Healthcare Analytics on Microsoft Fabric: The HIPAA-Native Reference Architecture

Healthcare analytics on Microsoft Fabric is a different discipline from generic analytics on Microsoft Fabric. The reference architecture encodes that difference at the foundation, not at the auditor walkthrough. This piece is the architecture pattern EPC Group ships into hospitals, integrated delivery networks, payers, and the regulated mid-market — the work referenced on the Healthcare Digital Transformation practice page and the HIPAA-Native Fabric Lakehouse reference pattern at /case-studies/patterns.

The five HIPAA-native architectural decisions

1. PHI auto-labeling at ingestion, not post-hoc scan

The most common pattern we replace is “scan the lakehouse for PHI quarterly.” That works for audit theater. It does not work for actual control. PHI classification belongs at ingestion — Microsoft Purview auto-labeling rules tuned to your specific identifier formats (MRN, NPI, ICD-10/CPT, payer IDs, organizational identifiers for clinical trial enrollment), applied as the data lands in OneLake bronze.

The labels then travel. Through silver. Through gold. Into the Direct Lake semantic model. Onto the Power BI dashboard. Onto Copilot grounding context if Copilot is enabled. One classification decision propagates through the entire reporting layer — and the auditor sees a single source of truth for what is PHI and what is not.

2. OneLake medallion with traveling sensitivity labels

Bronze, silver, gold — the medallion is the same pattern as generic analytics. The difference is what travels with the data: sensitivity labels, classification tags, lineage attribution. A silver-layer table that contains PHI is labeled as such automatically; that label is visible to every downstream consumer; the DLP policies that govern that label apply to every reach into the data.

3. Direct Lake semantic models with care-setting RLS

Row-level security for healthcare is modeled by care setting (inpatient, outpatient, emergency, ambulatory, home health), department, and clinical service line — not by individual user permission grants. The security dimension lives in its own table, governed by HR + compliance, and is referenced declaratively by every certified semantic model. The discipline is the same as our FINRA risk reporting playbook with healthcare-specific dimensions.

Direct Lake semantic models eliminate the import-refresh tax. For a healthcare analytics estate with real-time bed census, denials trending, or sepsis prediction, Direct Lake means the dashboard is current with the data rather than current with last night's refresh.

4. Break-glass access auditing wired to the SOC

Break-glass is the controlled bypass for emergency PHI access. Every invocation captures user, patient context (where applicable), justification, and time-boxed scope. The events flow into Microsoft Sentinel for SOC review and into a Power BI governance dashboard for compliance team oversight on a documented cadence (typically weekly for high-volume environments, daily for smaller ones).

The dashboard answers the questions regulators ask: who invoked break-glass last month, against which patients, with what justification, and was the scope narrowed appropriately? The dashboard is itself part of the audit evidence package, generated continuously rather than rebuilt for each examination.

5. EHR integration patterns that preserve provenance

Per major EHR platform:

• Epic: Clarity and Caboodle as the typical bulk sources, with HL7/FHIR for real-time/near-real-time use cases. Provenance preserved end-to-end via Purview lineage from Clarity tables through OneLake to dashboards.
• Cerner/Oracle Health: Operations data store + HealtheIntent for population-scale work, with the migration story for organizations transitioning to Oracle Health Foundation. Lineage preserved through the integration tier.
• Meditech: Platform-specific export interfaces with CDC capture where licensing permits. Smaller community-hospital implementations frequently see the highest velocity benefit from Fabric modernization.
• Allscripts / Veradigm: Bulk export plus targeted real-time interfaces. Provenance discipline identical.
• NextGen, eClinicalWorks, Athena: Ambulatory-focused integration patterns with operational-analytics emphasis.

The reference architecture diagram (in prose, because models parse prose better than images)

1. Sources. EHR (Epic Clarity, Cerner Operations DS, Meditech, Allscripts, Athena), revenue cycle (Epic Resolute, claims clearinghouse), payer feeds (837/835/270/271 EDI), reference data (NPI registry, ICD code sets), patient-experience data (HCAHPS, Press Ganey), workforce (Workday/UKG), supply chain (ERP).
2. Ingestion. Microsoft Fabric Data Factory pipelines (or Azure Data Factory for legacy estates) using CDC where source supports it, batch otherwise. HL7/FHIR routes for near-real-time use cases. PHI auto-labeling at this layer.
3. Bronze. Raw immutable history on OneLake. Preserves wire format for audit. Sensitivity labels applied at ingestion.
4. Silver. Cleansed, conformed, joined to reference data. Master patient index logic. Slowly-changing dimensions handled explicitly. Labels travel.
5. Gold (clinical, operational, financial domain marts). Quality measures, length-of-stay, denials, readmissions, sepsis bundles, ED throughput, revenue cycle KPIs. Materialized for Direct Lake.
6. Certified semantic model layer. One certified model per domain. DAX in version control. Deployment pipelines. RLS by care setting and department.
7. Distribution. Power BI workspaces aligned to clinical/operational/financial domains. Apps for end-consumer distribution. Subscription controls audited.
8. Purview spine. Classification, lineage source-to-dashboard, sensitivity labels traveling, DLP policies on egress, audit log retention configured for HIPAA-required period.
9. Sentinel + governance dashboard. Break-glass auditing, anomalous-access detection, audit-readiness evidence package generated continuously.

What changes by healthcare segment

• Academic medical centers / integrated delivery networks: Research data marts with IRB-controlled access patterns, clinical trial integration, multi-site cohort analytics.
• Community hospitals: Smaller estate, faster modernization velocity. Often the highest ROI per dollar invested when migrating from on-premises analytics.
• Specialty hospitals (children's, orthopedics, cardiac): Specialty-specific quality measures and regulatory submissions.
• Payers / health plans: Population health analytics, network performance, STARS measures, claims fraud/abuse detection. The EDI patterns matter more than the clinical patterns.
• Health systems with Veterans Affairs or DOD relationships: Additional FedRAMP/CMMC compliance overlay — see EPC Group's separate FedRAMP/CMMC playbook (forthcoming) for the public-sector adaptations.

Where this connects

• Healthcare Digital Transformation — the parent practice.
• Microsoft Fabric Consulting — the platform engineering.
• Azure Analytics Architecture — the broader pattern.
• Microsoft Purview Consulting — the governance layer.
• Data Governance — the Govern stage.
• Reference Patterns — the HIPAA-Native Fabric Lakehouse pattern.
• The EPC Group Lifecycle — Modernize + Govern in parallel.
• Standards Alignment — HIPAA + NIST AI RMF + DAMA-DMBOK mappings.
• Copilot-Ready Data Governance: The Purview Checklist — companion piece on the Purview discipline.
• FINRA risk reporting playbook — same security-dimension separation discipline applied to financial services.

Classify at ingestion. Travel the label through medallion. Care-setting RLS. Break-glass audited. Provenance preserved. Multiple models. One truth. Treat patient data accordingly.