Tessera Health — HIPAA-ready patient portal
2019 archive — placeholder, refresh in Phase 5. Designed and built a HIPAA-compliant patient portal with secure messaging, appointment booking, and a React Native companion app for iOS and Android.
Built for Client 3
The challenge
Tessera Health was using a third-party EHR portal that patients found confusing and clinicians found slow. Appointment no-show rates were at 34%. The platform had no mobile app, and the web portal required Internet Explorer 11 — a browser that 40% of Tessera's patient base had already stopped using.
HIPAA compliance added complexity at every layer: data at rest and in transit, audit logging, Business Associate Agreements with every vendor, and a documented incident response plan. Previous vendors had underestimated this and delivered non-compliant systems.
How we solved it
We started with a compliance-first architecture review, documenting every data flow and identifying the minimal set of PHI we needed to handle. The web portal was built with Next.js and deployed on AWS (not Vercel) to enable VPC-isolated Postgres with encryption at rest. Audit logs were shipped to an immutable S3 bucket.
The React Native companion app used Expo's managed workflow with biometric authentication and an offline-first appointment cache. Push notifications for appointment reminders were the single biggest driver of no-show reduction.
The results
Tech stack
The team flagged edge cases we hadn't even considered. Our launch went live without a single post-deploy ticket.