Skip to content

Healthtech:
Clinical operations / telemedicine

A clinical network across multiple North American sites needed a patient portal, a clinical workflow tool, and a telemedicine surface, all engineered to the HIPAA + PIPEDA bar from day one, not retrofitted before the next inspection.

Clinical operations / telemedicine
Client
PLACEHOLDER: anonymized North American clinical network
Sector
Clinical operations / telemedicine
Duration
PLACEHOLDER: approximately nine months end-to-end

The premise

Healthtech projects fail in predictable ways. The patient portal turns out to leak metadata between tenants once usage scales. The clinical workflow that worked in the prototype becomes unusable for a clinician at 7 a.m. on minimal sleep. The telemedicine surface ships unencrypted recordings because the storage policy was never engineered. The audit trail that the regulator needs is reconstructible in theory but not in practice.

The engagement below is a composite of the kind of clinical-network engineering SDEN ships. Identifying details and quantified figures are PLACEHOLDER-marked until the client signs off on a published version.

How it ran

How this engagement ran

From the problem to a system the team now runs themselves.

frameddeliveredhandoverThe problemthe startScopeda clear planBuilt & shippedin productionNow theirsin-house
Challenge

A clinical network with three SaaS tools and a paper trail

The client operated multiple clinical sites with a different SaaS booking tool at each site, a separate practice-management system, paper consent forms scanned into a shared drive, and a teleconferencing tool used for consults that had no clinical-grade encryption guarantees. Patient data crossed five vendors by the time a single consult was complete. The privacy officer flagged this as a posture that would not survive the next inspection.

The clinical team also wanted the telemedicine workflow to be usable on a low-end phone from a waiting room, without training, with the same identity the patient used to book the appointment. Most off-the-shelf options either failed the privacy bar or failed the usability bar.

Approach

One product, HIPAA-engineered, mobile-first

SDEN's clinical engineering defaults applied: PHI minimized at the schema, audit logs on every clinical read, tenant isolation enforced at the type level and the row level, end-to-end-encrypted video for consults, and WCAG 2.2 AA accessibility tested against assistive technology before release.

  1. Phase 1: DPIA-grade scoping

    Three weeks. Data Protection Impact Assessment written alongside the architecture document, with the DPO in the room. Output: the structured data inventory, the retention schedule, the lawful basis per processing purpose, and the threat model the engineering would target.

  2. Phase 2: Patient portal and clinical workflow

    Twelve weeks. Next.js + TypeScript + React on the front, NestJS + PostgreSQL with row-level security on the back. Mobile-first, accessibility-tested, with audit logs on every clinical read streamed to an isolated destination.

  3. Phase 3: Telemedicine surface

    Eight weeks. End-to-end-encrypted video using a vetted WebRTC stack, with recording opt-in and consent-logged, and stored under the same encryption posture as the clinical record. Latency tuned against a low-end mobile baseline.

  4. Phase 4: Migration and joint operations

    Seven weeks. Per-site cutover with the clinical lead in the room each time. Joint on-call rotation with the client's team during the support window so operational knowledge transferred, not just the code.

Outcome

One product, posture signed by the DPO, no failed inspections

The patient portal, the clinical workflow, and the telemedicine surface ship from one codebase the client owns end-to-end. The DPO signed off on the architecture before the first patient onboarded. The first regulatory inspection after launch passed without findings. PLACEHOLDER: confirm the regulator and the exact inspection date before publishing externally.

Operationally, the clinical team replaced five vendors with one product. New clinicians are productive on the workflow in under a day rather than the week the previous setup required. PLACEHOLDER: confirm the onboarding-time figures with the clinical operations lead.

5 → 1 PLACEHOLDER

vendors in the consult-to-record flow

0 PLACEHOLDER

findings on first regulatory inspection

1 day PLACEHOLDER

clinician onboarding to the workflow

The outcome

Before and after

What changed.

we builtresultBeforemanual, slowWe built agentsAfterfaster, owned
From a manual process to an agentic system the team now owns.
Let's get to work

Want results like this?

Tell us your situation. We'll come back with a concrete first read within 24 working hours, no commitment.

Healthtech case study: Clinical operations / telemedicine · SDEN