Back to projects
Healthcare SAAS

MedDesk - HIPAA-Compliant Healthcare CRM

Live siteView on GitHub
MedDesk - HIPAA-Compliant Healthcare CRMClick to zoom

Overview

A HIPAA-compliant multi-tenant CRM built for independent medical practices. Covers patient management, real-time financials, KPI dashboards, task tracking, a form builder, AI practice insights, and a tamper-proof audit log -- all in one system.

Stack

Next.jsSupabaseTailwindOpenAIVercel
The Problem

What needed solving

Independent medical practices in the $300K to $700K revenue range run their operations on spreadsheets and disconnected tools. No real-time financial visibility, no staff accountability system, patient intake still on paper, and KPIs living in someone's personal Excel file. Practices lose money silently and compliance is an afterthought.

The Solution

How I approached it

A full HIPAA-compliant multi-tenant CRM that replaces all of that. One system, every practice, zero spreadsheets. Built on Next.js and Supabase with row-level security enforced at the database level.

How it works

Step by step

  1. 01

    Each practice is a separate organization in the database with its own org_id, zero data leakage between clients

  2. 02

    Row Level Security is enforced at the Postgres level via Supabase, unauthorized queries are rejected at the database itself

  3. 03

    A Postgres audit trigger fires on every INSERT, UPDATE, and DELETE on patient tables, recording who did what, when, and what the data looked like before and after

  4. 04

    JWT authentication with role-based access (admin, physician, staff) controls what each user can see and do

  5. 05

    The AI Insights module sends practice data to GPT-4o mini for one-click performance analysis and recommendations

  6. 06

    The Form Builder generates public intake links, submissions flow directly into the CRM replacing paper-based intake

Results

Outcomes

  • Full production CRM deployed and live

  • 8 database tables all HIPAA-compliant

  • Multi-tenant architecture supporting unlimited practices

  • AI insights generating real clinical and financial recommendations

  • Complete audit trail on all PHI access that cannot be bypassed

Highlights

Key features

Multi-tenancy built in from day one, retrofitting it later would mean rebuilding the entire schema

Audit logging at database level not application level, application code can be bypassed, database triggers cannot

Row Level Security as the last line of defence, even if every other layer fails, RLS never sleeps

HIPAA-eligible infrastructure built to the standard that actual healthcare compliance requires

Back to all projects