Healthcare Practice Management Platform

Development of an all-in-one clinical management solution for allied healthcare providers

ABOUT
the project

Client:

Practice management solution provider

Location:

Canada

Vancouver

Company Size:

20+ Employees

Industry:

Healthcare

Solution:

Web App

Services:

Custom software development

Legacy software modernization

Technologies:

Ruby

Ruby on Rails 6.1

RESTful API

Ember.js

AWS

CI/CD

JSON: API

OpenSearch/Kibana

Our client’s all-in-one practice management and virtual care platform is designed for mental healthcare practitioners, small clinics, and medium to large businesses. It helps streamline the management of practices, the onboarding process, and other operations. For patients, the solution provides an easy way to book appointments online, arrange telehealth calls and secure messaging sessions, and access high-quality video telemedicine services.

In 2023, the platform was acquired by Canada’s largest owner and operator of outpatient health clinics in Canada and The United States for $4.75 million.

We are happy to solve the issues our customer faced with slow deployment and regulatory compliance. The biggest challenge, however, was ensuring the system operated without disruption during the migration to the cloud. I’m pleased to share that our tech experts did this with flying colors, enhancing the customer platform to support automatic scaling, improving resource utilization, and ensuring a smooth and seamless user experience.

Andriana Shehlovych

Project Manager at Leobit

Customer

Our customer is a Canada-based clinic and practice management software provider dedicated to making quality online care accessible to everyone, everywhere. Their telehealth-enabled solution helps healthcare providers and outpatient clinics streamline operations by eliminating manual processes and reducing inefficiencies. They enhance patient engagement, optimize data access, and integrate with other essential healthcare platforms to deliver the best and most accessible virtual care.

Business Challenge

The customer sought technical assistance to enhance their legacy software without disrupting its operations. They needed to automate manual processes, implement better coding practices, migrate the software to the cloud, and ensure regulatory compliance in data handling.

Why Leobit

The key reasons for choosing Leobit were our technological expertise in the healthcare domain, speed, quality of development, and Ruby proficiency. Our experts worked as an extension of their existing team, helping to enhance both the back end and front end of their practice management system and providing the support the company required.

Project
in-detail

Our engineering team worked with the legacy software, carefully implementing changes. We focused on enhancing the cloud architecture through containerization, finalizing some features, and improving maintenance.

Ensuring a seamless user experience

We used the front-end framework EmberJS for the clinic portal and ReactJS for the patient portal, as these frameworks make the website highly dynamic and interactive. EmberJS and ReactJS allow for real-time updates and responsive interfaces, which are crucial for both healthcare providers and patients.

Payment gateway integration

The Leobit team integrated PayPal, Braintree, and Stripe to provide secure and seamless payment processing. PayPal and Braintree were used to handle subscriptions, allowing practitioners/clinics to pay according to their selected subscription plan and access a specific set of features. We also implemented Stripe to let patients pay for medical services that practitioners/clinics provide. We performed this integration as a white-label solution, meaning that clients could complete verification on Stripe through the branded healthcare practice management platform UI. Additionally, we made it possible to rebrand the UI for the payment page or modal on Stripe to match the specific practitioner/clinic design.

Implementing CI/CD practices

The customer’s engineering team initially deployed software updates manually and sought ways to automate this process. Leobit addressed this issue by implementing CI/CD practices using the GitHub Actions platform. This automation streamlined the deployment process, reducing errors and speeding up the release of new features and updates.

Results:

Migrated the architecture of the practice management platform to the cloud
Enhanced logging and automated app deployment to streamline future updates
Implemented telehealth functionality, offering high-quality, secure video conferencing for any device

Architecture migration

As the company grew, the old EC2 system architecture struggled to handle the increasing load. Additionally, the manual software deployment process made updating cumbersome and time-consuming, as updates had to be applied to each virtual server separately.

Leobit resolved this issue by transitioning the architecture to Amazon Elastic Container Service (Amazon ECS) and Docker. This shift enabled automatic scaling, improved resource usage, and simplified deployment processes. Software containerization made the platform more lightweight, portable, and suitable for automation. We then implemented automated app deployment and testing through GitHub Actions. Thanks to these technical updates, the platform now supports CI/CD, ensuring faster and more reliable software updates.

Secure PHI storage and regulatory compliance

Country-specific data privacy regulations require healthcare providers to store patient data locally. To meet this requirement, Leobit’s team configured the app logs to transfer technical data to a central server while storing patient information within the country. This solution made data management and search more convenient and, most importantly, compliant with regulations. These logging changes allowed the customer to obtain licensing from the Canadian government.

To ensure patient data and communications are secure and compliant with federal and provincial privacy regulations, Leobit implemented end-to-end AES 256-bit encryption and robust access controls. These measures protect sensitive information during transmission (encryption in transit) and storage (encryption at rest), ensuring that only authorized personnel can access it. Additionally, we used separate databases to further isolate sensitive data.

Leobit also addressed the most serious OWASP insecurities through a combination of Rails security features and manual efforts. We implemented Cross-Origin Resource Sharing (CORS), rate limiting, and Web API Protection (WAF) to enhance security. Furthermore, we required several approvals at different steps by patient users regarding the usage of their data, ensuring full transparency and consent.

All these actions helped us ensure compliance with PIPEDA, HIPAA, and GDPR. This comprehensive approach safeguarded patient data and built trust with clients and regulatory bodies, positioning the software as a reliable and secure solution for healthcare providers in Canada, the US, and Europe.

Appointment scheduling

Our client’s legacy practice management platform offered patients limited control over appointment scheduling. To improve this, our team developed more differentiated functionality for both administrators and patients. The customizable scheduler we developed allows patients to select the most convenient time based on practitioner availability.

Additionally, automated SMS, email, and telephone reminders keep patients updated on appointment details, reducing no-shows by up to 50%. This enhancement allows end users to manage their care more effectively, providing them with greater flexibility and convenience in booking, rescheduling, and canceling appointments.

Telehealth functionality improvements

We significantly enhanced the UI, data security, and call-related features of virtual appointments. The platform uses Twilio for multi-participant video calls, ensuring a reliable and robust telehealth experience. Access to video calls and patient data was restricted exclusively to authorized personnel ( the relevant healthcare providers). We managed it through user permissions, with patients providing consent via pop-up forms to ensure they were aware of and agreed to the data usage.

We also implemented encryption to guarantee secure data sharing during virtual appointments. The integrity of communications is verified by checking the checksum of responses, ensuring that webhooks are genuinely coming from Twilio. These measures ensure that telehealth video conferencing on the platform is both secure and user-friendly, providing a seamless experience for both patients and healthcare providers during their virtual appointments.

Technology Solutions

Architecture migration from EC2 to Amazon ECS improved resource usage and enabled automatic scaling
The transition from virtual servers to the cloud allowed for faster operation
Robust logic for in-browser PDF rendering to generate invoices and automate the patient intake
Diversified payment options thanks to Stripe, Braintree, and Paypal integrations
More secure personal health data processing thanks to implementing end-to-end AES 266-bit encryption and robust access controls
Diversified data logging for regulatory compliance

Value delivered

50% reduced revenue loss from missed appointments
Optimized infrastructure maintenance costs
7,500+ active healthcare providers and 150,000 patients using a renewed web-based solution
Thanks to our tech input, the solution was acquired by Canada’s largest owner and operator of outpatient health clinics for $4.75 million