Healthcare Blueprint
Purpose: For platform engineers, operators, and security officers in healthcare organizations, describes how the Healthcare blueprint layers HIPAA-aligned controls on top of the openCenter platform foundation.
Overview
Healthcare systems cannot go down and cannot leak data. The Healthcare blueprint gives you the operational discipline and security controls to modernize without putting patients or compliance at risk.
What You Get
- Hard segregation between clinical, administrative, and research workloads.
- Operational consistency that supports both reliability SLAs and evidence collection.
- Secure delivery pipelines for modern healthcare apps — HIPAA-ready, not HIPAA-hopeful.
Capabilities
Workload Segregation
The blueprint enforces hard isolation boundaries between workload classes:
- Dedicated namespaces for clinical, administrative, and research workloads with Kyverno policies preventing cross-namespace resource creation.
- NetworkPolicies that restrict traffic between workload classes. Clinical systems cannot reach research endpoints and vice versa.
- RBAC boundaries via Keycloak group mappings — clinical ops teams see clinical namespaces, research teams see research namespaces.
- Resource quotas per workload class to prevent noisy-neighbor effects on critical clinical systems.
Compliance Controls
The blueprint maps openCenter security controls to HIPAA requirements:
| HIPAA Requirement | openCenter Control | Configuration |
|---|---|---|
| Access controls (§164.312(a)) | Keycloak OIDC + RBAC Manager | Group-based access with least-privilege defaults |
| Audit controls (§164.312(b)) | Kubernetes audit logging + Loki | API server audit policy with 90-day retention |
| Integrity controls (§164.312(c)) | Kyverno policies + image signing | Require signed images, block privileged containers |
| Transmission security (§164.312(e)) | TLS everywhere + NetworkPolicies | cert-manager certificates, mTLS between services |
| Encryption at rest | SOPS + etcd encryption | Secrets encrypted in Git and in etcd |
See Defense-in-Depth Model and Audit & Evidence for implementation details.
Audit Trail Configuration
Every platform change flows through Git, producing an immutable audit trail:
- API server audit logs capture all Kubernetes API calls with request/response bodies for write operations.
- Loki aggregates audit logs with configurable retention (default: 90 days for healthcare deployments).
- FluxCD reconciliation events record every service deployment, upgrade, and configuration change.
- SOPS key rotation events are logged and timestamped.
Operational Discipline
- Maintenance windows are enforced through PR-based workflows with required approvals. See PR-Based Workflows.
- Backup schedules are configured for shorter RPO targets. See Backup & Restore.
- Recovery runbooks are tested and documented for each critical service.
Relationship to the Platform Foundation
The Healthcare blueprint layers on top of the openCenter platform foundation. It does not replace any platform services — it adds stricter policies, longer audit retention, tighter RBAC boundaries, and healthcare-specific operational constraints.