A network of 50+ independent clinics was managing patient scheduling on spreadsheets and phone calls. We built a HIPAA-compliant telehealth platform — scheduling, video consultations, and EHR integration — in 16 weeks.
The client operated a network of 53 independent general practice and specialist clinics across two regions. Patient scheduling was handled entirely through phone calls and shared spreadsheets. Referrals between clinics were managed via fax. No patient had a unified record across more than one clinic location.
Post-pandemic demand for telehealth had exposed the fragility of this model. Clinics were losing patients to competitors who offered online booking and video consultations. The clinical director had been pitched several off-the-shelf platforms, all of which fell short on either HIPAA compliance documentation, EHR integration capability, or the flexibility to support their multi-clinic, multi-specialty model.
They needed a purpose-built system. They also needed it to not break anything that was already working — a significant constraint with 53 active clinics and tens of thousands of existing patient records.
Healthcare software has a deceptively simple surface — it's calendars, forms, and video calls. But the compliance layer underneath is not simple. We started with a HIPAA risk assessment before writing a line of code: data flows, PHI touchpoints, access controls, audit requirements, breach notification procedures. This assessment became the governing document for every technical decision that followed.
We chose AWS HIPAA-eligible services throughout and executed a Business Associate Agreement before any patient data entered the system. Architecture was designed with HIPAA's minimum-necessary principle as a constraint — no component had access to PHI it didn't need to process its function.
Eight two-week sprints. The first two sprints were foundational: identity, auth, audit logging, and the FHIR integration layer. Nothing visible to users — but everything that everything else depended on. We resisted the temptation to build visible features first.
Sprint 3–4 built scheduling: clinic calendars, appointment types, availability rules, and the booking flow for patients. Sprint 5 added telehealth: video session creation, waiting rooms, session recording consent, and post-consultation note capture. Sprint 6 was referrals — the cross-clinic workflow that had previously been fax-dependent.
Sprint 7 was the migration: importing patient records from the existing EHRs, de-duplicating across clinic locations, and validating with clinical staff before any data went live. Sprint 8 was clinic onboarding, training documentation, and production cut-over — clinic by clinic, over 10 days.
53 clinics live on launch day, with zero data loss in migration. The admin time reduction — measured by the client's operations team across a sample of 12 clinics — averaged 40% per patient interaction: less time on phone calls, no manual referral paperwork, automated reminders reducing no-shows by approximately 22%.
The telehealth adoption rate exceeded the client's projections: 34% of follow-up appointments were conducted via video within the first month. The clinical director reported that two clinics that had been considering closing due to operational overhead reversed that decision after the platform launched.
The system passed a third-party HIPAA compliance audit six weeks after launch with no findings requiring remediation — the first time any system in the network had achieved a clean audit.
We understand the constraints. Let's talk about what you're building.
Request a Strategy Session