Everything a small specialty clinic needs to ship safely.
Each module is built from the ground up around the audit + encryption guarantees of the HIPAA Security Rule. No bolt-on consent box, no after-the-fact patches.
Clinical workflow
Patient registration & search
Encrypted demographics with blind-index search by MRN or last name + DOB.
SOAP-note encounters
Sign-and-lock workflow with SHA-256 integrity hash on signed notes.
Visual acuity, operative records, eye images
Ophthalmology specialty: OD/OS distance + near + pinhole, IOP, fundus/OCT/slit-lamp upload, full operative record with sign-and-lock.
Lab results
Reference-range tracking with automatic abnormal-flag computation (L, H, HH, LL).
Vitals capture
BP, HR, RR, temp, SpO2, weight, height — with range validation.
Medication safety
Drug-drug interaction checking
Curated interaction database screens new prescriptions against active Rx in real time.
Allergy cross-checks
Structured allergy mappings catch class-level conflicts (e.g., penicillin → amoxicillin).
Override capture
Contraindicated/major/allergy warnings require an override reason that's recorded in the audit log.
Surescripts e-prescribing stub
Pharmacy directory + per-patient preferred pharmacy + transmission record. Replace stub with real Surescripts integration.
Printable Rx
Branded Rx printout with prescriber NPI and signature line.
Security & audit
AES-256-GCM PHI encryption
Field-level encryption at rest. The DB never sees plaintext PHI.
Tamper-evident audit log
Append-only, hash-chained per clinic with end-to-end SHA-256 verification.
Tenant isolation
Every query filters by clinicId. Defense-in-depth refuses to decrypt rows from a foreign clinic.
TOTP 2FA + account lockout
Authenticator-app-based two-factor auth, 5-strikes account lockout for 15 minutes.
Session timeout
Default 15-minute idle timeout, configurable per deployment.
Operations
Appointments + reminders
Per-provider day view with auto-scheduled 24-hour-before reminders (email / SMS / console).
Billing — CPT + ICD-10
Charge tracking with ICD-10 validation. Doctor charges live alongside billing-only roles.
Patient portal
Separate cookie + Auth.js instance. Patients see their own appointments, prescriptions, and labs.
RBAC
Doctor / Nurse / Billing / Admin roles, RBAC-filtered nav and permission-denied audit events.
Multi-tenant SaaS
Per-clinic isolation, 14-day trial, subscription gating with /billing-issue redirect on cancel.
Specialty + country
Specialty manifest registry
Add a specialty by writing one manifest file: nav links, encounter tabs, ICD-10 favorites.
Country compliance modules
PhilHealth eClaims (member info, case rate, CF2/CF4 stub) for PH; FHIR + ONC scaffolding for US.
Specialty gating
requireSpecialty() / requireCountry() server-side gates redirect when a clinic isn't configured for a module.