MedFlow
HIPAA-ready telemedicine platform with encrypted records, video consultations, and digital prescriptions
Technologies
Overview
MedFlow is a production-grade telemedicine platform built around three roles: patients, doctors, and admins. Patients browse verified specialists, book 30-minute video slots, receive encrypted digital prescriptions, and communicate securely with their doctor via ECDH-encrypted messaging. Doctors manage weekly availability, conduct LiveKit-powered video consultations, write prescriptions, and access audited patient records. Admins verify doctor licenses, monitor platform health, and review immutable audit logs with 6-year retention. The stack runs in production: Fastify API on Fly.io, Next.js frontend on Vercel, Neon PostgreSQL for data, Cloudflare R2 for documents, and BullMQ workers for appointment reminders and async notifications.
Key Highlights
- ✓Full telemedicine platform live at medflow-five.vercel.app with patient, doctor, and admin portals
- ✓AES-256 encrypted health records and ECDH end-to-end encrypted doctor-patient messaging
- ✓LiveKit WebRTC video consultations with per-appointment signed access tokens
- ✓Database-backed sessions for immediate logout and complete audit trail with 6-year retention
- ✓BullMQ appointment reminders at 24h, 2h, and 15min intervals via dedicated Fly.io worker
- ✓Cloudflare R2 document storage with presigned URLs, keeping the API out of the file transfer path
- ✓Doctor availability engine with slot generation, time-off blocking, and booking conflict detection
- ✓Scrypt password hashing with 32-byte salt and timing-safe comparison
The Challenge
Problem Statement
Healthcare software carries obligations beyond a standard SaaS product. Health records must be encrypted at rest, messages need end-to-end protection, every record access needs an audit trail, and video sessions must be reliable across varied network conditions. At the same time, the booking flow has to feel as simple as scheduling a restaurant reservation.
This challenge required a solution that could scale to handle enterprise-level traffic while maintaining accuracy and providing a seamless user experience. The system needed to be production-ready from day one, with robust error handling and monitoring capabilities.
The Solution
Our Approach
Health record content is AES-256 encrypted before storage; messages use ECDH key exchange so the server never holds plaintext. Sessions are database-backed for immediate logout and audit trail integrity. LiveKit handles WebRTC video without the complexity of self-hosting a media server. BullMQ workers decouple reminder emails and notifications from the request cycle. All file uploads go directly to Cloudflare R2 via presigned URLs, keeping the API out of the data path.
Architecture Overview
Three user roles access the Next.js frontend on Vercel. Video consultations connect directly to LiveKit Cloud via WebRTC. All other requests go through the Fastify API on Fly.io, which handles session auth, writes to Neon PostgreSQL, and stores files on Cloudflare R2 via presigned URLs. A separate BullMQ worker on Fly.io manages appointment reminders, async emails via Resend, and Socket.io notification broadcasts.
Key Technical Decisions
Database-backed sessions instead of stateless JWT
Healthcare requires immediate logout capability and a complete audit trail. Stateless tokens cannot be invalidated. Every request does a session table lookup, which makes logout instant and gives admins full visibility.
Alternatives Considered:
- •Stateless JWT with short expiry
- •Redis session store only
AES-256 encryption for health records and ECDH for messages
Records store sensitive diagnoses and lab results that should be unreadable even if the database is compromised. Messages use ECDH so the server exchanges keys but never stores decryptable content.
Alternatives Considered:
- •Database-level encryption only
- •Application-layer hashing
LiveKit Cloud for video
WebRTC at the infrastructure layer is complex to operate reliably. LiveKit handles the SFU, TURN servers, and codec negotiation. The API only generates a signed access token per appointment.
Alternatives Considered:
- •Twilio Video
- •Self-hosted Janus gateway
BullMQ workers for reminders and notifications
Appointment reminders at 24h, 2h, and 15min intervals need precise scheduling without blocking API responses. A dedicated worker process on Fly.io handles the queue independently of the API lifecycle.
Alternatives Considered:
- •Serverless cron functions
- •In-process setTimeout
Technologies Used
Results & Achievements
DB Tables
Full healthcare schema: patients, doctors, appointments, prescriptions, records, messages, audit logs
User Roles
Patient, doctor, and admin with separate dashboards and access controls
API Routes
Auth, appointments, doctors, prescriptions, health records, messaging, notifications, admin
Reminder Layers
BullMQ-scheduled emails at 24h, 2h, and 15min before each appointment
Audit Retention
Immutable, non-PHI audit logs for every record access and clinical action
Key Achievements
- ✓
Full telemedicine platform live at medflow-five.vercel.app with patient, doctor, and admin portals
- ✓
AES-256 encrypted health records and ECDH end-to-end encrypted doctor-patient messaging
- ✓
LiveKit WebRTC video consultations with per-appointment signed access tokens
- ✓
Database-backed sessions for immediate logout and complete audit trail with 6-year retention
- ✓
BullMQ appointment reminders at 24h, 2h, and 15min intervals via dedicated Fly.io worker
- ✓
Cloudflare R2 document storage with presigned URLs, keeping the API out of the file transfer path
- ✓
Doctor availability engine with slot generation, time-off blocking, and booking conflict detection
- ✓
Scrypt password hashing with 32-byte salt and timing-safe comparison
Want to Build Something Similar?
I specialize in building production-ready AI systems that scale. Let's discuss your project.
Related Content
Related Projects
BridgeAI
AI Integration Copilot that automates workflows across your business tools