[type.excalidraw]

extend-glob = ["*.excalidraw"]

check-file = false

[[annotations]]

path = [

"profile/architecture.excalidraw",

"profile/architecture.png",

]

precedence = "override"

SPDX-FileCopyrightText = "Copyright (C) 2025 Opal Health Informatics Group <https://www.opalmedapps.com>"

SPDX-License-Identifier = "CC-BY-SA-4.0"

We define patient-in-the-loop data as health data, with helpful explanations, that are shared in real-time with the patient (or their informal caregivers) just as they are with the other (professional) members of the patient's care team.


At a high-level, the ***Opal patient-in-the-loop data*** platform's architecture is quite simple.

The platform's primary goal is to securely share data across the perimeter of a healthcare institution's protected network between the patient's Opal app and their medical record in the hospital's source systems.

<details>

<summary>Details about Opal components</summary>

Users register for an Opal account using a registration code that is generated by healthcare professionals inside the hospital using the OpalADMIN application (`opal-admin` and `opal-admin-legacy`).

On their mobile phone or browser, the user accesses the Opal registration web app (`opal-registration`) from which they securely communicate with the Opal Listener (`opal-listener`) running inside the hospital via *Firebase* (currently *Realtime Database*).

Once registered, the user is provided with their own personal Opal account using which they can access the patient's hospital data via the Opal App (`opal-app`).

To retrieve patient data from the hospital, the user logs into their personal Opal account using the Opal App on their mobile phone or browser (`opal-app`).

Upon successful authentication, the user essentially places a request for their data on the *Realtime Database*.

**Note:** The user never logs into the hospital directly and the hospital's servers are never directly exposed to the internet.

The Opal PIE is the Opal Patient Information Exchange.

It is essentially the complete Opal solution inside the hospital's network, comprising `opal-listener`, `opal-admin`, `opal-admin-legacy` and the Opal databases.

The Opal Listener (`opal-listener`) inside the hospital monitors the *Realtime Database* for requests for data from authenticated users.

When an authenticated request is received, the listener decrypts it, and fetches the data from the Opal database, or makes an API request to another component inside the Opal PIE.

The response is then encrypted so that only the user can decrypt them and puts the encrypted response onto the *Realtime Database* from where the user's Opal App (`opal-app`) then downloads it and displays it to the user.

In a similar way, the patient can send data into the hospital, such as by answering clinical questionnaires.

**Note:** Connections with Firebase are encrypted with TLS.

To protect the patient data, the data is also end-to-end-encrypted.

All requests and responses are encrypted on either side so that data cannot be read within the *Realtime Database*.

This is to ensure that only the Opal PIE in the hospital and the Opal App can access the unencrypted data.

The OpalADMIN (`opal-admin` and `opal-admin-legacy`) application is used by the clinical and administrative staff to set up the rules for publishing data for patients (which data from the source systems and how the data are presented to the patient, e.g., aliasing of clinical terms and provision of additional explanatory content).

</details>

- **opal-app:** The patient-facing web and mobile application (referred to as the *Opal Patient Portal*) used by users to access their patient data. [JavaScript, AngularJS, Cordova, Onsen UI].

- **opal-admin:** The staff-facing web application (referred to as *OpalADMIN*) used to create and manage the publishing of data and education materials to patients as well as access management for patients and staff (clinicians and administrative personnel).

- **opal-admin-legacy:** The staff-facing web application (referred to as *OpalADMIN Legacy*) used to create and manage the publishing of data and education materials to patients as well as access management for patients and staff (clinicians and administrative personnel).

- **opal-listener:** The Opal listener application (referred to as the *Opal Listener*) that runs in the background and handles requests from the Opal Patient Portal and the Opal Registration site via Firebase. [Node.js]

- **opal-registration:** The public-facing webpage (referred to as the *Opal Registration site*) where Opal users can create their Opal accounts. [JavaScript, AngularJS]

- Opal Website: https://www.opalmedapps.com

- Opal community page: https://www.opalmedapps.com/community

- Documentation: https://docs.opalmedapps.com

- Community discussions: https://github.com/orgs/opalmedapps/discussions