Free AI Readiness Assessment — we map your automation opportunities in 60 minutes, no obligation.
Case Study  ·  🏥 Healthcare

A HIPAA-Compliant Patient Portal Across 9 Clinics and 3 Legacy EHR Systems.

An outpatient physical therapy group had grown through acquisition to nine locations — and inherited three different EHR systems along the way, none of which talked to each other. Referrals moved by fax. Appointment reminders went out over personal staff phones. We built a HIPAA-compliant patient portal that unified all nine locations without a single write-back to any of the three legacy EHRs still running the clinics day to day.

9
Clinic locations unified into one portal
0
Write-backs to legacy EHRs
68%
Patient portal adoption in 4 months
Client
Multi-location outpatient physical therapy group (name withheld under NDA)
Industry
Healthcare
Service
Custom Web Application Development — HIPAA-Compliant Web Portal
Tools
.NET Core PostgreSQL (encrypted at rest) Azure (HIPAA-eligible services) Twilio (BAA-covered) OAuth2 / SSO
Complexity
★★★★★
Locations / Systems
9 clinics · 3 legacy EHR systems
PATHBREAKING APPROACH

Three legacy EHRs, still in active clinical use, none with a modern API. We built the compliance layer first — then the patient experience on top of it.

The Challenge

Nine clinics. Three EHRs. No compliant way to talk to patients.

The client operates nine outpatient physical therapy clinics, three of which joined the group through acquisitions in the past few years. Each acquired clinic came with its own electronic health record system already in place, and none of the three had a modern API or any straightforward way to integrate with the others. From a clinical standpoint, staff at each location could do their job. From an operational standpoint, a patient who had visited two different clinics — which happened often, since patients relocated or were referred between locations — had two separate, disconnected records that no one on staff could see side by side.

The bigger problem was patient-facing communication. Referral documents from outside physicians arrived by fax or unsecured email and were manually re-entered into whichever EHR the receiving clinic used. Appointment reminders were sent by front-desk staff texting patients from personal or shared clinic phones — a real and ongoing HIPAA exposure that leadership knew about but had no immediate alternative to. There was no patient-facing portal at all; every request, from rescheduling an appointment to asking a billing question, went through a phone call.

// The constraints

The natural temptation in a project like this is to treat compliance as a checklist applied at the end — build the portal, then have a security review bolt on encryption and access logs before launch. That approach tends to produce systems where compliance and functionality fight each other, because decisions made early — how patient records are keyed, how access is granted, how data moves between systems — are hard to unwind later without a rebuild. We took the opposite approach here: the audit logging, access control, and data-handling architecture were the first things we designed, before a single patient-facing screen was built.

The Solution

A compliance-first architecture. A read-only bridge to three legacy EHRs.

We split the build into two parallel workstreams — one that connected to the existing clinical systems without disturbing them, and one that gave patients and staff a new, secure way to interact with the practice.

Stream 1 — The Legacy EHR Bridge

01

Built a read-only integration layer against each of the three legacy EHRs, using each system's available export or reporting mechanism rather than attempting a direct database connection

02

Patient demographic and appointment data syncs from each EHR into a unified, canonical patient record on a defined schedule, with real-time sync for appointment changes

03

No data ever writes back into the legacy EHRs — clinical staff continue documenting care exactly where they always have, with zero disruption to systems still handling active patient treatment

04

A patient matching process reconciles records for anyone who has visited more than one of the nine locations, so staff at any clinic can see a full, unified visit history

05

Every sync event is logged with a timestamp and source system, satisfying the audit trail requirement without touching the source EHRs' own logs

Stream 2 — The Patient & Staff Portal

01

Secure patient login replaces phone-only access — patients can now view upcoming appointments, request reschedules, and message the clinic directly

02

Referral intake moved from fax and email to a secure document upload tied to the patient's unified record, cutting out manual re-entry at the receiving clinic

03

Secure, HIPAA-compliant messaging (via a Twilio integration covered under a signed BAA) replaced the practice of front-desk staff texting patients from personal phones

04

Role-based access control gives front-desk staff, clinicians, and billing staff each their own view of exactly the data they need — nothing more, satisfying HIPAA's minimum-necessary-access standard

05

Every single access to a patient's protected health information — who viewed it, when, and from which clinic — is written to an immutable audit log from day one

🏥 Unified, HIPAA-compliant patient record model — reads from all three legacy EHRs through the read-only bridge, layered with the new patient portal and secure messaging on top. All three legacy EHR systems: completely untouched, still running active clinical documentation.

We deployed the EHR bridge first and let it run silently for six weeks, validating that every patient record matched correctly across the three source systems before a single staff member touched the new portal. Only after that data was proven accurate did we open the portal to staff, clinic by clinic, starting with the location that had the simplest, single-EHR setup and finishing with the three most recently acquired clinics — the ones with the most fragmented historical data and the most to gain from the fix.

Why It Worked

The insight that made the difference

Most healthcare software projects start with the patient experience — the scheduling screen, the messaging inbox, the features leadership actually wants to show off — and treat HIPAA compliance as something a security consultant reviews before launch. When the compliance review happens at the end, it routinely forces late, expensive redesigns of decisions made months earlier, because how a patient record is structured determines what access control and audit logging are even possible to add later.

The decision that shaped this project was inverting that order. We designed the canonical patient record, the access control model, and the audit logging architecture first — before any screen existed for a patient or a front-desk staff member to look at. Every feature built afterward, from secure messaging to referral uploads, was built on top of a foundation that was already compliant, rather than retrofitted to become compliant. That is also what made the read-only EHR bridge possible without risk: because the data model was designed for compliance and auditability from day one, adding three more data sources to it was a matter of mapping fields, not redesigning the system.

✦ THE REPLICABLE LESSON

HIPAA architecture decisions made in week one determine what's possible in month twelve.
This applies to any healthcare organization building patient-facing software, particularly groups that have grown through acquisition and inherited multiple legacy clinical systems. A read-only integration bridge lets you unify patient data across incompatible EHRs without the risk of touching systems still handling active care — and building the compliance layer before the feature set means you're never retrofitting security onto a system that wasn't designed for it.

Results

What was delivered

9
Clinic locations unified into a single HIPAA-compliant patient record
0
Write-backs or disruptions to the 3 legacy EHR systems still in active use
68%
Of active patients enrolled in the new portal within 4 months of launch

Referral turnaround — from an outside physician's document arriving to a patient being scheduled — dropped from an average of three days under the fax-and-re-entry process to same-day scheduling at every clinic. Secure messaging fully replaced the practice of staff texting patients from personal phones, closing a compliance exposure leadership had flagged as a standing risk for over a year. In the months since launch, the practice has undergone one internal compliance audit covering the new portal, with zero findings related to access control, encryption, or audit logging.

🖥️

Front Desk View

Scheduling, referral intake, and patient messaging across all 9 clinics

🩺

Clinician View

Unified visit history for patients seen at more than one location

🔒

Compliance Dashboard

Full audit log of every access to protected health information

Managing patient data across multiple locations or legacy systems?

We build HIPAA-compliant portals designed around your existing clinical systems — not against them.

Back to top
📊 BI Practice
Free Assessment
We find out why your dashboards aren't being used — and fix it.

🔒 ISO 27001 · No spam · Honest assessment