Healthcare Outsourcing

HIPAA-Compliant Patient Portal & Data Platform for a Digital Health Provider

A growing telehealth provider needed two things at once: a modern patient portal its members would actually use, and a data platform its clinical operations team could actually trust — both built to HIPAA-aligned standards. Dillo delivered the portal in seven months and the analytics backbone alongside it.

7 mo

from kickoff to portal launch

40k+

monthly active patients supported

-70%

report-preparation time for clinical ops

100%

of PHI access covered by audit logging

The Client

A venture-backed digital health provider offering telehealth consultations and ongoing care programs for chronic conditions, operating in multiple US states. The company worked with a network of contracted clinicians and partner labs, with patient records spread across an EHR, a scheduling system and several point solutions.

The Challenge

Patients interacted with the service through a patchwork of emails, PDFs and a dated white-label portal. There was no single place to see upcoming visits, lab results, care-plan tasks or messages — and support tickets showed it. Meanwhile, clinical operations answered every leadership or payer question by manually stitching together CSV exports; a routine quality report took the better part of a week.

Any solution had to handle protected health information end to end: HIPAA-aligned controls, a signed BAA, auditable access to every record, and integrations with clinical systems speaking HL7 and FHIR. The client's small in-house team had deep domain knowledge but no bandwidth to build this while running the live service.

What We Did

Dillo took the program on as a managed outsourcing engagement — a delivery team of senior front-end, back-end and data engineers plus a QA engineer, working under a Dillo delivery lead with weekly demos to the client's product and compliance stakeholders. A BAA was in place before any environment touched PHI.

  • Built a patient portal on React/Next.js: appointments, secure messaging, lab results, care-plan tasks and billing in one responsive, accessibility-conscious experience.
  • Implemented HL7 and FHIR integrations with the client's EHR and lab partners, normalizing clinical data into a consistent internal model.
  • Delivered a data warehouse on Snowflake with dbt-managed transformations, feeding governed marts for clinical operations, quality reporting and payer analytics.
  • Engineered to HIPAA-aligned controls throughout: encryption in transit and at rest, role-based access with least privilege, session controls, environment segregation, and complete audit logging of every PHI access.
  • Set up de-identified datasets for analytics and development, so engineers and analysts rarely needed production PHI at all.
  • Ran structured security reviews and penetration-test remediation with the client's compliance advisors ahead of launch.

The Results

  • The portal launched seven months after kickoff — on the timeline committed at project start.
  • It now supports more than 40,000 monthly active patients, with portal adoption becoming the default way members interact with the service.
  • Clinical operations cut report-preparation time by roughly 70%; recurring quality and payer reports now come from governed dbt models instead of manual CSV work.
  • Support tickets about "where do I find…" questions dropped sharply after launch, easing pressure on the care coordination team.
  • The audit-logging and access-control work became reusable evidence for the client's subsequent compliance reviews.

Figures reflect outcomes reported for this engagement; they are project results, not audited benchmarks.

Tech Stack

React Next.js TypeScript Node.js HL7 / FHIR Snowflake dbt PostgreSQL AWS

Services Used

Software Outsourcing — a managed delivery team covering product engineering, HL7/FHIR integrations and the data platform.

Ready to build your team?

Tell us what you need and get your first highly relevant candidate CVs within 24–48 hours.