Skip to main content

For Operators

The architect's view of Conceptual Health.

Whether you're standing up your first clinic, federating an MSO across 40 sites, or evaluating CH as a replacement for your existing EHR + RCM + analytics stack — this is the operator-grade material. Architecture diagrams. Deployment models. Integration surfaces. Governance. SLAs. The numbers your security team is going to ask for, before they ask.

Schedule architecture review → Trust & security hub Read the whitepaper
If you are a

Clinic owner

Independent primary care, dental, optometry, vet, or pharmacy. CH replaces your EHR, billing, scheduling, payroll, and analytics — at $0 in software cost, in exchange for joining the network.

Deployment options →
If you are a

MSO / health system

Federate 5–500 clinics under unified clinical, operational, and financial governance. Multi-tenant, multi-region, with org-level analytics and roll-up.

MSO architecture →
If you are a

CMIO / IT director

You need to know what we replace, what we integrate with, what we expose, and what controls your auditors will see. Architecture decks, FHIR endpoints, identity model.

Integration surface →
If you are a

Compliance & legal

BAA, DPA, SOC 2, HITRUST, ISO 27001/27701, HIPAA, GDPR, state breach laws. The packet your reviewers want, ready to read in two business days.

Request packet →

Deployment models

Three ways to run on us.

All three deployments use the same code, the same FHIR/OMOP surfaces, and the same trust controls. They differ in who operates the infrastructure, who holds the keys, and where data crosses your perimeter.

Model 01

Hosted on CH Cloud

Default for >94% of clinics. CH operates the full stack, including Vault, Ledger, Authority. You get a tenant in our multi-region production fabric.

  • Zero infrastructure on your side
  • 2-hour clinic provisioning
  • Continuous updates, no maintenance window
  • Region pinning available (US, EU, CA)
Time to live: 2 hr Operator burden: none Best for: any clinic < 12 sites
Model 02 · Recommended for MSOs

Dedicated CH Cloud

Single-tenant deployment of the full CH stack inside a dedicated AWS or Azure account that we operate but you can audit live. Holds your tenant's KMS key.

  • Single-tenant infra, multi-clinic logical
  • You audit logs in real-time via SIEM connector
  • Tenant-scoped KMS key under your control
  • Customer-defined region + DR pairing
Time to live: 14 days Operator burden: light (audit only) Best for: 12+ sites or regulated geographies
Model 03

Self-hosted (BYOC)

You operate the entire stack inside your own AWS/Azure/GCP account. CH ships signed Helm charts + Terraform modules; we provide L3 support against your infra.

  • You hold all keys, all data, all logs
  • Air-gap mode supported (FedRAMP, defense)
  • K8s 1.28+, Postgres 16+, your existing IdP
  • CH does monthly platform-version certifications
Time to live: 6–10 weeks Operator burden: heavy (full ops) Best for: federal, defense, intl. sovereigns

Architecture, top-down

Six layers. Every one of them swappable, observable, signed.

The full stack runs across six logical tiers. Tier-0 is the cryptographic root; you can verify every layer above it with a published signature. We treat the architecture as a public contract — the diagrams below are excerpts from the deck we send to your reviewers.

Tier 06 · Surface
React 19 · TypeScript · WebSocket
Surfaces & clients

Patient hub (PWA), clinic stations, ops consoles, regulator portal, researcher exchange. All built on the same component kit; all three-tier-RBAC behind the same auth.

Tier 05 · API
FHIR R4 · OMOP CDM · GraphQL
API surface

FHIR R4 (USCDI v4) for clinical, OMOP for research, GraphQL for product, gRPC for system-to-system. Every call is HMAC-signed and logged to the Ledger.

Tier 04 · Service
Go · Rust · TypeScript
Domain services

Encounter, Scribe, Pharmacy, Labs, Imaging, Scheduling, Billing, Claims, Network, Authority. ~40 services total, each independently deployable.

Tier 03 · Master Equation
Python · PyTorch · Triton inference
Eight-axis scoring engine

Continuously scores every patient on Physiological, Neurocognitive, Emotional, Spiritual, Relational, Environmental, Technological, Purposeful axes. Daily re-score; on-demand re-score on new encounter.

Tier 02 · Ledger
Postgres 16 + Merkle log
HCC Ledger & Authority

Append-only, Merkle-rooted, externally witnessed every 6 hours. Tracks issuance, settlement, redemption of HCC. Authority sets HCC-USD rate quarterly.

Tier 01 · Vault
Sharded · KMS · HSM-rooted
DataVault

Encryption-at-rest with per-record DEK, per-tenant KEK, HSM-rooted master. K-anonymity ≥ 5 enforced before any export. Statistician-signed cohorts only.

Tier 00 · Trust root
Hardware · 2-of-5 ceremony
Cryptographic root + governance

Root key held by 5 named officers; 2-of-5 quorum required for rotation. Recorded and witnessed by external auditor. Last rotation timestamp + signers public on the trust hub.

Integration surface

What we replace, what we integrate.

CH is not bolt-on — it is the EHR, the billing system, the scheduling system, the analytics stack, the patient portal. Below is what we replace outright vs. what we integrate with, plus the standard interface for each.

System
How we relate
Interface
EHR
Full replacement. We are the chart-of-record. Migration tooling for Epic / Cerner / athena / NextGen / Practice Fusion.
FHIR R4 · USCDI v4
Billing & RCM
Full replacement. We do not bill patients — but we bill payers if you opt in, with native 837P/837I/835 cycles.
X12 5010 · ANSI 837/835
Pharmacy systems
Full replacement at owned in-network pharmacies. Integrate with external dispensing pharmacies.
NCPDP SCRIPT 2017+
Lab systems (LIS)
Bidirectional integrations to LabCorp, Quest, regional reference labs, and any HL7 v2.5+ LIS.
HL7 v2 · FHIR R4
PACS / imaging
Integrate. We don't store pixel data; we store FHIR ImagingStudy + signed reads. Pixel data stays in your PACS.
DICOMweb · FHIR R4
Identity (SSO)
Integrate. We are not your IdP. Bring SAML 2.0 or OIDC; we federate roles via SCIM.
SAML 2.0 · OIDC · SCIM
HIE / state registries
Integrate. Direct messaging, IHE XCA/XCPD, state immunization registries (IIS), syndromic surveillance.
IHE · Direct · HL7 v2
SIEM / observability
Integrate. Stream all admin actions, auth events, and ledger writes to your Splunk, Datadog, or syslog endpoint.
OpenTelemetry · syslog · S3
Payroll / HRIS
Integrate. We compute clinician compensation against the network rate card; we don't run payroll.
SCIM · webhook · CSV
Analytics warehouse
Replace or integrate. We export to Snowflake / BigQuery / Databricks if you want a copy outside the Vault.
OMOP CDM v5.4

Onboarding timeline

From contract signed to first encounter in 30 days.

For a single-clinic on Hosted CH Cloud. MSO and self-hosted timelines are linear in clinic count and scale with your security review cadence — typical full federation: 90–120 days.

Week 01

Contracts & security review

  • BAA + DPA signature
  • Diligence packet review
  • Architecture deep-dive
  • Tenant provisioning
Week 02

Identity & data migration

  • SAML/OIDC federation
  • Role mapping
  • EHR export → FHIR import
  • Patient consent campaign
Week 03

Clinical & operational config

  • Visit type catalog
  • Clinician schedules
  • Pharmacy formulary
  • Pricing & payer rules
Week 04

Pilot & training

  • 5–10 staff dry-run encounters
  • Scribe calibration
  • Master Equation seeding
  • Final acceptance test
Day 30

Go-live

  • First patient encounter
  • Live ledger writes
  • 24×7 NOC monitoring
  • Dedicated CSM week 1

Schedule architecture review

90 minutes with a CH solutions architect + a member of our security team. Walk through the diagrams, ask the hard questions, identify the integration risks. We bring the deck; you bring the auditor.

Schedule review →

Talk to a clinic that did this

Reference calls with operators who deployed CH in the last 12 months — single clinic, 14-clinic MSO, 220-clinic regional system. We'll connect you to whichever shape matches yours.

Request a reference →