MediFlow

HIPAA-Compliant Healthcare API PlatformBackend Architect

Node.jsAWSHIPAASecurity
2021

/ The Brief

Healthcare teams deal with patient data that cannot afford to be mishandled. A breach is not just a technical failure; it carries legal consequences, and the architecture has to reflect that from day one.

/ The Solution

PHI encrypted at rest and in transit. Row-level access so providers only see their own patients. Automated audit trails on every access. Zero-trust network on AWS where nothing talks to anything it does not need to. FHIR-compatible data models so EHR integrations do not require custom connectors each time. Third-party HIPAA audit: passed on the first attempt.

Role:Backend Architect

Year:2021

Technologies:Node.jsAWSHIPAASecurity

Architecture:Zero-trust: all services in private VPC. PHI in Aurora with column-level encryption. Audit trail via DynamoDB Streams. API Gateway + Lambda for auth layer. One IAM role per service. FHIR R4 compatible data models.

Full Stack
DevOps
Architecture
Mobile Apps
Cloud
React
Node.js
TypeScript
Security
AWS
Full Stack
DevOps
Architecture
Mobile Apps
Cloud