HIPAA-compliant full stack healthcare platform with 4 distinct roles, infinitely nestable staff hierarchies, concurrent multi-role session management, and end-to-end prescription and refill workflows.
Healthcare platforms demand an unusually high bar for both security and flexibility — supporting deeply nested organizational hierarchies, strict role-based access control, HIPAA compliance for sensitive patient data, asynchronous event handling across services, and the rare requirement of allowing multiple roles to operate concurrently within a single authenticated browser session.
Built the full stack on Next.js and NestJS with PostgreSQL as the primary data store and Kafka handling asynchronous workflows between services. Implemented a recursive staff creation and permission delegation model that scales to N levels deep. Solved the concurrent multi-role session problem through a context-switching session layer maintaining isolated role contexts in parallel. Used pre-signed S3 URLs for secure document handling and enforced HIPAA compliance through encrypted PHI storage, access scoping, and audit logging.
Worked as Full Stack Developer to design and deliver a comprehensive healthcare management platform serving four distinct user roles — Admin, Supplier, Prescriber, and Patient — each operating within their own domain of responsibility while coexisting within a unified system. Built the entire stack from a Next.js frontend to a NestJS backend, with Kafka powering asynchronous event-driven communication between services.
One of the most architecturally significant features of the platform is its deeply recursive permission model. Every non-patient role — Admin, Supplier, and Prescriber — has the ability to create and manage their own staff members, and each of those staff members can further create their own sub-staff, with permissions cascading and being scoped at every level. This results in an N-level deep permission hierarchy that is both flexible and auditable, accommodating real-world organizational structures of any complexity.
A standout engineering challenge was enabling concurrent multi-role access within a single browser session — allowing different roles to operate simultaneously without requiring logout and re-authentication. This was implemented through a context-switching session architecture that maintains isolated role contexts in parallel, a non-trivial session management problem rarely encountered in standard web applications.
The platform covers the full healthcare operational workflow: patient management, prescription issuance by prescribers, refill request handling, supplier inventory coordination, and administrative oversight — all built with HIPAA-compliant data storage and access controls to meet healthcare regulatory requirements for protected health information (PHI). File and document uploads leverage pre-signed S3 URLs for secure, direct-to-cloud transfers without routing sensitive data through the application server.
Tangible Impact
Delivered a production-grade, HIPAA-compliant healthcare platform that accurately mirrors real-world organizational structures, eliminates friction for multi-role users through concurrent session support, and handles high-throughput healthcare workflows reliably through Kafka-driven event architecture.
© 2024 NIKHIL
BACK TO TOP ↑