Case Study

Scope

Create a simplified form builder app using a third-party authentication provider and deploy it to a HIPAA-compliant AWS backend.

Overview: A Healthcare app that helps fight cancer using unified data

Taproot Health, a startup company, had a vision to create a specialized tool to collect and share data with patients, clinics, researchers, and businesses to advance new oncology therapies. The current solutions did not offer a clear way to share data with patient consent, resulting in a lack of unified data. The app needed to provide an onboarding process for clients to opt into sharing their data, a secure platform to store that information, and a way for clinics and researchers to access data with records of patient consent.

Challenge: A switch in scope resulted in a new framework

The client originally approached Assemble to build a simple MVP (minimum viable product) solution; however soon after starting, it became clear that the demands of the backend would quickly outgrow our chosen MVP solution. Shifting from the original scope meant rethinking how we built this tool. We pivoted from our original serverless architecture (AWS Lambda and headless React) to a full stack Rails application.

"Our experience with the team at Assemble has been an absolute joy. Our projects have required expertise, ingenuity, and outside-the-box thinking, and Assemble has been willing to tackle any challenge and present cost-effect solutions that we would not have considered without their expertise and direction. Although we are a small start-up with a big vision, they have treated us like a partner as valuable as a corporation with the deepest of pockets."

-Dane Dickson, CEO

 

Approach: Creating a HIPPA-compliant app to collect and share Google data with patient consent

The original solution of a serverless architecture was too barebones for the additional backend architecture/requirements, so we made the decision to port the whole thing into a Ruby on Rails application. Knowing this was a possibility, the Lambda was initially implemented in Ruby, meaning we could more or less slot what we'd already written into Rails. With Rails, there is a lot of options to grow. While the client might not need all of those today, as they expand they will, so we chose a framework with growth in mind.

Trackable patient consent is one of the most important features of this app. It gives the data power because consent enables researchers to take action without fear of breaching patient confidentiality. Assemble chose to go with a purpose-built solution, the third-party platform Auth0 as our identity provider. The tool handles user authentication, identity resolution, tokens, photography, and all the user information.

During the project, we made the switch from serverless to a Rails app when it became clear that the complexity of the backend had outgrown our simple DynamoDB store and would require a more robust database. Switching to Rails also allowed us to integrate the frontend and backend into a single application, since prior to Rails we were doing two deployments: one for the backend portion and one for the frontend portion. This made development a lot easier for everybody involved.

From the beginning, we knew the content on the site would need to be editable. Knowing some form of CMS or self-serve content management was down the line, we defined the frontend form fields to be driven by a schema. The data structure modeled all the content and content could easily be added by staff. This solution created a frontend that is easily configurable and will allow an easy transition to self-service content management with no developer intervention required.

Taproot Health is a healthcare company that handles lots of patient data, so the app needed to be HIPPA compliant. Assemble partnered with Cloud303 to create a HIPPA-compliant app. Cloud303 created an AWS, HIPAA-compliant infrastructure into which we deploy our application, so that patient data could be stored and accessed securely.

Solution: A Healthcare app that helps fight cancer using unified data

Taproot Health, a startup company, had a vision to create a specialized tool to collect and share data with patients, clinics, researchers, and businesses to advance new oncology therapies. Working alongside the Taproot Health Team, Assemble was able to build a privacy-protected app that gathered and stored patient consent, gathered patient data and tracked patient consent, and stored all this information in a HIPAA-compliant AWS environment.