- Platform
- Web App
- Duration
- 14 weeks
- Industry
- Healthcare
- Read time
- 6 min read
In short
RaftLabs built a HIPAA-compliant telehealth platform for a US healthcare client that goes beyond audio/video consultations by integrating FDA-approved diagnostic peripherals (stethoscopes, high-resolution cameras, and ECG monitors) so physicians can conduct full remote examinations. The platform was adopted by 150+ hospitals, reduced in-person visits by 60%, increased patient engagement by 30%, and onboarded 50+ clinics in the first 12 weeks. All sessions are recorded with full audit trails for reimbursement documentation and HIPAA compliance. Built in 14 weeks using React, HIPAA-eligible AWS services, Hasura, and PostgreSQL.
A team of healthcare professionals came to us with a specific problem: their patients needed more than a video call. Physicians needed to connect diagnostic hardware (stethoscopes, cameras, ECG monitors) and conduct real examinations remotely. Their existing system delivered audio and video, but no peripheral integration. Diagnoses depended on delayed reports. Patients in rural areas still had to travel for routine checkups. Care coordination broke when patients moved between providers.
We built them a HIPAA-compliant telehealth platform that integrates FDA-approved diagnostic peripherals so physicians can conduct full remote examinations, not just conversations. Every session is recorded with a complete audit trail for reimbursement documentation. 50+ clinics onboarded in the first 12 weeks. In-person visits dropped 60%. The platform now operates across 150+ hospitals.
before & after
What changed
- Remote consultations meant audio and video only: no way to connect diagnostic equipment, so physicians could not conduct real examinations without the patient physically present
- Diagnosis depended on delayed reports; physicians had no access to real-time patient data during a virtual session, which extended decision time and care gaps
- Patients in rural and underserved areas still had to travel for routine checkups because the existing platform could not support the diagnostic depth those visits required
- Sessions were not recorded; there were no audit trails for reimbursement documentation or protection against misdiagnosis claims, making insurance reimbursement for remote visits uncertain
- Care coordination broke when patients moved between providers: no shared session records, no continuity of clinical history across the platform
- Physicians connect FDA-approved diagnostic peripherals (stethoscopes, high-resolution cameras, ECG monitors) and conduct full remote examinations through the platform
- Real-time patient data surfaces during the consultation; physicians see diagnostic readings from connected hardware as they examine, not after the session ends
- The platform performs reliably on low-bandwidth connections for rural and remote settings: 50+ clinics onboarded in the first 12 weeks, including locations where connectivity is limited
- Every session is recorded with a complete HIPAA-compliant audit trail; reimbursement documentation is available for every remote visit, and session records protect against false claims
- In-person visits dropped 60% for conditions that do not require physical presence; patient engagement increased 30% as routine care moved to virtual sessions
What we had to solve
- 01
Integrating FDA-approved diagnostic peripherals without adding friction to the clinical workflow
A physician connecting a peripheral device during a live consultation cannot afford a setup process that interrupts the visit. The integration had to be plug-and-play: device recognized, data streamed into the consultation session, readings visible to both provider and patient in real time. Each FDA-approved device (stethoscopes, cameras, ECG monitors) had its own connection protocol. Building a unified peripheral layer that handled those differences without exposing the complexity to the physician was the core integration challenge.
- 02
Meeting HIPAA requirements across video, data storage, and peripheral device feeds without degrading performance
HIPAA compliance is not a checkbox added after the platform is built: it is a constraint on every architectural decision. Session video, diagnostic device feeds, patient records, and audit logs each touch protected health information and each required end-to-end encryption, access controls tied to user role, and a signed Business Associate Agreement with every infrastructure provider involved. Building that compliance posture across all data paths while keeping the consultation session performing in real time, including on rural low-bandwidth connections, was the architectural challenge the design had to solve from day one.
outcomes
What we achieved
Patients with chronic conditions had no way to access routine care remotely. Each checkup required travel, which reduced how often patients followed through on scheduled visits.
Clinics had no production-ready telehealth infrastructure for remote care with real diagnostic capability. Adoption required a platform that could operate reliably in low-bandwidth rural settings.
Without diagnostic peripheral integration, patients with conditions requiring examination had no option but to make in-person visits even for routine follow-ups.
What clients say
Trusted by teams like yours.
Three-year average engagement. Founders and operators describing the work in their own words. No marketing varnish.
The telehealth app is a lifesaver! Now I can have my doctor's checkups from home through virtual visits.
Your patients need remote care but your platform cannot support real examinations?
the build
What we built
The platform is built around one clinical commitment: a remote consultation should deliver the same diagnostic capability as an in-person visit for conditions where physical presence is not required.
Sessions are recorded automatically, audit trail ready for reimbursement
Physicians and patients connect for live consultations with low-latency audio and video. Sessions are recorded automatically with timestamps and stored in HIPAA-compliant infrastructure. The recording serves as the session audit trail: it documents what was discussed, what was observed, and what was prescribed, protecting both the physician and the patient.
Physicians see and hear diagnostic data in real time; patients describe symptoms less
Physicians connect FDA-approved stethoscopes, high-resolution cameras, and ECG monitors through the platform. Device feeds stream directly into the consultation session: the physician sees and hears diagnostic data in real time without the patient needing to describe symptoms. The peripheral integration layer handles the different connection protocols per device without exposing complexity to the provider.
Every session produces a complete compliance record, BAAs signed from day one
All PHI (session recordings, diagnostic readings, patient records, prescription logs) is encrypted at rest and in transit using HIPAA-eligible AWS infrastructure. Role-based access controls enforce what each user type can see and do. Every session produces a complete audit trail with timestamps for reimbursement documentation. The platform operated under signed BAAs with all infrastructure providers from day one.
Patients in rural areas stay connected: poor bandwidth doesn't break the session
The patients who most need remote care are often in areas with the worst connectivity. The platform's video and data layers are tuned for low-bandwidth connections: adaptive bitrate for video, compressed peripheral data streams, and graceful degradation that maintains session continuity when bandwidth drops. Fifty-plus clinics in rural and remote settings onboarded in the first 12 weeks without performance issues.
Engagement
How we worked together
- 01Weeks 1–2
Discovery and scoping
We map the problem before writing code. Two weeks of technical audit, stakeholder interviews, and prototype — so both teams align on scope and risk before sprint one.
- 02Ongoing
Two-week Agile sprints
Each sprint ends with working software, not a status update. You review a real build, request changes, and approve before we move forward. No surprises at handover.
- 03Ongoing
Daily async updates
Slack for daily progress, Asana for task visibility, weekly video calls for decisions. You have full visibility without needing to attend every meeting.
- 04Final
Handover and warranty
Full code handover with deployment runbooks and documentation. Thirty-day warranty period for production issues at no extra cost.
stack
Why we chose this stack
- 01A telehealth session runs multiple concurrent data streams: live video, peripheral device feeds, patient records, and real-time diagnostic readings. React's component model kept the patient, physician, and admin views isolated while sharing the same real-time data layer without state conflicts between streams.React
- 02HIPAA compliance requires end-to-end encryption, full audit logging, and signed Business Associate Agreements with every infrastructure provider handling PHI. AWS's HIPAA-eligible services (S3, Cognito, Lambda, CloudFront) provided compliant infrastructure for video, device data, and patient records without a separate compliance build.AWS
- 03Patient records, appointment status, and consultation history needed to update in real time across physician, patient, and admin views. Hasura's role-based GraphQL permissions enforced what each user type could read and write without custom authorization middleware, critical for a platform where a patient must never see another patient's data.Hasura
- 04Session recordings, diagnostic device readings, prescription records, and audit logs require ACID-compliant storage with guaranteed write integrity. No entry in a HIPAA audit trail can be lost or partially written. PostgreSQL's transactional guarantees made every session record complete and defensible for reimbursement documentation and clinical compliance.PostgreSQL
Common questions about this telehealth platform
HIPAA compliance is not a feature layer added after the platform is finished: it is a constraint on every architectural decision from day one. Every surface that touches protected health information (PHI) requires end-to-end encryption for data in transit and at rest, access controls tied to user role so patients cannot see other patients' records, full audit logging that records every read and write action with timestamps, and signed Business Associate Agreements with every infrastructure provider handling PHI. That means the cloud provider, the video infrastructure, the storage layer, and the email service all need HIPAA-eligible configurations and BAAs. Retrofitting this after the platform is built is significantly more expensive and disruptive than designing for it upfront.
The physician connects the FDA-approved peripheral device to their computer before the session, or at any point during it. The platform detects the device, establishes the data stream, and makes the diagnostic feed available within the consultation interface. No separate software, no manual configuration during the visit. For a stethoscope, the physician places it on the patient and hears the audio through their headset while the platform records the feed. For a high-resolution camera, the feed appears alongside the video consultation. The design goal was that a physician mid-visit should spend no time on device setup.
The onboarding flow was designed for clinical administrators, not technical staff. Clinic accounts are provisioned from the admin portal; the physician and patient interfaces require no installation: they run in the browser. Device integration uses standard USB and Bluetooth connections with the platform handling driver communication. Clinics in rural settings onboarded without IT involvement on their side. The 12-week figure reflects clinics that were fully operational (creating appointments, running sessions, and processing reimbursement documentation), not just accounts created.
Yes, and that was an explicit design requirement. The patient population this platform serves is concentrated in areas where connectivity is inconsistent. The video layer uses adaptive bitrate: it adjusts quality in real time based on available bandwidth rather than dropping the call. Peripheral data streams are compressed. The session state persists through brief connectivity drops so the consultation resumes without either party needing to reconnect. The platform was load-tested against rural bandwidth conditions before launch, not just urban broadband.
We delivered this platform (HIPAA-compliant infrastructure, FDA peripheral integration for three device types, real-time consultation with recording and audit trails, patient and physician portals, appointment scheduling, and low-bandwidth optimization) in 14 weeks. Timeline is driven by three factors: the number of peripheral device types requiring integration (each has its own connection protocol), the complexity of the role and permission model (patient, physician, admin, multi-clinic admin add scope), and the compliance audit work required before launch. Contact us to scope based on your device integration requirements, user role structure, and target markets.
Related work
More work like this
Bella Skin Institute runs a fully automated loyalty program with no vendor lock-in
We built a gamified mobile loyalty platform for a medical spa, enabling patients to earn points with built-in urgency mechanics and redeem rewards, supporting a business model where patient lifetime value depends on returning every 3-6 months for cosmetic treatments.
Read case study
Makeover generates photorealistic before-and-after previews that convert more consultations to bookings
Makeover lets service businesses show clients a photorealistic preview of their result on their own photo. Dental, aesthetics, hair, and 40+ other categories use it to convert more undecided consultations.
Read case study
AI remote patient monitoring for chronic care
AI integration in the remote patient monitoring app lifts efficiency by automating data analysis and providing personalised insights through wearable health monitoring devices such as CGM and BPM. This advancement has cut clinical decision-making time by 20%, enabling virtual care management, particularly in chronic care scenarios.
Read case study
