7 mo
from kickoff to portal launch
40k+
monthly active patients supported
-70%
report-preparation time for clinical ops
100%
of PHI access covered by audit logging
The Client
A venture-backed digital health provider offering telehealth consultations and ongoing care programs for chronic conditions, operating in multiple US states. The company worked with a network of contracted clinicians and partner labs, with patient records spread across an EHR, a scheduling system and several point solutions.
The Challenge
Patients interacted with the service through a patchwork of emails, PDFs and a dated white-label portal. There was no single place to see upcoming visits, lab results, care-plan tasks or messages — and support tickets showed it. Meanwhile, clinical operations answered every leadership or payer question by manually stitching together CSV exports; a routine quality report took the better part of a week.
Any solution had to handle protected health information end to end: HIPAA-aligned controls, a signed BAA, auditable access to every record, and integrations with clinical systems speaking HL7 and FHIR. The client's small in-house team had deep domain knowledge but no bandwidth to build this while running the live service.
What We Did
Dillo took the program on as a managed outsourcing engagement — a delivery team of senior front-end, back-end and data engineers plus a QA engineer, working under a Dillo delivery lead with weekly demos to the client's product and compliance stakeholders. A BAA was in place before any environment touched PHI.
- Built a patient portal on React/Next.js: appointments, secure messaging, lab results, care-plan tasks and billing in one responsive, accessibility-conscious experience.
- Implemented HL7 and FHIR integrations with the client's EHR and lab partners, normalizing clinical data into a consistent internal model.
- Delivered a data warehouse on Snowflake with dbt-managed transformations, feeding governed marts for clinical operations, quality reporting and payer analytics.
- Engineered to HIPAA-aligned controls throughout: encryption in transit and at rest, role-based access with least privilege, session controls, environment segregation, and complete audit logging of every PHI access.
- Set up de-identified datasets for analytics and development, so engineers and analysts rarely needed production PHI at all.
- Ran structured security reviews and penetration-test remediation with the client's compliance advisors ahead of launch.
The Results
- The portal launched seven months after kickoff — on the timeline committed at project start.
- It now supports more than 40,000 monthly active patients, with portal adoption becoming the default way members interact with the service.
- Clinical operations cut report-preparation time by roughly 70%; recurring quality and payer reports now come from governed dbt models instead of manual CSV work.
- Support tickets about "where do I find…" questions dropped sharply after launch, easing pressure on the care coordination team.
- The audit-logging and access-control work became reusable evidence for the client's subsequent compliance reviews.
Figures reflect outcomes reported for this engagement; they are project results, not audited benchmarks.
Tech Stack
Services Used
Software Outsourcing — a managed delivery team covering product engineering, HL7/FHIR integrations and the data platform.