Two EMR platforms, built to carry real clinical load.
As CTO and architect for a regional healthcare provider network, I designed and shipped two electronic medical records SaaS platforms, integrated care across providers, clinical data flowing cleanly between systems, and the security and audit posture that lets a healthcare buyer say yes. All of it delivered while live patient care kept running.
In healthcare, you can't stop the line.
Clinicians are seeing patients while you rebuild the system under them.
Data trapped in silos
Each provider held its own records in its own format. Care suffered because nobody saw the whole patient. The platforms had to make data move.
PHI is not normal data
Protected health information carries legal weight. Access control, encryption and a defensible audit trail aren't features, they're the price of being allowed to operate.
A legacy platform mid-flight
One system was already in clinical use. Modernizing it meant changing the engine while the plane was carrying passengers, no downtime patients or clinicians would feel.
Two compliance regimes at once
Provincial health-data rules and HIPAA-grade controls applied together. The architecture had to satisfy both without bolting on compliance after the fact.
Two platforms, one operating standard.
Clinical data that moves
An integration layer that let records flow between providers and external systems instead of dying in silos, so a clinician sees the whole patient.
- →HL7/FHIR-style integration between disparate provider systems
- →A normalized clinical data model under the messaging
- →Integrated care across providers, not isolated record-keeping
- →Built for HealthTech's interoperability and compliance reality
PHI handled the right way
Security and access control designed into the platform from the data model up, with an audit trail that survives scrutiny.
- →Role- and context-based access control over PHI
- →Encryption in transit and at rest
- →Immutable audit trails on every record touch
- →Least-privilege boundaries between services and roles
Legacy platform, rebuilt live
Modernized an existing integrated-care platform in place, re-architecting it without an outage clinicians or patients would notice.
- →Incremental migration off legacy components
- →No interruption to live clinical workflows
- →A maintainable architecture the team could keep extending
- →Capacity to grow with the provider network
Built to pass
Compliance treated as an architectural property, not paperwork, which is how the platforms cleared formal audit.
- →SOC 2 Type I & II delivered
- →HIPAA-grade compliance posture
- →Provincial health-data compliance
- →Controls evidenced, not asserted
What the platforms cleared.
In healthcare, the hard part isn't the feature list. It's earning the right to hold the data, and rebuilding the system without ever stopping care.
What buyers ask about this work.
What was your role on these platforms?
CTO and architect for a regional healthcare provider network. I owned the technical direction and the architecture for two EMR SaaS platforms, interoperability, PHI security and access control, audit, modernization of a legacy integrated-care platform, and the compliance posture behind them.
How did you modernize a legacy platform without downtime?
Incrementally. I migrated off legacy components piece by piece behind stable interfaces, so the platform kept serving live clinical workflows throughout. Clinicians and patients never experienced an outage from the rebuild.
What compliance did the platforms achieve?
SOC 2 Type I & II were delivered, with a HIPAA-grade compliance posture for protected health information and provincial health-data compliance. Compliance was designed into the architecture, access control, encryption and immutable audit trails, rather than added afterward, which is why the controls held up under audit.
Building or fixing
a clinical platform?
Bring me in to architect the data, the security and the compliance, without stopping care.