is a telemedicine and lab analysis software. The Customer commissioned Interexy to make the existing web app HIPAA compliant so they can launch the product, then decided to continue working with our healthcare development team for improvement and weekly updates for web app’s maintenance.

application on tablet view

Upon our team’s integration into the development process, we encountered a project that had reached a halfway mark of completion. It was notable, however, that a significant portion of the core features had been implemented without any encryption protocols in place. Given the imperative of achieving full HIPAA compliance, especially in handling sensitive patient data, we agreed with the Customer to implement proper encryption.


Product Overview

This telemedicine software was originally developed by a private laboratory, allowing patients to order an At-Home PrEP Test Kit to remotely check their health.

Web app’s functionality:

  • Four user roles – patients, physicians, navigators and administrators;
  • Ability to book a call with a physician through Medcase third party;
  • Ability to check test results and consult a doctor in case of any abnormalities;
  • Register At-Home PrEP Test Kit;
  • Buy an STI Test Kit from Amazon and register through the web app.


Customer Request

The Customer commissioned Interexy to:

  • Make this web app HIPAA compliant;
  • Improve UX experience for the user part of the web app;
  • Integrate third party API to process appointments booking flow.


Our Solution

HIPAA Compliance

We organized a comprehensive Technical Security Digest to make the compliant with industry’s regulations and keep the business on a safe side of the law.

The process from our side involved:

  • Implementation of automated user signoff after a fixed amount of time;
  • Implementation of emergency reset credentials procedure via secret questions or other information only the user knows in case password or email access is lost;
  • Encryption of all sensitive data in the database and decryption only on the data access layer on-premise;
  • Implementation of logs for all user activities and data mutation;
  • Make sensitive data traceable and provide ability to recover the previous state from the database/or admin panel;
  • Implementation of 2FA and MFA;
  • Utilization of Google Security Command Center for security monitoring and incident reporting;
  • Organize access to the data layer only via internal VPN from the system layer. Access the system layer only via VPN from the Gateway and implement Gateway;
  • Inability to store .env.production in the repo, use Google Cloud Secret Manager;
  • Adding the ability to deactivate a user from the Admin panel;
  • Make the database accessible only via an internal VPN from the server.


For encryption, we selected PGCrypto as our most relevant encryption solution since it not only provides simple implementation but also ensures reliability in securing sensitive information. This strategic choice aligned with our commitment to safeguarding patient data and upholding the highest standards of compliance in healthcare.

Following weeks of dedicated effort, our team reached a pivotal moment as we geared up to execute a comprehensive migration encompassing dozens, if not hundreds, of modifications.

These modifications spanned crucial areas such as encryption enhancements, refining the user interface and experience (UI/UX), and the integration of cutting-edge features.

To properly prepare for this significant transition, we meticulously crafted a full copy of the production database. Subsequently, every modification was methodically applied to this duplicate dataset.

This process was executed with precision, ensuring that each nuanced enhancement and newly introduced feature seamlessly found its place. Our commitment to this meticulous approach aimed to guarantee a flawless migration, leaving no room for any unforeseen issues.


Technologies and Tools

The following tech stack was chosen to ensure fast delivery of new features, reduced amount of errors, and efficient deployment of critical hotfixes, fostering an agile and responsive development environment:



Once the HIPAA compliance and encryption were finalized, the Customer was able to successfully launch the product to the market.

Now our team continues working on:

  • Shopify integration to let patients buy STI Kit directly from the platform;
  • Developing internal messaging solution for patient-doctor communication;
  • Weekly updates for app’s maintenance.

People that trust us

Interexy LLC is a Miami-headquartered custom software development and IT consulting company with a deep expertise in over 15 industries offering innovative solutions for such market giants as SAP, Pampers & General Electric


"Their consistency and the care they put into clients’ relations are outstanding."

Executive, HAV WTR
Verified Review

"Interexy’s communication and flexibility are impressive."

CEO, Athletic All Fitness
Verified Review

"Any challenges are promptly communicated. Resolutions and workarounds are provided."

CEO, Print on Demand
Verified Review

"Their specialists provide us and our clients peace of mind."

CEO, Livepage
Verified Review

"I love their flexibility and their willingness to take my idea and develop it."

CEO, My CookBook
Verified Review

"They were flexible when it came to changes in the scope."

CEO, SpotLite Media LLC
Verified Review

"I was thoroughly impressed with the creativity of the developers."

CEO, Anderson Applications LLC
Verified Review

"Interexy LLC is in line with our expectations and they are always available."

Founder, Tinga Nutrition Inc
Verified Review

"The flexibility of the team and the ease of communication are impressive."

Business Operations Manager, ZiO Health
Verified Review
Powered by
Book A Call

Ready to discuss your project with us?

What is your budget?

    Fill the form / email us at or give us a call at +48571362271 +19312469959 (8:00 am to 5:00 pm pacific time)

    Attach file