The Components of Olive

Olive is a set of software systems and infrastructure which are hosted both on premise within a client organization as well as in the CrossChx Secure HIPAA Cloud Environment.

Olive Workstation

The client organization provides a workstation which is similar to a standard workstation they would provide to an employee  This workstation should have the software installed on it necessary for Olive to perform its tasks and should live within the client environment.

The number of workstations that Olive needs is determined by the amount and type of workflows that Olive is responsible for.  During the project scoping phase the number of workstations will be determined and provided to the client. 

Note: Having multiple client workstations available to CrossChx Automation Engineers during the Olive workflow training process can speed up initial delivery of a workflow.

CrossChx supports workstations that are either physical hardware living on premise or virtual workstations which live on the client’s virtualization infrastructure such as VMWare.  To increase the reliability of Olive, using virtualization infrastructure over physical hardware for the Olive Workstation is preferred.

Mimic

Mimic is a software platform developed by CrossChx and used to initially train Olive how to interact with a software system. An Automation Engineer uses this tool to build a workflow which is a set of actions that Olive must take in order to achieve a task.  

Mimic will only need to be on the Olive workstation when Olive is initially being trained or is being supported by CrossChx. No stakeholder at the client will have to interact with Mimic.

Chxbot

Chxbot is an application which runs workflows previously trained in Mimic.  Chxbot supports three core types of automation:  Desktop[1], Web[2], and Computer Vision. In addition, Chxbot supports intelligent decision making through the use of trained Machine Learning models. 

Chxbot will be run on the client provided Olive Workstation every time a workflow needs to be run for training, production, or support.

Olive Agent

The Olive Agent is a Windows Service that is deployed on each Olive Workstation.  The Olive Agent is responsible for overseeing Olive running on the workstation.  The Olive Agent securely requests scheduled work to be done from the CrossChx HIPAA Cloud Environment and then executes that work on the workstation.  

CrossChx HIPAA Cloud Environment

The CrossChx HIPAA Cloud Environment is hosted by CrossChx and is responsible for providing monitoring and visibility as to how well Olive is performing.  Configurations such as what times Olive should perform work are also managed in the cloud environment and are maintained by CrossChx staff.

Connect Gateway Appliance

The Connect Gateway Appliance is only needed if the hospital does not have a VDI solution for remote access to the Olive Workstation.  The Connect Gateway is a network level device which is deployed within a client network to help provide access to the Olive Workstation from the CrossChx HIPAA Cloud Environment.

Olive Lifecycle Phases

While Olive is working for a client it will always be in one of three phases:  Training, Production, or Support. 

Training and Support Phases

The training and support phases have several common characteristics and requirements beyond the Production phase of Olive.  The following are high level characteristics and requirements of these phases:

Training and Support - Virtual Desktop Infrastructure (VDI)

Figure 1 - Support and Training Phases Using VDI Access

Training and Support - CrossChx Connect Remote Appliance

Figure 2 - Support and Training Phases Using Connect Gateway Appliance

Production Phase

Figure 3 - Production Phase Data Flow

Olive Requirements Overview

User Account Requirements

For each workflow in production one user account with permissions to login to the Olive Workstations are requested.  At a minimum every Olive Workstation will need a unique Olive user account.

Other systems that Olive will need to achieve the workflow will also need user accounts created.  Examples include third party web portals and software with independent user management.

For training and support phases user accounts will need to exist which allow for remote access by the CrossChx Automation Engineering team.

Olive Workstation System Requirements

Network Configuration Requirements

CrossChx Security

The CrossChx Secure HIPAA Cloud Environment is built based upon recommended best practices for security and compliance.[3]  Olive also only relies on technologies and system configurations that have been validated against HIPAA Privacy Rule.[4]

CrossChx company policies are based on industry standard security controls[5] and HIPAA Privacy Rule to safeguard client data. CrossChx company policies are available upon request.

All data is stored encrypted at rest and in transit in the CrossChx HIPAA environment.

Credential Management

CrossChx HIPAA Cloud Environment maintains a protected password vault for storage of client Olive user credentials.  

Figure 4 - Credential Management Overview

The credential vault is implemented to provide isolation, auditing, and granular access control and makes use of the following design considerations:

Auditing and Monitoring

CrossChx implements multiple technologies to help ensure the security and compliance of the HIPAA Cloud Environment and the software tools employed in the environment:

CrossChx also employs software build tools and processes dedicated to security and compliance:

More details on CrossChx software development lifecycle and processes related to security can be found in the CrossChx company policy documents.  


[1] Windows UI Automation: https://msdn.microsoft.com/en-us/library/windows/desktop/ee684009(v=vs.85).aspx 

[2] Selenium Web Automation: https://www.seleniumhq.org/ 

[3] AWS Architecting for Security and Compliance: https://d0.awsstatic.com/whitepapers/compliance/AWS_HIPAA_Compliance_Whitepaper.pdf 

[4] AWS HIPAA Eligible Services:

https://aws.amazon.com/compliance/hipaa-eligible-services-reference/ 

[5] NIST 800-53 (Rev 4) Security Framework: https://nvd.nist.gov/800-53 

[6] OSSEC: https://ossec.github.io/ 

[7] ClamAV: https://www.clamav.net/ 

[8] OpenVAS - Open Source Vulnerability Scanning: http://www.openvas.org/ 

[9] Clair: https://github.com/coreos/clair