deliver more to our customers and to help healthcare apps get adopted and integrated even faster and more broadly.

With What We’re Working On, we’ll be pulling the covers off what’s happening in terms of product development to give you a glimpse of where the MedStack platform is going.

We’re kicking off WWWO with an introduction to our new Active Monitoring system.

We previously had an infrastructure monitoring system that was deployed with a few customers, but we decided to go back to the drawing board: Our DevOps Compiler has matured to support more complex, myriad and layered infrastructures for our customers’ growing needs and our monitoring offering needed to reflect that. MedStack Active Monitoring 2.0 adds to our initial functionality with insights based on customer input, along with experience drawn from our deployments and operations thus far. This new system has been rebuilt from the ground up and we’re excited to show you what it can do.

MedStack Active Monitoring 2.0 | medstack.co
The MedStack Active Monitoring 2.0 dashboard. Please note the UI is evolving and may change in the near future.

What does it do?

MedStack Active Monitoring 2.0 serves four purposes:

  1. Allows our customers to check in on the status and performance of their infrastructure.
  2. Enables customers to be alerted proactively when application functionality or performance may be at risk due to degradations in infrastructure performance or uptime.
  3. Indicates the degree to which privacy compliance commitments customers are making to their own stakeholders are being met.
  4. Enables downstream healthcare customers to manage performance and compliance of the applications they sponsor through a central console.

The underlying measurement and notifications technology also powers MedStack’s internal ecosystem-wide monitoring that we use to manage infrastructure for our customers. They see what we see.

The Active Monitoring system provides the following measurements and capabilities:

  • Availability: Indication of whether a particular selected VM is online
  • Metrics: Memory usage and CPU performance data presented graphically over an adjustable selection of days
  • Certificate Status: Indication of whether SSL security certificates are online and the number of days until projected expiry
  • Backups Check: Based on server logs, an indication of backup size and whether backups are being taken and stored as committed
  • Alerts: Real-time notification alerts sent to authorized individuals when warning thresholds are crossed

MedStack Active Monitoring 2.0 has been architected to operate in MedStack’s secure and privacy compliant hosting environment, and connects monitoring to compliance verification (In contrast, most third-party monitoring and log aggregation services do not operate in a HIPAA compliant manner.) It operates at the infrastructure logs level and does not touch nor transmit any private end user or healthcare data, and provides visibility, transparency and assurance to our customers’ technical staff while:

  1. Not requiring the opening of risk points into the underlying infrastructure, below our security layer, where our automated and managed compliance commitments reside; and
  2. Supplementing application-level logging tools, such as New Relic ®, that our customers manage and we can support via integration.

Next Steps

The new Active Monitoring system is being rolled out to existing MedStack customers and is included in every new customer deployment, free with MedStack subscription. Existing customers will not require production VM changes or restarts to activate it. We will continue building deeper integrations between Active Monitoring and our HIPAA/GDPR compliance policies.

The work we’ve done to rebuild privacy policies into a machine-readable format will soon enable the Active Monitoring system to refer to specific policies in its status updates and warnings, update what gets measured based on customer-specific policy commitments.

With MedStack Active Monitoring, we’re going beyond simply handing over privacy legal documents, to reinventing the industry trust framework for healthcare data management, and expanding opportunities for future innovation. We have big plans to expand the applicability of our new Monitoring system. Stay tuned.