Skip to main content

Production Checklist

App Orchard requirementsโ€‹

  • HTTPS redirect URI registered in App Orchard
  • client_id is the production (non-sandbox) value from App Orchard
  • PKCE S256 is used (โœ“ built in)
  • Patient banner rendered when need_patient_banner=true (โœ“ built in)
  • App reviewed and approved by Epic (2โ€“4 weeks)

Infrastructureโ€‹

  • HTTPS with valid certificate (Let's Encrypt or hospital CA)
  • server.forward-headers-strategy=native set for proxy deployments
  • Redis (or sticky sessions) configured for multi-instance deployments
  • Database backups if you add persistent storage
  • Monitoring: Actuator /health endpoint exposed to load balancer

Securityโ€‹

  • client_id and any secrets in environment variables (not in application.yml)
  • Log level is INFO or WARN in production (not DEBUG)
  • Session timeout configured (spring.session.timeout=3600s)
  • HTTPS enforced โ€” no HTTP in production
  • CORS configured if frontend and backend are on different origins

Compliance (HIPAA)โ€‹

  • BAA signed with your cloud provider if PHI passes through
  • Access logs retained per your organisation's retention policy
  • Session data (which contains PHI via patient context) encrypted at rest in Redis
  • Epic App Orchard review completed (they check HIPAA compliance posture)

Testing before go-liveโ€‹

  • Full EHR launch flow tested with Epic production sandbox
  • Token refresh tested (wait > 58 minutes or use a short-lived test token)
  • Session expiry warning visible to users
  • Error pages render correctly (no stack traces exposed)
  • Accessibility: patient banner keyboard-navigable, contrast ratio meets WCAG 2.1 AA

โ† Deployment