Project: Telemedicine Platform MVP with future mobile expansion
1. Overview and Goals
Build a HIPAA compliant telemedicine platform as a web based MVP that can later expand into native mobile apps.
The platform allows patients to book and pay for visits, providers to conduct consults with documentation and prescriptions, and admins to manage operations.
MVP Scope and Constraints
• Web only at launch using responsive templates
• Native iOS and Android planned for a later upgrade
• Lab and pharmacy flows handled manually using secure PDF uploads and downloads
• Use off the shelf components to keep cost and timeline efficient
• No insurance billing or EHR replacement features in MVP
2. Page Layouts
Public pages
Landing, FAQ, Pricing, Services Catalog, Login and Signup using Supabase Auth
Patient portal
Dashboard, Book Visit, Video Consult, Prescriptions and Notes, Billing and History
Provider portal
Dashboard, Schedule Management, Consult Page, Earnings Dashboard
Admin portal
Dashboard, Provider Management, User Management, Services CMS, Reporting
3. Key Flows
Patient booking
Patient authenticates, checks provider availability, pays through Stripe for either per visit or subscription, appointment is saved, confirmations sent through email and SMS, and a Doximity or in-app video link is generated.
Consult session
Appointment is verified, video session is launched either through Doximity or later Twilio, provider writes SOAP notes, uploads prescription PDF, and the patient receives a secure link to all documents.
Provider onboarding
Provider signs up and uploads credentials to secure storage, admin reviews and approves, and role based access is assigned.
Admin workflow
Admin edits services catalog, reviews and approves providers, monitors reports, manages payouts, and exports data.
4. Services and A La Carte Catalog
The system supports a configurable list of services such as TRT, HRT, weight loss, urgent care, dermatology, and women’s health.
Each service includes a title, description, disclaimers, eligibility rules, pricing model and optional pre consult intake forms.
Stripe product IDs connect to each service for billing.
Admins control these through the CMS.
5. Preferred Tech Stack and Integrations
Supabase
Auth with role-based access control and Row Level Security, Postgres database, secure storage, edge functions and realtime. Requires HIPAA plan with BAA.
Stripe
Used for per visit and subscription billing and provider payouts through Stripe Connect.
Video
Early phase uses Doximity to eliminate cost. Future uses Twilio or Vonage for fully embedded branded video.
Notifications
Email through SendGrid and optional SMS through Twilio.
Admin CMS
Refine.dev or equivalent.
6. Compliance and Security Requirements
• BAAs for all vendors handling PHI
• Encryption in transit and at rest
• No PHI stored in metadata or analytics
• Strict role based access control separating patients, providers, and admins
• Audit logging for PHI access, downloads, and admin actions with 6 year retention
• Backups and restore testing
• Incident response and breach notification workflow
• WCAG 2.1 AA accessibility compliance
• Fully responsive on mobile browsers
7. Non Functional Requirements
• Page loads under two seconds on 4G
• Support at least one hundred concurrent consults
• Availability target of 99.9 percent monthly
• Horizontal scaling for stateless services
• Accurate timezone handling
• Analytics for conversions and drop off
• Admin reporting dashboards
8. Data Model Overview
Entities include Users, Patients, Providers, Appointments, Services, Payments, Payouts, Notes, Files, Notifications, AuditLogs.
9. Deliverables and Milestones over eight weeks
Week 0 to 1
Discovery, architecture finalization, UX theme, compliance checklist and BAA initiation
Week 2 to 3
Auth, RBAC, services CMS, patient booking with availability search
Week 4 to 5
Stripe payments, Doximity video flow, notifications
Week 6
Provider onboarding, notes and prescription PDFs, basic reporting
Week 7
Admin dashboards, payouts, audit logging, security hardening
Week 8
QA, accessibility, UAT, launch preparation and runbook
10. Out of Scope for MVP
• Native mobile apps
• Automated eprescribing integrations
• Automated lab interfaces
• Insurance billing
• Controlled substances prescribing
11. Optional Future Add Ons
• Twilio or Vonage embedded video
• Native mobile apps
• ePrescribing with EPCS
• Lab ordering integrations
• Advanced analytics
• Coupons and referral tracking
12. Feature Matrix converted to readable text
Patient features
Signup and authentication
Scheduling and booking
Payments
Video consults
Prescriptions and notes
Notifications
Access to service catalog
Billing history
Provider features
Signup and authentication
Schedule management
Video consults
Notes and prescriptions
Earnings dashboard
Payouts
Onboarding workflow
Notifications
Admin features
Signup and authentication
Provider management
User management
Services CMS
Payments oversight
Payout management
Reporting dashboard
Audit logging
Mobile app support
Planned for all roles in the future
13. Acceptance Criteria and QA Requirements
• All user flows are tested in staging
• Role permissions enforced correctly
• Audit events captured and exportable
• Accessibility tests pass WCAG 2.1 AA
• Automated and manual QA completed
14. Bid Response Template for Vendors
Vendors must provide
Proposed architecture and tech stack with BAA compliance
Fixed price for MVP
Timeline and milestones
Monthly maintenance cost
Team composition and HIPAA experience
Security commitments
Video implementation plan
Assumptions and exclusions
Change order policy
15. Appendices
A. Policy documents including Privacy Policy, Terms of Service, Telehealth Consent, Notice of Privacy Practices
B. Runbook and deployment steps, rollback plan, environment variables, admin training
C. Third party fees including Supabase HIPAA plan, Stripe fees, SendGrid and Twilio SMS fees
If you want this turned into a nicely formatted markdown file for sharing on GitHub or Notion or if you want it refined into a polished vendor facing document I can convert it instantly.
... Show more