Skip to content
Case study · Healthtech

Healthtech
Clinical operations / telemedicine

A clinical network across multiple North American sites needed a patient portal, a clinical workflow tool, and a telemedicine surface, all engineered to the HIPAA + PIPEDA bar from day one, not retrofitted before the next inspection.

Client
PLACEHOLDER: anonymized North American clinical network
Sector
Clinical operations / telemedicine
Duration
PLACEHOLDER: approximately nine months end-to-end

The premise

Healthtech projects fail in predictable ways. The patient portal turns out to leak metadata between tenants once usage scales. The clinical workflow that worked in the prototype becomes unusable for a clinician at 7 a.m. on minimal sleep. The telemedicine surface ships unencrypted recordings because the storage policy was never engineered. The audit trail that the regulator needs is reconstructible in theory but not in practice.

The engagement below is a composite of the kind of clinical-network engineering SDEN ships. Identifying details and quantified figures are PLACEHOLDER-marked until the client signs off on a published version.

Challenge

A clinical network with three SaaS tools and a paper trail

The client operated multiple clinical sites with a different SaaS booking tool at each site, a separate practice-management system, paper consent forms scanned into a shared drive, and a teleconferencing tool used for consults that had no clinical-grade encryption guarantees. Patient data crossed five vendors by the time a single consult was complete. The privacy officer flagged this as a posture that would not survive the next inspection.

The clinical team also wanted the telemedicine workflow to be usable on a low-end phone from a waiting room, without training, with the same identity the patient used to book the appointment. Most off-the-shelf options either failed the privacy bar or failed the usability bar.

Approach

One product, HIPAA-engineered, mobile-first

SDEN's clinical engineering defaults applied: PHI minimized at the schema, audit logs on every clinical read, tenant isolation enforced at the type level and the row level, end-to-end-encrypted video for consults, and WCAG 2.2 AA accessibility tested against assistive technology before release.

  1. Phase 1: DPIA-grade scoping

    Three weeks. Data Protection Impact Assessment written alongside the architecture document, with the DPO in the room. Output: the structured data inventory, the retention schedule, the lawful basis per processing purpose, and the threat model the engineering would target.

  2. Phase 2: Patient portal and clinical workflow

    Twelve weeks. Next.js + TypeScript + React on the front, NestJS + PostgreSQL with row-level security on the back. Mobile-first, accessibility-tested, with audit logs on every clinical read streamed to an isolated destination.

  3. Phase 3: Telemedicine surface

    Eight weeks. End-to-end-encrypted video using a vetted WebRTC stack, with recording opt-in and consent-logged, and stored under the same encryption posture as the clinical record. Latency tuned against a low-end mobile baseline.

  4. Phase 4: Migration and joint operations

    Seven weeks. Per-site cutover with the clinical lead in the room each time. Joint on-call rotation with the client's team during the support window so operational knowledge transferred, not just the code.

Outcome

One product, posture signed by the DPO, no failed inspections

The patient portal, the clinical workflow, and the telemedicine surface ship from one codebase the client owns end-to-end. The DPO signed off on the architecture before the first patient onboarded. The first regulatory inspection after launch passed without findings. PLACEHOLDER: confirm the regulator and the exact inspection date before publishing externally.

Operationally, the clinical team replaced five vendors with one product. New clinicians are productive on the workflow in under a day rather than the week the previous setup required. PLACEHOLDER: confirm the onboarding-time figures with the clinical operations lead.

5 → 1 PLACEHOLDER

vendors in the consult-to-record flow

0 PLACEHOLDER

findings on first regulatory inspection

1 day PLACEHOLDER

clinician onboarding to the workflow

Continue

More from SDEN: healthtech

Case study

Fintech: Payments / regulated finance

SDEN re-engineered the payments ledger of a regulated North American fintech from a single-database approximation into a typed, append-only, auditable system, without taking the product offline.

Case study

Real estate: Multi-agency network platform

SDEN designed and shipped a multi-tenant platform for a real-estate network, replacing four disconnected tools with one product, including AI-assisted valuation built on the Real Estate lineage.

Engineering domain

Software & Mobile Development

We design and ship web platforms, applications, and native or cross-platform mobile apps, from prototype to store and production release, built for performance and real-world use, on modern engineering foundations.

Let's get to work

Got a project worth building?

Tell us about your project. We work with a limited number of clients at a time, and we'll get back to you within 24 working hours with a first engineer's read, no commitment.

Start a project[email protected]
WhatsAppChat with the team
LinkedInFollow SDEN
X@sdenengineering