OpenJDK for healthcare

One requirement an external wrapper cannot meet

A heap dump of a clinical service can hold patient identifiers and medical data in cleartext. Under HIPAA, electronic protected health information must be safeguarded wherever it is stored, and a heap dump is storage. How the VM writes that dump, and where it lands, is crash-path behaviour inside the runtime; no sidecar can change it from outside. Just as important: sending a PHI-bearing dump to a third-party SaaS for analysis introduces a new data processor into a regulated boundary. It is one of several requirements that fall outside what external tooling can reach; the policy point essay sets out the general case, here applied to PHI.

What Eliya gives a healthcare workload today

One flag, -XX:EliyaProfile=Production, activates the Phase 1 operational-readiness defaults: heap dump on OutOfMemoryError to a structured path, a predictable crash-log path that survives the container, Native Memory Tracking (summary), reinforced container support, and exit on OutOfMemoryError.

All diagnostic capture and, in Phase 2, local analysis run on your own infrastructure. No SaaS, no telemetry, no phone-home. PHI captured during an incident stays inside the boundary it was generated in. Eliya is the same Java you already run, on the upstream OpenJDK 25 source tree, GPLv2 with the Classpath Exception, on a quarterly LTS maintenance cadence.

What does not ship today

Eliya does not ship a "HIPAA" profile, and it does not redact PHI inside a heap dump today. What it ships is the policy point, the structured diagnostic foundation, and local-only capture so that PHI never leaves your perimeter for diagnosis. Compliance-aligned profile values are demand-gated on the roadmap, not in the 25.0.3 binary.

Next: download Eliya, read the thesis, or see JVM forensics vs APM.