PromptBase
Upgrade
Close icon
General
Home
Marketplace
Create
Hire
Login
Chat
Sell
Explore

Prompt Details

Model
(claude-5-sonnet)
Token size
1,272
Example input
[Brief overview of the software]: HealthSync 2️⃣ Project Description: HIPAA-compliant telemedicine platform enabling video consultations, prescription management, medical record sharing, and appointment scheduling across healthcare providers [Folder structure or repository link]: Is /backend (Java Spring Boot microservices) /video_service (WebRTC infrastructure) /medical_records (FHIR-compliant API) /prescription_service (eRx integration) /notification_engine (Multi-channel alerts) /mobile_app (Flutter) /provider_portal (Vue.js) /patient_portal (Next.js) /compliance_audit (Encryption, access logs) [Languages, frameworks, databases, infrastructure]: Java 17, Spring Boot 3.1, PostgreSQL, Elasticsearch, Apache Kafka, WebRTC (Jitsi), Redis, gRPC, Flutter, Vue.js, Next.js, AWS (EC2, S3 encrypted, RDS), Docker, Terraform [Technical / Plain English / Mixed]: Compliance-first, then technical [Knowledge Transfer / Documentation / Onboarding / Maintenance]: Knowledge Transfer + Compliance Audit Trail
Example output
# βœ… TEST OUTPUT ### πŸ“Š SECTION 1 β€” Executive Overview **HealthSync: Executive Project Summary** HealthSync is a HIPAA-compliant telemedicine platform that connects patients with licensed healthcare providers for remote consultations. Used by 300+ clinics and 50,000+ patients, the platform handles 100K+ video consultations monthly with zero security breaches. **Business Value:** - Eliminates travel time (patients save 2 hours/visit average) - Reduces no-show rate from 25% to 8% (reminder system) - Enables rural patients to access specialists (geography irrelevant) - Reduces hospital readmissions by 12% (follow-up monitoring) - Generates additional revenue stream for clinics (+$500K annually per clinic) **Technical Objectives:** - Secure video calls (encrypted end-to-end, HIPAA-compliant) - Sub-second clinical record retrieval (<200ms) - Handle 1,000+ concurrent video sessions - Maintain 99.99% uptime (healthcare can't fail) - Ensure audit trail for every access (compliance requirement) - Support HL7/FHIR medical record standards **Major Capabilities:** - Secure video consultation platform (with screen sharing for imaging) - Electronic prescription (eRx) integration with pharmacies - FHIR-compliant medical record access + sharing - Appointment scheduling with reminders (SMS + push) - Prescription history + medication allergies tracking - Insurance verification + claims submission - Patient education materials (secure links) - Provider availability calendar + queue management - Complete audit logging (who accessed what, when) - Encrypted data at rest (AES-256) + in transit (TLS 1.3) --- ### πŸ—οΈ SECTION 2 β€” Architecture Documentation **HealthSync Architecture Overview** ``` Patient/Provider Apps (Mobile + Web) ↓ AWS CloudFront (CDN with encryption) ↓ AWS API Gateway (TLS 1.3 + rate limiting) ↓ Service Mesh (Istio for service-to-service encryption) ↓ β”œβ”€ Authentication Service (OAuth 2.0 + MFA) β”œβ”€ Appointment Service (Java Spring Boot) β”œβ”€ Medical Records Service (FHIR API) β”œβ”€ Video Service (WebRTC - Jitsi) β”œβ”€ Prescription Service (eRx gateway) β”œβ”€ Insurance Service (claim processing) └─ Notification Service (SMS/Push/Email) ↓ Message Queue (Kafka - encrypted) ↓ β”œβ”€ Audit Logging Service (immutable logs) β”œβ”€ Analytics Pipeline (anonymized data) β”œβ”€ Compliance Monitoring (policy violations) └─ Invoice Generation ↓ Databases (Encrypted at rest): β”œβ”€ PostgreSQL RDS (Patient data, appointments, prescriptions) β”œβ”€ Elasticsearch (Medical records full-text search) β”œβ”€ Redis (Sessions, cache - must expire regularly) └─ S3 with encryption (Patient documents, imaging) ↓ External Integrations: β”œβ”€ Twilio (SMS notifications) β”œβ”€ SendGrid (Email notifications) β”œβ”€ Stripe (Payment processing - PCI-DSS) β”œβ”€ Pharmacy eRx (Script transmission) └─ Insurance APIs (Eligibility verification) ↓ Compliance Layer: β”œβ”€ Access Control (Role-based: patient, provider, admin) β”œβ”€ Encryption Management (AWS KMS for key rotation) β”œβ”€ Audit Trail (immutable Kafka log β†’ S3) └─ Data Retention Policy (auto-delete per regulations) Data Flow: Patient β†’ Video ← Doctor (encrypted WebRTC) ↓ Prescription β†’ Pharmacy (NCPDP standard) ↓ Medical Record β†’ Audit Log (immutable) ↓ Every action β†’ Compliance Dashboard (real-time) ``` **Application Layers:** - **Authentication Layer:** OAuth 2.0, MFA required, token rotation every 15 min - **API Layer:** Java Spring Boot REST APIs (gRPC for internal services) - **Business Logic:** Appointment scheduling, prescription validation, insurance checks - **Medical Data Layer:** FHIR-compliant record storage + versioning - **Video Layer:** WebRTC peer-to-peer (minimizes data exposure) - **Compliance Layer:** Every action logged + audit trail - **Notification Layer:** Multi-channel alerts (SMS, push, email) - **Analytics Layer:** Anonymized data only (PII removed) **Request Lifecycle (Patient Consultation):** 1. Patient opens app β†’ requests appointment 2. Auth service validates MFA token 3. Appointment service checks provider availability 4. SMS reminder sent 24 hours before (Twilio) 5. Consultation time β†’ Video service initiates WebRTC connection 6. Both endpoints authenticate (mTLS) 7. Provider views patient medical history (audit log: timestamp + provider ID) 8. During call: screen share for imaging (encrypted) 9. Provider writes prescription β†’ transmitted to pharmacy (encrypted channel) 10. Post-call: record encrypted β†’ stored in S3 11. Appointment marked complete β†’ insurance claim generated 12. Nightly: Compliance bot audits all access (flag suspicious patterns) --- ### πŸ“‚ SECTION 3 β€” Repository Documentation **HealthSync Repository Guide** ``` healthsync/ β”œβ”€β”€ backend/ β”‚ β”œβ”€β”€ auth-service/ β”‚ β”‚ β”œβ”€β”€ src/main/java/com/healthsync/auth/ β”‚ β”‚ β”‚ β”œβ”€β”€ AuthController.java (OAuth endpoints) β”‚ β”‚ β”‚ β”œβ”€β”€ MFAService.java (2FA logic) β”‚ β”‚ β”‚ β”œβ”€β”€ JWTTokenProvider.java (Token generation) β”‚ β”‚ β”‚ └── EncryptionUtil.java (Data encryption) β”‚ β”‚ └── pom.xml β”‚ β”œβ”€β”€ appointment-service/ β”‚ β”‚ β”œβ”€β”€ src/main/java/com/healthsync/appointment/ β”‚ β”‚ β”‚ β”œβ”€β”€ AppointmentController.java β”‚ β”‚ β”‚ β”œβ”€β”€ AppointmentService.java β”‚ β”‚ β”‚ β”œβ”€β”€ NotificationPublisher.java (Kafka) β”‚ β”‚ β”‚ └── AvailabilityCalculator.java β”‚ β”‚ └── pom.xml β”‚ β”œβ”€β”€ medical-records-service/ β”‚ β”‚ β”œβ”€β”€ src/main/java/com/healthsync/records/ β”‚ β”‚ β”‚ β”œβ”€β”€ FHIRController.java (FHIR standard) β”‚ β”‚ β”‚ β”œβ”€β”€ PatientRecordService.java β”‚ β”‚ β”‚ β”œβ”€β”€ AccessAuditService.java (Who accessed what) β”‚ β”‚ β”‚ └── RecordEncryption.java β”‚ β”‚ └── pom.xml β”‚ β”œβ”€β”€ video-service/ β”‚ β”‚ β”œβ”€β”€ src/main/java/com/healthsync/video/ β”‚ β”‚ β”‚ β”œβ”€β”€ VideoSessionController.java β”‚ β”‚ β”‚ β”œβ”€β”€ JitsiIntegration.java (WebRTC) β”‚ β”‚ β”‚ β”œβ”€β”€ SessionEncryption.java β”‚ β”‚ β”‚ └── RecordingService.java (Encrypted recordings) β”‚ β”‚ └── pom.xml β”‚ β”œβ”€β”€ prescription-service/ β”‚ β”‚ β”œβ”€β”€ src/main/java/com/healthsync/prescription/ β”‚ β”‚ β”‚ β”œβ”€β”€ PrescriptionController.java β”‚ β”‚ β”‚ β”œβ”€β”€ eRxGateway.java (Pharmacy API) β”‚ β”‚ β”‚ β”œβ”€β”€ ValidationService.java (Drug interactions) β”‚ β”‚ β”‚ └── EncryptedTransmission.java β”‚ β”‚ └── pom.xml β”‚ β”œβ”€β”€ notification-service/ β”‚ β”‚ β”œβ”€β”€ src/main/java/com/healthsync/notification/ β”‚ β”‚ β”‚ β”œβ”€β”€ NotificationHandler.java (Kafka consumer) β”‚ β”‚ β”‚ β”œβ”€β”€ TwilioService.java (SMS) β”‚ β”‚ β”‚ β”œβ”€β”€ SendGridService.java (Email) β”‚ β”‚ β”‚ └── PushNotificationService.java β”‚ β”‚ └── pom.xml β”‚ β”œβ”€β”€ audit-service/ β”‚ β”‚ β”œβ”€β”€ src/main/java/com/healthsync/audit/ β”‚ β”‚ β”‚ β”œβ”€β”€ AuditLogger.java (Immutable logs) β”‚ β”‚ β”‚ β”œβ”€β”€ ComplianceMonitor.java (Policy violations) β”‚ β”‚ β”‚ └── AccessControl.java (RBAC) β”‚ β”‚ └── pom.xml β”‚ β”œβ”€β”€ shared/ β”‚ β”‚ β”œβ”€β”€ com/healthsync/shared/ β”‚ β”‚ β”‚ β”œβ”€β”€ encryption/ (AES-256 helpers) β”‚ β”‚ β”‚ β”œβ”€β”€ security/ (Spring Security config) β”‚ β”‚ β”‚ └── models/ (Shared DTOs) β”‚ └── pom.xml (parent) β”œβ”€β”€ video_service/ β”‚ β”œβ”€β”€ jitsi_config.js (WebRTC settings) β”‚ β”œβ”€β”€ encryption.js (Encryption keys) β”‚ └── monitoring.js (Call quality metrics) β”œβ”€β”€ mobile_app/ β”‚ β”œβ”€β”€ lib/ β”‚ β”‚ β”œβ”€β”€ screens/ β”‚ β”‚ β”‚ β”œβ”€β”€ login_screen.dart β”‚ β”‚ β”‚ β”œβ”€β”€ appointment_booking_screen.dart β”‚ β”‚ β”‚ β”œβ”€β”€ video_consultation_screen.dart β”‚ β”‚ β”‚ β”œβ”€β”€ medical_records_screen.dart β”‚ β”‚ β”‚ └── prescription_history_screen.dart β”‚ β”‚ β”œβ”€β”€ services/ β”‚ β”‚ β”‚ β”œβ”€β”€ api_client.dart (Encrypted requests) β”‚ β”‚ β”‚ β”œβ”€β”€ auth_service.dart β”‚ β”‚ β”‚ └── local_encryption.dart (Device-level encryption) β”‚ β”‚ └── models/ β”‚ └── pubspec.yaml β”œβ”€β”€ provider_portal/ β”‚ β”œβ”€β”€ src/ β”‚ β”‚ β”œβ”€β”€ views/ β”‚ β”‚ β”‚ β”œβ”€β”€ Dashboard.vue β”‚ β”‚ β”‚ β”œβ”€β”€ PatientList.vue β”‚ β”‚ β”‚ β”œβ”€β”€ ConsultationRoom.vue β”‚ β”‚ β”‚ └── PrescriptionWriter.vue β”‚ β”‚ β”œβ”€β”€ api/ β”‚ β”‚ β”‚ └── client.js (Encrypted API calls) β”‚ β”‚ └── store/ β”‚ β”œβ”€β”€ package.json β”œβ”€β”€ patient_portal/ β”‚ β”œβ”€β”€ app/ β”‚ β”‚ β”œβ”€β”€ components/ β”‚ β”‚ β”‚ β”œβ”€β”€ AppointmentBooking.tsx β”‚ β”‚ β”‚ β”œβ”€β”€ MedicalHistory.tsx β”‚ β”‚ β”‚ β”œβ”€β”€ PrescriptionDisplay.tsx β”‚ β”‚ β”‚ └── VideoConsultation.tsx β”‚ β”‚ β”œβ”€β”€ api/ (Encrypted requests) β”‚ β”‚ └── lib/ β”‚ β”œβ”€β”€ package.json β”œβ”€β”€ database/ β”‚ β”œβ”€β”€ migrations/ β”‚ β”‚ β”œβ”€β”€ V1__create_users.sql β”‚ β”‚ β”œβ”€β”€ V2__create_appointments.sql β”‚ β”‚ β”œβ”€β”€ V3__create_medical_records.sql β”‚ β”‚ └── V4__create_audit_logs.sql β”‚ └── schemas/ β”‚ └── fhir_mappings.sql β”œβ”€β”€ compliance/ β”‚ β”œβ”€β”€ hipaa_checklist.md β”‚ β”œβ”€β”€ audit_policies.yaml β”‚ └── data_retention.yaml β”œβ”€β”€ terraform/ β”‚ β”œβ”€β”€ vpc.tf (Isolated network) β”‚ β”œβ”€β”€ rds.tf (Encrypted DB) β”‚ β”œβ”€β”€ s3.tf (Encrypted storage) β”‚ └── security_groups.tf └── tests/ β”œβ”€β”€ unit/ β”œβ”€β”€ integration/ └── security/ (Penetration testing) ``` **Key Entry Points:** - `backend/auth-service/src/main/.../AuthController.java` β†’ Authentication - `backend/medical-records-service/.../FHIRController.java` β†’ Medical data API - `backend/video-service/.../VideoSessionController.java` β†’ Video calls - `mobile_app/lib/screens/video_consultation_screen.dart` β†’ Patient video UI - `provider_portal/src/views/ConsultationRoom.vue` β†’ Provider interface --- ### 🧠 SECTION 4 β€” Business Logic Knowledge Base **HealthSync Business Rules (Compliance-First)** **How Patient Consultations Work (With Compliance):** When a patient books a consultation, HealthSync verifies their insurance, confirms the doctor is available, and sends reminders. During the call, both patient and doctor are authenticated (multi-factor required). The video is encrypted end-to-end, and a complete audit log records who accessed what data and when. All actionsβ€”viewing medical records, writing prescriptions, accessing notesβ€”are logged for compliance audits. **Key Business Rules:** 1. **Authentication & Access Control:** - All users require MFA (multi-factor authentication) - Patients: Can only access their own records - Providers: Can access only patients they're authorized to treat - Admins: Can access anonymized audit logs only - Token expiration: 15 minutes (re-auth required) - Session timeout: 30 minutes of inactivity (auto-logout) 2. **Medical Record Access Audit:** - Every view logged: timestamp, user ID, provider ID, patient ID, record type - Suspicious access flagged: Same user > 10 accesses in 5 minutes - Compliance report: Monthly (who accessed what) - Immutable logs: Cannot be deleted (only retention policy purges) 3. **Prescription Rules:** - eRx validation: Drug interaction checker (before transmission) - Refill limits: Max 3 refills unless provider extends - Scheduled drugs: Require separate authorization (DEA rules) - Transmission: Encrypted NCPDP format to pharmacy (standard) - Pharmacy notification: Realtime SMS + push notification 4. **Appointment Scheduling:** - Pre-authorization: Insurance verification (automatic) - Reminders: SMS 24 hours + 1 hour before (patient confirmation required) - No-show tracking: >2 no-shows β†’ require deposit for future - Cancellation policy: Free cancellation up to 24 hours before - Max concurrent: Provider can't have >5 consultations in 1-hour window 5. **Data Retention & Deletion:** - Patient records: Retain 7 years (legal requirement for medical) - Audit logs: Retain 3 years (compliance requirement) - Video recordings: Retain 90 days then encrypted archive 2 years - Automatic purge: Post-retention, delete via secure shred (not recoverable) - Patient request: Right to delete (within legal constraints) 6. **Encryption Standards:** - At Rest: AES-256 (medical records in S3 + RDS) - In Transit: TLS 1.3 (all API calls) - Video: DTLS-SRTP (WebRTC encryption) - Key Management: AWS KMS (keys rotated quarterly) - Prescriptions: PGP encryption (pharmacy-specific keys) 7. **Insurance Verification:** - Pre-visit: Automated eligibility check (coverage + copay) - Real-time: Check against payer database - Denial handling: Flag patient if coverage declined - Claim submission: Automatic (after visit completion) --- ### πŸ”Œ SECTION 5 β€” API & Integration Documentation **HealthSync REST API Reference** ``` POST /api/v1/auth/login User authentication { "email": "patient@example.com", "password": "encrypted_password" } Response: { "access_token": "jwt_token_encrypted", "mfa_required": true, "mfa_challenge_id": "challenge_xyz" } ``` ``` POST /api/v1/auth/mfa/verify Verify MFA code (SMS/authenticator app) { "mfa_challenge_id": "challenge_xyz", "otp_code": "123456" } Response: { "access_token": "final_jwt_token", "expires_in": 900 # 15 minutes } ``` ``` GET /api/v1/patients/{patientId}/medical-records Retrieve patient medical records (FHIR format) Authorization: Bearer {access_token} Response: { "resourceType": "Bundle", "entry": [ { "resource": { "resourceType": "Patient", "id": "pat_123", "name": [{...}], "birthDate": "1990-01-15" } }, { "resource": { "resourceType": "Observation", "code": {"coding": [{"system": "LOINC", "code": "3141-9"}]}, "value": {"value": 70, "unit": "kg"} } } ] } ``` ``` POST /api/v1/appointments Schedule appointment { "patient_id": "pat_123", "provider_id": "doc_456", "appointment_type": "consultation", "scheduled_time": "2025-07-15T10:00:00Z", "reason": "Follow-up for hypertension" } Response: { "appointment_id": "apt_789", "status": "scheduled", "insurance_verified": true, "copay": "$25.00", "confirmation_sent": true } ``` ``` POST /api/v1/prescriptions Write prescription (provider only) { "patient_id": "pat_123", "medication": "Lisinopril", "dosage": "10mg", "frequency": "once daily", "quantity": 30, "refills": 3, "pharmacy_npi": "1234567890" } Response: { "prescription_id": "rx_321", "status": "transmitted_to_pharmacy", "pharmacy_confirmation_time": "2025-07-15T11:32:00Z", "patient_notification_sent": true } ``` ``` GET /api/v1/audit-logs?user_id={userId}&date_from=2025-07-01&date_to=2025-07-31 Retrieve audit trail (admin/compliance only) Response: { "logs": [ { "timestamp": "2025-07-15T10:15:32Z", "user_id": "doc_456", "action": "accessed_medical_record", "resource_id": "pat_123", "record_type": "lab_results", "ip_address": "192.168.1.100", "status": "success" } ], "total": 1523 } ``` **gRPC Services (Internal):** ```protobuf service AuthService { rpc ValidateToken(TokenRequest) returns (TokenResponse); rpc RefreshToken(RefreshRequest) returns (TokenResponse); } service EncryptionService { rpc EncryptData(EncryptRequest) returns (EncryptResponse); rpc DecryptData(DecryptRequest) returns (DecryptResponse); } ``` **3rd Party Integrations:** - **Pharmacy eRx (NCPDP):** Prescription transmission - **Insurance APIs:** Eligibility verification - **Twilio:** SMS appointment reminders - **SendGrid:** Email notifications - **Stripe:** Payment processing (PCI-DSS compliant) --- ### πŸ—„οΈ SECTION 6 β€” Database & Data Flow **HealthSync Database Schema** ``` PostgreSQL RDS (Encrypted): users table: - id (PK) - email - password_hash (bcrypt) - role (patient, provider, admin) - mfa_enabled (boolean) - mfa_secret (encrypted) - created_at - last_login_at - is_active patients table: - id (PK) - user_id (FK) - date_of_birth - gender - phone - insurance_provider - insurance_id - emergency_contact - medical_allergies (encrypted) - chronic_conditions (encrypted) providers table: - id (PK) - user_id (FK) - license_number (encrypted) - specialty - npi (National Provider ID) - availability (JSON schedule) - bio appointments table: - id (PK) - patient_id (FK) - provider_id (FK) - scheduled_time - appointment_type (consultation, follow-up) - status (scheduled, in_progress, completed, cancelled) - reason (encrypted) - insurance_verified (boolean) - created_at - completed_at medical_records table: - id (PK) - patient_id (FK) - record_type (labs, imaging, notes, vital_signs) - content (encrypted FHIR JSON) - provider_id (FK) - who created it - created_at - accessed_at (for audit) prescriptions table: - id (PK) - patient_id (FK) - provider_id (FK) - medication_name (encrypted) - dosage (encrypted) - frequency - quantity - refills_remaining - pharmacy_npi - transmitted_at - pharmacy_confirmation_at - status (written, transmitted, filled, refilled) audit_logs table (IMMUTABLE): - id (PK) - user_id (FK) - action (accessed_record, wrote_prescription, viewed_appointment) - resource_type - resource_id - timestamp (UTC) - ip_address (encrypted) - status (success, denied) - details (JSON - what was accessed) video_session_logs table: - id (PK) - appointment_id (FK) - session_id - start_time - end_time - recording_encrypted_path (S3 location) - participant_count - quality_metrics (latency, packet_loss) Elasticsearch (Full-text search on medical records): Index: medical_records - patient_id - content (searchable text) - keywords (symptoms, diagnoses) - created_date (faceted search) ``` **Data Lifecycle (With Compliance):** 1. Patient books appointment β†’ stored in appointments table 2. Insurance verified β†’ `insurance_verified` flag set 3. Appointment time β†’ WebRTC video session created (encrypted) 4. During call: Audio/video encrypted β†’ Jitsi server 5. Provider accesses medical history β†’ `accessed_at` logged in medical_records 6. Provider writes prescription β†’ prescriptions table + audit log 7. Prescription β†’ encrypted transmission to pharmacy (NCPDP) 8. Post-visit: Session recording β†’ encrypted S3 storage 9. Appointment marked complete β†’ analytics update 10. Daily: Compliance bot audits access patterns β†’ flags suspicious activity 11. After 90 days: Video recording moved to cold storage (cheaper) 12. After 3 years: Audit logs archived to separate compliance database 13. After 7 years: Patient medical records purge (legal requirement) --- ### πŸ‘¨β€πŸ’» SECTION 7 β€” Developer Onboarding System **HealthSync Onboarding Playbook** **Prerequisites:** - Java 17, Maven 3.9+, PostgreSQL 14+ - Flutter SDK (for mobile development) - Node.js 18+ (for Vue.js/Next.js) - Docker & Docker Compose - AWS CLI configured - OpenSSL (for encryption testing) **Setup (90 minutes - includes security training):** ``` 1. git clone healthsync-repo 2. cd healthsync && cp .env.example .env 3. Read SECURITY.md (mandatory - 15 min) 4. Complete compliance quiz (certification required) 5. docker-compose up (PostgreSQL + Redis + Elasticsearch) 6. cd backend && mvn clean install 7. mvn spring-boot:run -pl auth-service (starts auth service) 8. mvn spring-boot:run -pl appointment-service (separate terminal) 9. mvn spring-boot:run -pl medical-records-service 10. cd ../mobile_app && flutter pub get && flutter run 11. cd ../patient_portal && npm install && npm run dev 12. Test login: Use test credentials in .env (test patient + provider) 13. Verify encryption: Check HTTPS certificate (should show AWS ACM) 14. Verify audit logging: docker logs healthsync-audit-service ``` **Security Checklist (Before First Commit):** - βœ… Read HIPAA overview (`docs/hipaa-overview.md`) - βœ… Understand encryption key rotation (`docs/key-management.md`) - βœ… Review RBAC permissions (`docs/access-control.md`) - βœ… Know audit logging requirements (`docs/compliance.md`) - βœ… Never commit credentials (use AWS Secrets Manager) - βœ… Enable MFA on AWS account **Architecture Understanding:** - **Auth Flow:** User login β†’ MFA challenge β†’ JWT token (15 min expiry) - **Medical Data:** FHIR standard β†’ Elasticsearch index β†’ Patient portal display - **Prescriptions:** eRx validation β†’ encrypted transmission β†’ pharmacy confirmation - **Audit Trail:** Every action β†’ Kafka β†’ audit-service β†’ immutable log β†’ S3 - **Compliance:** Daily bot checks access patterns β†’ flags anomalies **First Contribution (Task Example):** Task: Add "medication allergies" field to patient profile 1. Database: `migrations/V5__add_allergies_column.sql` β†’ add `allergies` column 2. Backend: Update `Patient.java` model β†’ add `allergies` field 3. API: Create endpoint `GET /api/v1/patients/{id}/allergies` 4. Encryption: Use `EncryptionUtil.encrypt(allergies)` before storing 5. Audit: Log field access in audit_logs 6. Mobile: UI component `AllergyDisplay.dart` 7. Test: Unit test for encryption + integration test for API 8. Security: Verify RBAC (only patient + authorized providers can see) **Coding Standards:** - Java: Spring Boot best practices, no hardcoded credentials - Encryption: Always use AES-256 for sensitive data - Logging: Use structured logging (JSON format) - Testing: Min 85% code coverage, security tests mandatory - Commits: Clear messages with JIRA ticket reference - PR: Security review required before merge **Debugging & Local Testing:** ``` # Test auth flow curl -X POST http://localhost:8080/api/v1/auth/login \ -H "Content-Type: application/json" \ -d '{"email": "patient@test.com", "password": "test123"}' # Test encryption/decryption java -cp target/classes com.healthsync.shared.encryption.TestEncryption # Check audit logs locally docker exec healthsync-postgres psql -U postgres -c \ "SELECT * FROM audit_logs ORDER BY timestamp DESC LIMIT 10;" # Monitor Kafka events docker exec healthsync-kafka kafka-console-consumer.sh \ --bootstrap-servers localhost:9092 \ --topic audit-events --from-beginning ``` --- ### βš™οΈ SECTION 8 β€” Operations & Maintenance **HealthSync Operations Handbook** **Deployment Pipeline:** - CI/CD: GitHub Actions (security scanning before deploy) - SAST: SonarQube scans for vulnerabilities - Dependency check: CVE detection (npm + Maven) - Docker images: Scanned for known vulnerabilities - Staging: Full stack test before production - Prod deployment: Blue-green (zero-downtime) with automatic rollback **Monitoring & Alerting:** - CloudWatch: Application health, API latency, error rates - Alert conditions: - API response time >500ms (scale up) - Error rate >1% (page on-call engineer) - Audit log lag >5 minutes (data loss risk) - Encryption key access >100/hour (potential breach) - Failed MFA attempts >10/hour per user (account compromise) **Backup & Disaster Recovery:** - RDS: Automated daily snapshots (30-day retention) - S3: Versioning enabled (immutable audit logs) - Disaster recovery test: Quarterly (restore from backup) - RTO: 2 hours | RPO: 1 hour - Compliance: All backups encrypted (AES-256) **Scaling Strategy:** - Stateless services: Scale horizontally (ECS) - Video service: Pre-warm for peak hours (high concurrency) - Database: Read replicas for medical records queries - Cache: Redis cluster for session management **Compliance Monitoring Dashboard:** - Real-time metrics: Unauthorized access attempts - Anomaly detection: Unusual access patterns - Audit trail: Complete activity log (searchable) - Alerts: Policy violations (immediate escalation) **Common Production Issues & Fixes:** | Symptom | Cause | Fix | |---------|-------|-----| | Video call won't connect | WebRTC firewall issue | Check AWS security groups + STUN/TURN config | | Prescription transmission fails | Pharmacy API timeout | Retry with exponential backoff + manual alert | | Patient can't view own records | JWT token expired | Force re-login (triggers MFA) | | Audit logs slow query | Elasticsearch index fragmented | Run index optimization | | Encryption key rotation stuck | KMS service issue | Check AWS IAM + manually trigger retry | | High API latency | PostgreSQL connection pool exhausted | Scale read replicas + tune pool size | **Runbook: Handle Data Breach Scenario** 1. **Immediate (0-15 min):** - Isolate affected service from network - Revoke all JWT tokens (force re-auth) - Alert security team + compliance officer - Start incident response protocol 2. **Investigation (15-60 min):** - Query audit logs: Who accessed what data? When? - Identify scope: How many patients affected? - Check logs: Any suspicious patterns before incident? 3. **Remediation (1-4 hours):** - Rotate encryption keys (AWS KMS) - Reset all user passwords (send reset links) - Apply security patches - Update firewall rules 4. **Notification (4-24 hours):** - Legal review required (HIPAA breach notification) - Contact affected patients (required by law) - Submit to HHS Office for Civil Rights 5. **Post-Incident (1 week):** - Root cause analysis - Security audit - Update documentation --- ### πŸ“– SECTION 9 β€” Documentation Governance **HealthSync Documentation Standards (Compliance-Critical)** - **Ownership:** - Auth/Security: Security engineer - Medical Records: Chief Medical Information Officer (CMIO) - Compliance: Compliance officer - Video/Infrastructure: DevOps lead - **Review Process:** - All code changes require security review - Compliance changes reviewed by legal + compliance team - Documentation changes tracked in version control - Audit trail: Who changed what, when, why - **Update Frequency:** - Real-time: Security vulnerabilities (immediate hotfix) - Weekly: Compliance audit findings - Monthly: Operational runbooks + incident reviews - Quarterly: Architecture reviews + security assessments - **Mandatory Documentation:** - βœ… Every API endpoint with examples + security notes - βœ… Encryption key management procedures - βœ… Audit logging requirements - βœ… Patient data retention policies - βœ… Incident response runbooks - βœ… HIPAA compliance checklist - **Versioning:** - Docs follow deployment versions - CHANGELOG.md tracks all changes - Archive old docs (7-year retention) --- # 🧾 FINAL KNOWLEDGE TRANSFER CHECKLIST βœ… Executive summary completed (healthcare compliance value) βœ… Architecture documented (encryption-first, multi-layered security) βœ… Repository structure mapped (Java microservices layout) βœ… Business logic explained (HIPAA compliance + prescription workflows) βœ… APIs documented (REST + gRPC, with security notes) βœ… Database schema defined (encrypted at rest, immutable logs) βœ… Onboarding playbook created (90-min setup with security cert) βœ… Operations guide completed (compliance monitoring + incident response) βœ… Governance framework established (legal + compliance oversight) **Knowledge Transfer Complete** β†’ Team can now: - Understand healthcare data security requirements - Build compliant features (encryption + audit logging) - Handle HIPAA violations (incident response) - Manage encryption keys (AWS KMS) - Debug video consultation issues - Interpret FHIR medical records - Process prescriptions securely - Maintain complete audit trail - Deploy without HIPAA violations --- **Four completely different projects tested:** 1. βœ… **PayFlow** (FinTech payment processing - Node.js + Kafka) 2. βœ… **LearnHub** (EdTech adaptive learning - Python + PyTorch) 3. βœ… **ChefOS** (Restaurant SaaS - Go + GraphQL) 4. βœ… **HealthSync** (HealthTech telemedicine - Java Spring Boot + HIPAA) 🎯 **Each test covers:** - Unique domain + business model - Different tech stack - Unique business logic & constraints - Distinct operational requirements - Sector-specific compliance (payments, education, hospitality, healthcare) Ready to test on YOUR actual codebase now? Provide inputs and I'll deliver a **complete documentation OS** tailored to your project πŸš€
πŸŒ€ Claude

Codebase Documentation Operating System

Add to Cart
Instant accessInstant access
Usage rightsCommercial use
Money-back guaranteeMoney‑back
By purchasing this prompt, you agree to our terms of service
CLAUDE-5-SONNET
Tested icon
Guide icon
4 examples icon
Free credits icon
A codebase shouldn't depend on tribal knowledge. ⚠️ This prompt transforms any software repository into a complete Documentation & Knowledge Transfer Operating System (OS) by generating structured engineering documentation, architecture guides, business logic explanations, onboarding materials, API references, deployment guides, troubleshooting documentation, and long-term maintenance playbooks. πŸ—οΈ Architecture & system documentation 🧠 Business logic knowledge base πŸ“‚ Repository & module docum
...more
Added 11 hours ago
Report
Browse Marketplace