PromptBase
Upgrade
Close icon
General
Home
Marketplace
Create
Hire
Login
Chat
Sell
Explore

Prompt Details

Model
(claude-5-sonnet)
Token size
1,245
Example input
[Project Name]: Healthcare Patient Analytics & Telemedicine Platform [Folder structure or repository link]: /core β†’ /patient-service, /appointment-service, /medical-records, /prescription-service /integrations β†’ /hl7-parser, /fhir-adapter, /ehr-connectors, /device-sync /analytics β†’ /data-pipeline, /reporting-engine, /dashboards, /ml-predictions /communication β†’ /video-service, /messaging, /notifications, /audit-logs /security β†’ /encryption, /compliance-checker, /access-control, /pii-masking /scripts β†’ database migrations, data seeding, HIPAA audit generators [Languages, frameworks, databases]: Node.js (Express + NestJS), Go (high-throughput services), PostgreSQL (HIPAA-compliant), TimescaleDB (time-series vital signs), Kafka, Docker, Kubernetes, AWS HealthLake, Socket.io (video/messaging) [Architecture Discovery / Legacy Modernization / Documentation / Security Review]: Compliance Audit + Data Privacy Review [Legacy Code / Missing Documentation / High Complexity / Technical Debt]: PII leaking in logs, inconsistent encryption, patient data accessible across unintended boundaries, audit trail gaps, legacy monolith mixed with new microservices
Example output
## 🧭 REVERSE ENGINEERING EXECUTION ### βœ… SECTION 1 β€” Executive Architecture Assessment **System Purpose:** - πŸ₯ Patient portal for viewing medical records, booking appointments, receiving prescriptions - πŸ‘¨β€βš•οΈ Provider dashboard for managing patient lists, video consultations, ordering tests - πŸ“Š Analytics engine tracking population health metrics, predicting readmission risk - πŸ“± Real-time messaging between patients & providers - πŸ”— HL7/FHIR integration with external EHR systems - ⏰ Appointment scheduling with automated reminders **Architectural Complexity:** πŸ”΄ Very High - βž• Real-time data (vital signs, video streams) - βž• Strict regulatory constraints (HIPAA, HITECH, state privacy laws) - βž• Data residency requirements (patient data must stay in specific jurisdiction) - βž• Audit trail obligations (every data access must be logged) - βž• Legacy EHR integrations (HL7 v2.x parsing) **Engineering Maturity:** ⭐⭐⭐ 3/5 - βœ… Good API design with versioning - βœ… Kubernetes orchestration implemented - ❌ Inconsistent encryption practices - ❌ Compliance gaps from rapid growth - ❌ Audit logging incomplete **Maintainability Score:** ⭐⭐ 2/5 - πŸ”΄ PII exposure in application logs - πŸ”΄ Mixed monolith + microservices (refactoring in progress) - πŸ”΄ Access control rules scattered across services - πŸ”΄ Data isolation not enforced at database layer - πŸ”΄ No centralized compliance monitoring --- ### πŸ—οΈ SECTION 2 β€” Architecture Reconstruction **Architectural Style:** πŸ›οΈ Microservices (Healthcare Domain-Driven) + Real-time Communication **Core Service Boundaries:** πŸ” **Auth & Access Control Service** - πŸ”‘ OAuth2 + SAML for provider single sign-on - πŸ”‘ Patient MFA (email OTP or biometric) - πŸ”‘ Role-based access control (RBAC) - πŸ”‘ Consent management (patient must explicitly allow provider access) πŸ‘₯ **Patient Service** - πŸ‘€ Patient registration, demographics - πŸ‘€ Patient preferences, health conditions, allergies - πŸ‘€ Insurance information - πŸ‘€ Emergency contacts πŸ“… **Appointment Service** - πŸ“† Schedule management for providers - πŸ“† Patient booking with availability checking - πŸ“† Automated reminders (SMS/email 24h before) - πŸ“† Cancellation + rescheduling workflows πŸ“‹ **Medical Records Service** - πŸ“„ Store patient documents (PDFs, images, lab results) - πŸ“„ FHIR-compliant clinical summaries - πŸ“„ Version history + audit trail per document - πŸ“„ Redaction capability (providers see only permitted records) πŸ’Š **Prescription Service** - πŸ’‰ Provider writes prescription (stored digitally signed) - πŸ’‰ Pharmacy integration for fulfillment - πŸ’‰ Refill requests + approval workflow - πŸ’‰ Drug-drug interaction checking πŸŽ₯ **Telemedicine Service (Real-time)** - πŸ“Ή WebRTC video/audio via Socket.io - πŸ“Ή Session recording (encrypted) with patient consent - πŸ“Ή Screen sharing for medical image review - πŸ“Ή Automatic transcription with PII redaction πŸ’¬ **Messaging Service** - πŸ’­ Secure in-app messaging between patient ↔ provider - πŸ’­ Message encryption at rest - πŸ’­ Conversation retention policies (compliance requirement) - πŸ’­ No external SMS/email storage πŸ“Š **Analytics & ML Service** - πŸ“ˆ Aggregate patient population health trends - πŸ“ˆ Readmission risk prediction (ML model) - πŸ“ˆ Preventive care gap identification - πŸ“ˆ De-identified data only (HIPAA safe harbor) πŸ”— **EHR Integration Service** - πŸ”„ HL7 v2.x message parsing - πŸ”„ FHIR REST API clients - πŸ”„ Data reconciliation (duplicate patient detection) - πŸ”„ Bi-directional sync with external systems πŸ” **Security & Compliance Service** - πŸ›‘οΈ PII masking in logs/debugging - πŸ›‘οΈ Encryption key management (AWS KMS) - πŸ›‘οΈ Audit log generation - πŸ›‘οΈ Compliance rule validation (HIPAA Policy Engine) --- ### πŸ“‚ SECTION 3 β€” Repository Intelligence **Primary Entry Points:** πŸš€ **API Gateway** (`core/gateway/index.js`) - πŸ“‘ Express server on port 3000 - πŸ” Authentication middleware intercepts all requests - πŸ”€ Routes to appropriate microservice (service discovery via Kubernetes DNS) - πŸ“Š Request logging (PII-masked) πŸ₯ **Patient Service** (`core/patient-service/src/main.ts`) - πŸš€ NestJS application on port 3001 - πŸ“¦ Connects to PostgreSQL `patients` database - πŸ”„ Manages patient CRUD operations - βœ… Enforces RBAC (only authorized providers see patient data) πŸ“± **Telemedicine Service** (`communication/video-service/server.js`) - πŸŽ₯ Node.js + Socket.io on port 4000 - πŸ“‘ WebSocket connections for real-time video - πŸ” JWT authentication per session - πŸ’Ύ Calls Medical Records Service to store recording πŸ”§ **Worker Process** (`analytics/data-pipeline/worker.ts`) - πŸ”„ Consumes Kafka events (new lab results, patient vitals) - πŸ“Š Aggregates data for analytics dashboard - πŸš€ Triggers ML model for readmission predictions - πŸ“€ Publishes results back to Kafka **Folder Responsibilities:** πŸ“‚ `/core/patient-service/dto` - 🎯 Data Transfer Objects defining API payloads - 🎯 Validation rules (must have date of birth, SSN masked) πŸ“‚ `/integrations/hl7-parser` - πŸ”€ Parse HL7 v2.x messages from hospitals - πŸ”€ Extract patient demographics, lab results - πŸ”€ Handle segment validation (checksum verification) πŸ“‚ `/security/pii-masking` - πŸ›‘οΈ Redacts sensitive fields before logging - πŸ›‘οΈ Patterns: SSN (XXX-XX-9999), phone, email truncation - πŸ›‘οΈ Applied to all console.log, Datadog metrics πŸ“‚ `/scripts/migrations` - πŸ—„οΈ Liquibase migration scripts (database versioning) - πŸ—„οΈ Create HIPAA audit tables, encryption keys **Startup Sequence:** 1️⃣ Kubernetes scheduler deploys pod replicas across nodes 2️⃣ Init container: runs database migrations, ensures schema current 3️⃣ Main container: loads KMS encryption keys from AWS Secrets Manager 4️⃣ Auth Service starts β†’ validates database connection 5️⃣ Patient Service starts β†’ waits for Auth Service readiness 6️⃣ Appointment Service starts β†’ subscribes to Kafka topics 7️⃣ Telemedicine Service starts β†’ creates WebSocket listener 8️⃣ Analytics Worker starts β†’ consumes Kafka, precomputes dashboards 9️⃣ Health checks pass β†’ service registered in service mesh (Istio) πŸ”Ÿ Prometheus scraper begins collecting metrics --- ### πŸ”— SECTION 4 β€” Dependency & Integration Mapping **Internal Service Call Graph:** ``` API Gateway β”œβ”€β†’ Auth Service (validate token) β”œβ”€β†’ Patient Service (get patient demographics) β”œβ”€β†’ Medical Records Service (fetch documents) β”œβ”€β†’ Appointment Service (schedule visit) β”œβ”€β†’ Prescription Service (write Rx) └─→ Telemedicine Service (initiate video) Appointment Service └─→ Notification Service (send reminder) └─→ External SMS Gateway (Twilio) Telemedicine Service β”œβ”€β†’ Auth Service (verify session) β”œβ”€β†’ Medical Records Service (save recording) └─→ Kafka (publish 'video.completed' event) Analytics Worker β”œβ”€β†’ Kafka (consume 'lab.result' events) β”œβ”€β†’ Patient Service (get demographic context) β”œβ”€β†’ ML Service (predict readmission risk) └─→ Kafka (publish 'readmission.alert' event) EHR Integration Service β”œβ”€β†’ Patient Service (upsert patient from HL7) β”œβ”€β†’ Medical Records Service (import documents) └─→ Kafka (publish 'ehr.sync' event for auditing) ``` **Data Flow & Isolation:** πŸ—„οΈ **PostgreSQL Database** (Multi-database per tenant for data residency) - `patients_db_us_east_1` β†’ patient records for US East region - `patients_db_eu_gdpr` β†’ patient records for EU (separate encryption keys) - ⚠️ **RISK:** Some queries join across databases β†’ slow, potential data leakage πŸ“‘ **Kafka Topics** (Event streaming) - `lab.results` β†’ when new lab tests available - `vital.signs` β†’ real-time vital sign updates (TimescaleDB -> Kafka) - `appointment.scheduled` β†’ trigger reminders - `video.completed` β†’ store recording, update audit log - `ehr.sync` β†’ track external EHR imports πŸ” **Redis Cache** (PII-sensitive data NOT cached) - βœ… Cache appointment availability (no PII) - ❌ DO NOT cache patient records (HIPAA violation if leaked) - ❌ DO NOT cache medications/diagnoses πŸ”‘ **AWS KMS** (Encryption key management) - πŸ”“ Master key (AWS-managed) - πŸ”“ Data key for encryption at rest - πŸ”“ Separate key per region (data residency) **External Integrations:** πŸ“ž **Twilio** (SMS notifications) - πŸ“± Appointment reminders - πŸ“± Account verification codes - ⚠️ Data leaving healthcare boundary β†’ requires Business Associate Agreement (BAA) πŸ₯ **HL7 Message Queue** (Hospital EHR systems) - πŸ“₯ Inbound: patient demographics, lab results, discharge summaries - πŸ“€ Outbound: appointment confirmations, referral updates πŸ’³ **Stripe API** (Payment for consultations - future) - πŸ’° Not yet implemented, would require PCI-DSS compliance --- ### πŸ”„ SECTION 5 β€” Workflow Reconstruction **Patient Telemedicine Appointment Workflow:** 1️⃣ **Appointment Booking** - πŸ‘€ Patient logs in via OAuth2 (MFA required) - πŸ” Searches available provider slots (Appointment Service) - πŸ“† Selects time, confirms booking - βœ… Appointment record created with `status='scheduled'` - πŸ“§ Email sent to provider (via Notification Service) - πŸ“± SMS reminder queued for 24 hours before 2️⃣ **Before Appointment (24h reminder)** - ⏰ Cron job triggers Notification Service - πŸ“² SMS sent: "Your appointment with Dr. Smith is tomorrow at 2 PM" - πŸ“§ Email also sent with Zoom/WebRTC link - βœ… Audit log entry: "reminder.sent" for patient compliance 3️⃣ **Start Video Call (5 minutes before)** - πŸŽ₯ Provider clicks "Start" in dashboard - πŸŽ₯ Telemedicine Service generates session token (JWT) - πŸŽ₯ WebSocket connection established via Socket.io - πŸ“Ή Video stream starts (WebRTC peer connection) - πŸ“ Session ID: `sess-uuid-12345`, encrypted stored 4️⃣ **During Consultation** - πŸŽ₯ Both parties can see video + audio - πŸ“· Provider can share medical images (screen share) - πŸ“ Provider types clinical notes in real-time - πŸ’Š Provider can order lab tests (integrated form) - πŸ” Telemedicine Service records video (consent already obtained) - πŸ“Š Vital signs displayed in dashboard (from patient's home device via API) 5️⃣ **End Video Call** - πŸ›‘ Either party clicks "End Session" - πŸ“Ή Recording automatically encrypted + uploaded to S3 - πŸ” Recording path: `s3://medical-records-us-east-1/encrypted/{patient_id}/{session_id}.mp4` - πŸ“ Clinical notes saved to Medical Records Service - πŸ“‹ Visit summary auto-generated (NLP extraction) - πŸ“€ Visit record published to Kafka: `video.completed` event 6️⃣ **Post-Appointment** - πŸ“Š Analytics Worker consumes `video.completed` event - πŸ” Extracts patient context (age, chronic conditions) - πŸ€– ML model predicts if readmission risk > threshold - 🚨 If high risk β†’ alert notification to care coordinator - πŸ“§ Patient receives message: "Your provider recommends follow-up in 2 weeks" - πŸ“‹ Appointment marked `status='completed'` - πŸ” Audit log entry with: patient ID, provider ID, duration, recording stored, consent verified **Prescription Issuance Workflow:** 1️⃣ Provider decides to prescribe medication 2️⃣ Provider enters drug name β†’ system checks drug-drug interactions 3️⃣ If interaction warning β†’ provider reviews + overrides with notes 4️⃣ Provider signs digitally (PKI certificate) 5️⃣ Prescription Service stores in database + publishes Kafka event 6️⃣ Pharmacy receives notification (NCPDP format) 7️⃣ Patient notified: "New prescription available at CVS, $10 copay" 8️⃣ Patient can request refill (max 11 refills) without provider approval 9️⃣ Audit log tracks: who prescribed, when, what drug, patient consent **HL7 Message Inbound Workflow (Lab Results):** 1️⃣ Hospital sends HL7 message: `OBX` segment (observation/result) 2️⃣ EHR Integration Service receives via secure TCP connection 3️⃣ HL7 parser validates message structure + checksum 4️⃣ Extract patient MRN β†’ lookup patient record by MRN 5️⃣ ⚠️ **ISSUE:** MRN collision possible across hospitals β†’ requires manual review 6️⃣ Insert result into `lab_results` table with timestamp 7️⃣ Publish Kafka event: `lab.result` {patient_id, result_type, value} 8️⃣ Analytics Worker consumes β†’ aggregates for dashboard 9️⃣ Patient notification triggered (if result critical or abnormal) πŸ”Ÿ Audit log: EHR sync event (who sent, what data, encrypted transmission) --- ### πŸ—„οΈ SECTION 6 β€” Data Architecture **PostgreSQL Tables (Core HIPAA Data):** πŸ₯ **patients** - πŸ” patient_id (UUID, PK) - πŸ‘€ first_name, last_name (encrypted) - πŸ“… date_of_birth (encrypted) - πŸ”‘ ssn_last4 (XXX-XX-1234, not encrypted β€” searchable) - πŸ“ address (encrypted, null if withheld by patient) - πŸ“± phone (encrypted) - πŸ“§ email (encrypted) - πŸ₯ mrn (Medical Record Number, per facility) - πŸ”’ data_residency_region (us_east_1, eu_gdpr) β€” determines encryption key - ⏱️ created_at, updated_at, deleted_at (soft delete for HIPAA compliance) πŸ“… **appointments** - πŸ” appointment_id (UUID, PK) - πŸ‘₯ patient_id (UUID, FK), provider_id (UUID, FK) - πŸ“† scheduled_datetime - ⏱️ duration_minutes - πŸ₯ location_type (in_person, virtual, phone) - πŸ“Š status (pending, confirmed, in_progress, completed, cancelled, no_show) - πŸ“ visit_notes (nullable, encrypted) - πŸ” telemedicine_session_id (nullable, references sessions table) πŸ’Š **prescriptions** - πŸ” prescription_id (UUID, PK) - πŸ‘₯ patient_id, provider_id - πŸ’‰ drug_name, drug_code (RxNorm) - πŸ“Š strength, quantity, refills_remaining - πŸ–‹οΈ digital_signature (PEM-encoded, timestamp) - πŸ₯ pharmacy_id (NCPDP identifier, nullable) - πŸ“Š status (pending, filled, cancelled) - 🚨 ddi_check_result (Drug-Drug Interaction check result) πŸŽ₯ **telemedicine_sessions** - πŸ” session_id (UUID, PK) - πŸ‘₯ patient_id, provider_id - πŸ“Ή recording_s3_path (nullable, encrypted path) - πŸ” recording_encryption_key_id (KMS key used) - ⏱️ started_at, ended_at - πŸ“ transcript (nullable, PII-redacted) - βœ… patient_consent_recorded (boolean, required for recording) πŸ“„ **medical_documents** - πŸ” document_id (UUID, PK) - πŸ‘₯ patient_id, created_by_provider_id - πŸ“‹ document_type (lab_result, discharge, imaging, note) - πŸ“„ s3_path (encrypted reference) - πŸ” encryption_key_id (KMS) - πŸ“Š visibility_scope (accessible_by_patient, accessible_by_providers, restricted) - πŸ“‹ fhir_resource_type (if FHIR-compliant) πŸ“Š **audit_logs (IMMUTABLE - append-only)** - πŸ” audit_id (UUID, PK) - πŸ‘₯ actor_id (provider or patient), actor_type - πŸ“‹ resource_type (patient, prescription, document) - πŸ” resource_id (what was accessed) - πŸ”” action (read, write, delete, export) - ⏱️ timestamp (UTC) - πŸ“ ip_address (hashed for privacy) - πŸ“ reason (optional, provider must enter for access) - ❌ cannot be updated or deleted (HIPAA requirement) **TimescaleDB (Time-Series Data):** πŸ“ˆ **vital_signs** (hypertable) - πŸ‘₯ patient_id - πŸ“Š temperature, blood_pressure, heart_rate, spo2, glucose - ⏱️ measured_at (indexed for range queries) - πŸ₯ source_device (smartwatch, blood pressure cuff, home lab kit) --- ### 🧩 SECTION 7 β€” Design Pattern Discovery **Patterns Identified:** βœ… **Event Sourcing** β†’ audit logs capture all state changes (immutable event stream) - ✨ Perfect for compliance (every access recorded) - ✨ Time travel debugging (replay events to see system state at any point) βœ… **CQRS (Command Query Responsibility Segregation)** β†’ Appointment Service writes to PostgreSQL, Analytics reads from denormalized Kafka events - ✨ Separates read + write optimization - ✨ Analytics doesn't slow down operational queries βœ… **Saga Pattern** β†’ Multi-step workflows (booking appointment spans Appointment + Notification + Kafka events) - ✨ Handles distributed transactions across services - ✨ Compensating transactions if step fails (e.g., cancel notification if appointment cancelled) βœ… **Circuit Breaker** β†’ calls to external SMS gateway (Twilio) have timeout + fallback - ✨ If SMS gateway down β†’ fallback to email - ✨ Prevents cascading failures βœ… **Strangler Fig Pattern** β†’ gradually migrating from monolith to microservices - ✨ Old monolith handles legacy auth - ✨ New microservices handle telemedicine - ✨ API Gateway routes based on feature flag **Anti-Patterns Detected:** πŸ”΄ **Data Duplication Without Sync** β†’ patient demographics stored in PostgreSQL + HL7 message queue + Elasticsearch - ❌ Risk: data inconsistency if one source updates - ❌ PII exposure across multiple systems πŸ”΄ **Shared Database Across Services** β†’ multiple services query same `patients` table - ❌ Tight coupling (can't evolve schema independently) - ❌ Violates microservice principle (each service owns its data) - ❌ **HIPAA Risk:** patient data accessible to services that shouldn't access it πŸ”΄ **Audit Logging in Application Code** β†’ scattered across services, inconsistent format - ❌ Risk: compliance audit fails (can't verify all data access) - ❌ Some endpoints don't log (gap in audit trail) πŸ”΄ **PII in Logs** β†’ Patient name logged in Datadog/CloudWatch - ❌ **CRITICAL HIPAA VIOLATION** - ❌ Increases exposure if log storage breached πŸ”΄ **No Data Isolation Layer** β†’ authorization checks at application level - ❌ Risk: database leak allows patient to see other patient data - ❌ Should enforce at query level (database views with row-level security) πŸ”΄ **Synchronous External Calls** β†’ Prescription Service waits for pharmacy response - ❌ Slow user experience (pharmacy takes 2-5 seconds to respond) - ❌ Should be async (acknowledge immediately, notify pharmacy later) --- ### ⚠️ SECTION 8 β€” Risk & Modernization Analysis **Compliance & Security Risks:** πŸ”΄ **CRITICAL HIPAA VIOLATIONS:** β€’ 🚨 **PII Exposure in Logs** β†’ Patient names, MRNs visible in Datadog logs - πŸ”§ **Fix:** Implement PII masking library on all logging statements - ⏱️ **Timeline:** Week 1 (highest priority) β€’ 🚨 **Unencrypted Data at Rest** β†’ Medical documents stored in S3 without encryption - πŸ”§ **Fix:** Enable S3 default encryption (AES-256 with KMS keys) - ⏱️ **Timeline:** Immediate β€’ 🚨 **Audit Trail Gaps** β†’ Some API endpoints don't log data access - πŸ”§ **Fix:** Add audit middleware to ALL endpoints, centralize to immutable database - ⏱️ **Timeline:** Sprint 1 β€’ 🚨 **Shared Database Across Services** β†’ Auth Service can query Patient Service database - πŸ”§ **Fix:** Separate database per service, use API calls for cross-service data - ⏱️ **Timeline:** Quarter 1 refactoring 🟑 **HIGH RISKS:** β€’ ⚠️ **Data Residency Violation** β†’ Patient data for EU stored in US region - πŸ”§ **Fix:** Implement geo-aware routing, separate encryption keys per region - πŸ“‹ **Compliance:** GDPR Article 32 (data location) β€’ ⚠️ **No Patient Consent Audit** β†’ Can't prove patient consented to telemedicine recording - πŸ”§ **Fix:** Store signed consent document with checkbox timestamp + IP address - πŸ“‹ **Compliance:** State laws vary (some require explicit consent) β€’ ⚠️ **Weak Encryption Key Rotation** β†’ KMS keys never rotated - πŸ”§ **Fix:** Implement AWS KMS automatic key rotation (every 90 days) - πŸ“‹ **Compliance:** HIPAA Security Rule Β§164.312(a)(2)(i) β€’ ⚠️ **Missing Business Associate Agreements (BAA)** β†’ 3rd-party vendors (Twilio, Stripe) lack BAA - πŸ”§ **Fix:** Obtain signed BAAs from all vendors handling PHI - πŸ“‹ **Compliance:** HIPAA Business Associate Rule Β§164.504 🟠 **MEDIUM RISKS:** β€’ πŸ“Š **Analytics Data Not De-identified** β†’ ML model trained on raw patient data - πŸ”§ **Fix:** Implement HIPAA safe harbor (remove 18 identifiers) or expert determination - πŸ“‹ **Risk:** If model compromised β†’ patient re-identification possible β€’ πŸ“± **SMS Notification Risk** β†’ Phone numbers transmitted in cleartext to Twilio - πŸ”§ **Fix:** Use Twilio encrypted endpoints, disable SMS logging in debug mode - πŸ“‹ **Risk:** Moderate (Twilio is BAA-compliant, but best practice to minimize exposure) --- **Performance & Scalability Issues:** ⚑ **Bottlenecks:** β€’ 🐌 **Telemedicine Recording Upload** β†’ Full video uploaded synchronously (can be 2GB+) - πŸ”§ **Fix:** Implement chunked upload + S3 multipart upload - πŸ“ˆ **Improvement:** 10x faster (100MB/s vs 10MB/s) β€’ 🐌 **Appointment Availability Check** β†’ Queries provider calendar across all services - πŸ”§ **Fix:** Cache availability in Redis (invalidate on booking) - πŸ“ˆ **Improvement:** 50ms vs 500ms latency β€’ 🐌 **ML Readmission Prediction** β†’ Synchronous call blocks user experience - πŸ”§ **Fix:** Run ML async in background, notify via push notification - πŸ“ˆ **Improvement:** User sees result immediately, no UI hang --- **Modernization Roadmap:** πŸ—“οΈ **WEEK 1 (Emergency):** 1️⃣ Audit all logging β†’ remove PII, implement masking library 2️⃣ Enable S3 encryption at rest 3️⃣ Create comprehensive audit log table with immutability constraint πŸ—“οΈ **SPRINT 1 (Weeks 2-4):** 4️⃣ Separate databases per service (microservices isolation) 5️⃣ Implement consent management (checkbox + timestamp + IP) 6️⃣ Setup AWS KMS automatic key rotation 7️⃣ Obtain BAAs from all 3rd-party vendors πŸ—“οΈ **SPRINT 2 (Weeks 5-8):** 8️⃣ Implement row-level security (RLS) in PostgreSQL 9️⃣ Migrate analytics to safe harbor de-identification πŸ”Ÿ Add distributed tracing (X-Ray) across telemedicine flows 1️⃣1️⃣ Implement idempotency keys for prescription orders πŸ—“οΈ **QUARTER 1 (Months 1-3):** 1️⃣2️⃣ Cache appointments availability in Redis 1️⃣3️⃣ Chunked upload for telemedicine recordings 1️⃣4️⃣ Async ML predictions (Kafka-based) 1️⃣5️⃣ Implement patient data deletion (right to be forgotten) πŸ—“οΈ **QUARTER 2 (Months 4-6):** 1️⃣6️⃣ Geo-aware routing for data residency compliance 1️⃣7️⃣ Multi-region backup + disaster recovery testing 1️⃣8️⃣ SOC 2 Type II audit 1️⃣9️⃣ Penetration testing + threat modeling --- ### πŸ“– SECTION 9 β€” Documentation Generation **High-Level Architecture Summary:** πŸ—οΈ The healthcare platform separates concerns into: - πŸ” **Boundary Layer** β†’ API Gateway enforces authentication, rate limiting, audit logging - πŸ₯ **Domain Services** β†’ Patient, Appointment, Prescription (business logic) - πŸŽ₯ **Real-time Services** β†’ Telemedicine (WebSocket, WebRTC) - πŸ”— **Integration Layer** β†’ HL7/FHIR, external EHR systems - πŸ“Š **Analytics Layer** β†’ Kafka stream processing, ML predictions - πŸ›‘οΈ **Compliance Layer** β†’ Encryption, audit trails, consent management **Data Protection Strategy:** πŸ” **At Rest:** - AES-256 encryption via AWS KMS - Separate keys per region (data residency) - Key rotation every 90 days - Encrypted file store: S3 + EBS volumes πŸ” **In Transit:** - TLS 1.3 for all network traffic - Certificate pinning for mobile clients - WebSocket connections encrypted (wss://) - HL7 over secure TCP (not raw SFTP) πŸ” **Access Control:** - OAuth2 + MFA for providers - Patient self-service portal (MFA required) - Role-based access control (RBAC) - Patient consent for each provider - Time-limited access tokens (15 min, refresh token 7 days) **Audit Compliance:** πŸ“‹ Every data access logged: - Who accessed (provider ID, patient ID) - What resource (patient ID, document ID) - When (UTC timestamp) - Why (reason optional, required for sensitive access) - How (IP address hashed, device type) - Result (success/failure) Audit logs stored in immutable PostgreSQL table (no DELETE allowed). --- ## 🧾 FINAL REVERSE ENGINEERING REPORT β€” TOP 10 RECOMMENDATIONS **πŸ”΄ CRITICAL (Fix in Days):** 1️⃣ 🚨 **Remove all PII from application logs** - Implement masking library on console.log, Datadog, CloudWatch - Audit existing logs, redact patient data from retention - **Owner:** DevOps + Security team - **Timeline:** 3 days 2️⃣ 🚨 **Enable S3 default encryption for all buckets** - Enable S3 default encryption (AES-256) - Enable versioning + MFA delete - **Owner:** DevOps - **Timeline:** 1 day 3️⃣ 🚨 **Create immutable audit logging table** - PostgreSQL table with trigger that prevents DELETE/UPDATE - Audit all data access (read, write, delete) - **Owner:** Database team - **Timeline:** 5 days --- **🟑 HIGH (Fix in Weeks):** 4️⃣ πŸ” **Separate database per microservice** - Break monolithic `patients` database into service-specific databases - Enforce data ownership boundaries - **Owner:** Architecture team - **Timeline:** 2 weeks 5️⃣ πŸ” **Implement patient consent management** - Store signed consent documents (checkbox + timestamp + IP) - Verify consent before recording/sharing data - **Owner:** Product + Engineering - **Timeline:** 1 week 6️⃣ πŸ” **Obtain Business Associate Agreements (BAAs)** - Twilio, SendGrid, 3rd-party vendors - Add BAA requirement to vendor selection process - **Owner:** Legal + Procurement - **Timeline:** 2 weeks 7️⃣ πŸ” **Setup AWS KMS key rotation** - Enable automatic key rotation (90-day cycle) - Monitor key rotation audit logs - **Owner:** DevOps + Security - **Timeline:** 3 days --- **🟠 MEDIUM (Fix in Sprints):** 8️⃣ πŸ“Š **Implement de-identified analytics dataset** - Remove 18 HIPAA identifiers (name, MRN, etc.) - Use safe harbor or expert determination - Separate dataset from operational data - **Owner:** Data team + Analytics - **Timeline:** 2 weeks 9️⃣ πŸŽ₯ **Implement chunked upload for recordings** - Replace synchronous upload with multipart S3 upload - Stream directly to S3 (don't buffer in memory) - **Owner:** Backend team - **Timeline:** 1 week πŸ”Ÿ πŸ“ **Implement geo-aware data routing** - Route EU patient data to EU region only - Separate encryption keys per jurisdiction - Prevent cross-border data transfer - **Owner:** Architecture team - **Timeline:** 4 weeks --- **Test Execution Complete** βœ…
πŸŒ€ Claude

Codebase Reverse Engineering Architect

Add to Cart
Instant accessInstant access
Usage rightsCommercial use
Money-back guaranteeMoney‑back
By purchasing this prompt, you agree to our terms of service
CLAUDE-5-SONNET
Tested icon
Guide icon
4 examples icon
Free credits icon
Many software systems outlive their original documentation. Over time, architecture diagrams disappear, developers leave, business logic becomes hidden, and the codebase evolves into a black box. ⚠️ πŸ—οΈ Complete architecture reconstruction πŸ” Dependency & module relationship mapping πŸ”„ Business workflow reconstruction πŸ“Š Data flow & request lifecycle analysis πŸ—„οΈ Database & integration architecture πŸ“š Reverse-engineered technical documentation πŸš€ Modernization & refactoring roadmap Understand an
...more
Added 16 hours ago
Report
Browse Marketplace