Renegade.health is a telemedicine and lab analysis software. The Customer commissioned Interexy to make the existing web app HIPAA compliant so they can launch the product, then decided to continue working with our healthcare development team for improvement and weekly updates for web app’s maintenance.
Upon our team’s integration into the development process, we encountered a project that had reached a halfway mark of completion. It was notable, however, that a significant portion of the core features had been implemented without any encryption protocols in place. Given the imperative of achieving full HIPAA compliance, especially in handling sensitive patient data, we agreed with the Customer to implement proper encryption.
OVERWIEV
Product Overview
This telemedicine software was originally developed by a private laboratory, allowing patients to order an At-Home PrEP Test Kit to remotely check their health.
Web app’s functionality:
- Four user roles – patients, physicians, navigators and administrators;
- Ability to book a call with a physician through Medcase third party;
- Ability to check test results and consult a doctor in case of any abnormalities;
- Register At-Home PrEP Test Kit;
- Buy an STI Test Kit from Amazon and register through the web app.
OVERWIEV
Customer Request
The Customer commissioned Interexy to:
- Make this web app HIPAA compliant;
- Improve UX experience for the user part of the web app;
- Integrate third party API to process appointments booking flow.
Solution
Our Solution
HIPAA Compliance
We organized a comprehensive Technical Security Digest to make the Renegade.health compliant with industry’s regulations and keep the business on a safe side of the law.
The process from our side involved:
- Implementation of automated user signoff after a fixed amount of time;
- Implementation of emergency reset credentials procedure via secret questions or other information only the user knows in case password or email access is lost;
- Encryption of all sensitive data in the database and decryption only on the data access layer on-premise;
- Implementation of logs for all user activities and data mutation;
- Make sensitive data traceable and provide ability to recover the previous state from the database/or admin panel;
- Implementation of 2FA and MFA;
- Utilization of Google Security Command Center for security monitoring and incident reporting;
- Organize access to the data layer only via internal VPN from the system layer. Access the system layer only via VPN from the Gateway and implement Gateway;
- Inability to store .env.production in the repo, use Google Cloud Secret Manager;
- Adding the ability to deactivate a user from the Admin panel;
- Make the database accessible only via an internal VPN from the server.
Encryption
For encryption, we selected PGCrypto as our most relevant encryption solution since it not only provides simple implementation but also ensures reliability in securing sensitive information. This strategic choice aligned with our commitment to safeguarding patient data and upholding the highest standards of compliance in healthcare.
Following weeks of dedicated effort, our team reached a pivotal moment as we geared up to execute a comprehensive migration encompassing dozens, if not hundreds, of modifications.
These modifications spanned crucial areas such as encryption enhancements, refining the user interface and experience (UI/UX), and the integration of cutting-edge features.
To properly prepare for this significant transition, we meticulously crafted a full copy of the production database. Subsequently, every modification was methodically applied to this duplicate dataset.
This process was executed with precision, ensuring that each nuanced enhancement and newly introduced feature seamlessly found its place. Our commitment to this meticulous approach aimed to guarantee a flawless migration, leaving no room for any unforeseen issues.
Technology
Technologies and Tools
The following tech stack was chosen to ensure fast delivery of new features, reduced amount of errors, and efficient deployment of critical hotfixes, fostering an agile and responsive development environment:
Node.js.
As a powerful JavaScript runtime, it allowed us to build scalable and performant server-side applications, ensuring a responsive and dynamic user experience.
PostgreSQL
We relied on PostgreSQL as our preferred relational database management system. Known for its reliability and extensibility, PostgreSQL ensures the integrity and efficiency of data storage.
Knex
Simplifying database interactions in our Node.js applications is Knex, a SQL query builder. With its clean syntax and versatility, Knex streamlines the process of crafting and executing SQL queries.
Docker
Was selected for seamless deployment and consistency across various environments. Containers enabled us to package our applications and dependencies, ensuring reliability and efficiency in deployment.
Google Cloud
Our infrastructure thrives on the cutting-edge services offered by Google Cloud. With an array of cloud computing, machine learning, and data storage solutions, Google Cloud empowered us to deliver high-quality, scalable applications to Renegade.health users.
CI/CD
In our ongoing project, we’ve implemented Continuous Integration and Continuous Deployment (CI/CD) to accelerate development and swiftly address issues. CI/CD ensures rapid code integration, automated testing, and seamless deployment, promoting a consistent and reliable software delivery process.
Results
Results
Once the HIPAA compliance and encryption were finalized, the Customer was able to successfully launch the product to the market.
Now our team continues working on:
- Shopify integration to let patients buy STI Kit directly from the platform;
- Developing internal messaging solution for patient-doctor communication;
- Weekly updates for app’s maintenance.
Featured Projects
People that trust us
Interexy LLC is a Miami-headquartered custom software development and IT consulting company with a deep expertise in over 15 industries offering innovative solutions for such market giants as SAP, Pampers & General Electric
"Their consistency and the care they put into clients’ relations are outstanding."
Executive, HAV WTR"Interexy’s communication and flexibility are impressive."
CEO, Athletic All Fitness"Any challenges are promptly communicated. Resolutions and workarounds are provided."
CEO, Print on Demand"Their specialists provide us and our clients peace of mind."
CEO, Livepage"I love their flexibility and their willingness to take my idea and develop it."
CEO, My CookBook"They were flexible when it came to changes in the scope."
CEO, SpotLite Media LLC"I was thoroughly impressed with the creativity of the developers."
CEO, Anderson Applications LLC"Interexy LLC is in line with our expectations and they are always available."
Founder, Tinga Nutrition Inc"The flexibility of the team and the ease of communication are impressive."
Business Operations Manager, ZiO Health