MediFlow
HIPAA-Compliant Healthcare API PlatformBackend Architect
/ The Brief
Build a HIPAA-compliant API layer for a telemedicine startup — connecting patients, providers, and insurance verification in a context where a data breach wasn't just a technical failure but a legal one.
/ The Solution
Every architectural decision started from the compliance requirement. PHI encrypted at rest and in transit. Row-level access so providers only see their own patients. Automated audit trails on every access. Zero-trust network on AWS — nothing talked to anything it didn't need to. FHIR-compatible data models so EHR integrations didn't need custom connectors each time. Third-party HIPAA audit: passed first attempt. Two years in production at 99.9% uptime.
Role:Backend Architect
Year:2021
Technologies:Node.jsAWSHIPAASecurity
Architecture:Zero-trust: all services in private VPC. PHI in Aurora with column-level encryption. Audit trail via DynamoDB Streams. API Gateway + Lambda for auth layer. One IAM role per service. FHIR R4 compatible data models.
