Pre-Sales · Healthcare · Scalable
Atrium Health at Vectorflow: Scalable Badge Access Architecture
Overview
Built a cost-efficient cloud architecture for Atrium Health at Vectorflow, ensuring scalable and optimized badge access workloads. Leveraged automation, serverless solutions, and data lifecycle management to reduce infrastructure costs while maintaining performance and compliance across hospital sites.
Architecture Component Breakdown
🚪 Badge Access Control (API + DB)
Manages secure access to hospital zones based on staff roles and visitor privileges. Ensures badge issuance is tightly mapped to physical access policies, minimizing unauthorized entry.
📤 AWS Lambda (Badge Issuance Flow)
Automates badge creation workflows in real time, reducing manual approval bottlenecks. Enables fast response to identity changes such as emergency clearances or revokes.
🧠 Third-Party ID Verification (IDM)
Integrates with hospital identity providers for secure access provisioning. Ensures only verified individuals are onboarded into access workflows with full audit trails.
📦 Amazon S3 + Glacier
Stores logs of badge print events, access history, and configuration changes. Lifecycle policies archive long-term logs to Glacier, supporting compliance retention rules.
📈 CloudWatch + CloudTrail
Tracks badge events, anomalies, and system health. Enables proactive alerting and compliance auditing across badge creation, approval, and entry logs.
🔐 AWS KMS
Encrypts sensitive access data including badge templates and user identity information. Supports granular key policies for hospital-level compliance enforcement.
⚠️ Alert Workflow (Lambda + SNS)
Sends real-time alerts for failed badge print attempts or policy violations. Ensures rapid response by IT and security teams to potential physical access issues.
🔄 Self-Healing (Auto Revert Config)
Detects drift from badge policy configuration and auto-corrects it using predefined templates. Minimizes downtime or security exposure due to misconfiguration.
🧩 API Gateway
Facilitates secure API access for integration with mobile badge apps and facility systems. Enforces throttling and access controls to prevent misuse or overload.
🏥 Custom Hospital Logic (Per Client)
Supports client-specific rules such as visiting hours, operating room restrictions, and staff shift overrides. Adaptable logic enables white-label deployment across hospitals.
Key Features
- Application Load Balancer for efficient request distribution across badge access endpoints
- Auto Scaling Groups dynamically adjust based on check-in demand at each site
- AWS Glue + Athena for cost-efficient access analytics and compliance reporting
- S3 + Glacier lifecycle policies for cost-effective long-term log storage
- EventBridge-driven automation for optimizing resource utilization during off-peak hours
- AWS Pinpoint for targeted user notifications and engagement around access events
Final Thoughts
This architecture ensures a scalable, secure, and cost-effective cloud environment for Atrium Health. With event-driven automation and optimized storage policies, infrastructure costs reduced significantly while maintaining high performance across all hospital sites.
Read the full client story: Full lifecycle SE at Atrium Health →