A bespoke HIPAA-compliant patient clearance platform on a hybrid cloud topology

Situation

The client required a bespoke patient clearance platform with HIPAA-compliant handling of patient data and a complex ten-state status lifecycle governing clearance progression. The architectural constraint that shaped everything: the client wanted to own the staging and production environments outright, with development running in the consultant’s environment. A standard SaaS hosting model could not meet the data-ownership and BAA requirements; a hybrid GCP topology was needed instead.

Intervention

Designed the hybrid GCP topology end-to-end: development environment in Biggin Insights infrastructure, staging and production deployed into client-owned GCP projects with clear separation of responsibilities. Implemented HIPAA technical safeguards throughout: encryption in transit and at rest, comprehensive audit logging, role-based access controls, and BAA-compliant infrastructure choices for every component touching patient data. Built the application from specification, including the documented 10-state patient clearance lifecycle with explicit state-transition rules and a complete audit trail of state changes. Configured Certificate Manager for managed TLS across both staging and production environments, designed the DNS topology and certificate issuance flow, and performed the deployment. Produced operational handover documentation and trained the client team on the topology and lifecycle model.

Result

A live HIPAA-compliant patient clearance platform in production, owned and operated by the client. Hybrid topology functioning across owned and consultant-hosted environments with well-defined boundaries. Documented ten-state lifecycle giving the client and their auditors full visibility into clearance state transitions. Delivered as a single fixed-scope, fixed-fee engagement covering architecture, development, deployment and handover.