Case Study · SHCA Health Providers
How UnlockLive replaced a patchwork of spreadsheets, paper notes, and disconnected EMR tools across 5 senior-care facilities with a single HIPAA-aligned, multi-tenant Next.js + Django + PostgreSQL platform on AWS — cutting clinical-note time by 70%, tripling intake speed, and giving the operator one audit-ready source of truth on day one.
SHCA managed dozens of senior-care facilities on a patchwork of Excel spreadsheets, paper shift notes, and three disconnected EMR-style tools — with no single source of truth for any patient. Nurses re-keyed updates across systems every shift, families had no visibility, admins had no way to prove who saw what, and onboarding a new facility meant re-creating the same brittle Excel template all over again.
The ask was uncompromising: deliver a HIPAA-aligned, multi-facility patient-management SaaS that any nurse, doctor, admin, or family member could safely log into on day one — with template-driven clinical notes, role-scoped record access, full audit trails, and the ability to onboard a brand-new facility in minutes instead of weeks. Anything less than 'one record, one log, one source of truth' would have shipped the same fragmentation problem in nicer skin.
We built a multi-tenant Next.js + Django + PostgreSQL SaaS hosted on AWS, where every patient lives in exactly one record and every action is observable, auditable, and role-scoped.
The Django backend exposes a Django REST Framework API with a strict tenant boundary — every query is filtered by `facility_id` at the ORM layer, so a nurse from Facility A literally cannot SELECT a patient from Facility B even with a forged URL. JWT-based auth wires four roles (doctor, nurse, admin, family) into per-endpoint and per-field permissions, and a single 'audit_event' append-only log captures every read, write, and export with `(user_id, role, facility_id, patient_id, action, timestamp, ip)` so a HIPAA-aligned audit can be produced for any patient over any window in seconds.
Clinical notes — the highest-value workflow in the product — are template-driven. Instead of free-typing a 20-minute SOAP note, a nurse picks a template, fills only the deltas, and the system serializes a structured note plus a human-readable summary. Voice-friendly text inputs, autosave every 5 seconds, and attachable medication / vitals snapshots cut average note time from 18+ minutes to under 5.
The Next.js front-end ships a single SPA-style UX for every role, with role-aware navigation, optimistic patient updates, and an internal facility switcher for admins who manage multiple sites. Family members get a tightly-scoped portal — they only see the patient they are linked to, and only the fields the doctor approved for sharing.
On the infrastructure side: PostgreSQL on RDS with automated point-in-time recovery, S3 with KMS-encrypted attachments and signed time-bounded URLs (no raw S3 URLs in the wild), CloudWatch + Sentry on every endpoint, automated nightly backup verification, and infrastructure-as-code so a second region can be brought up without ticketing the cloud team.
We started by shadowing nurses on a real shift and mapping every place patient data flowed — paper, Excel, EMR, group chat, fax. From that we ran a HIPAA-focused threat model on the four highest-risk failure modes: cross-facility leakage, untracked exports, family over-sharing, and unsigned attachment URLs. Out of that came the three architectural anchors the rest of the build sits on: tenant-scoped queries enforced at the ORM layer, an append-only audit_event log on every action, and signed S3 URLs with no raw object access.
We modelled facilities, patients, roles, and clinical notes in a single PostgreSQL schema with a hard `facility_id` boundary baked into every QuerySet via a tenant-scoped manager. Roles (doctor, nurse, admin, family) gate both endpoints and fields — a family user cannot even see that a 'medications' field exists on the response unless the doctor flipped a sharing toggle. Clinical notes are template-driven and stored as structured JSON plus a rendered human summary, so reporting and exports stay clean.
We shipped a single Next.js SPA that re-skins itself per role on login: a nurse sees the shift queue and quick-note flow; an admin sees the facility switcher and audit search; a family member sees only their linked patient with the doctor-approved subset of fields. Optimistic updates, autosave on note drafts, and a low-friction template picker turned the high-frequency 'add a note' flow from 18+ minutes to under 5.
We deployed the platform on AWS — EC2 + RDS PostgreSQL + S3 + KMS — with CloudWatch + Sentry on every endpoint, nightly backup verification, and infrastructure-as-code. Every read, write, and export hits an append-only audit_event log so an auditor can be served a per-patient activity report in seconds. We handed the operator a runbook for facility onboarding, role provisioning, and incident response, and stayed on retainer for monthly enhancements.
“We had a large, complex project with several databases needing to communicate with each other. The UnlockLive team asked the right follow-up questions, kept the timeline honest, and delivered something our clinical staff actually use every day.”
We enforce the tenant boundary at the Django ORM layer, not in route handlers. Every model that touches PHI is fronted by a tenant-scoped QuerySet manager that filters by `facility_id` from the JWT before any other filter is applied. The result: a forged URL, a missed `if` in a view, or a bug in a serializer cannot return cross-facility records — the SQL the database sees is already filtered. We also pair this with field-level permissions so a family member literally cannot see that a sensitive field exists on the response.
We architected the application with HIPAA-aligned controls — role-scoped access, encryption at rest (RDS + S3 + KMS) and in transit (TLS 1.2+), an append-only `audit_event` log on every PHI read/write/export, signed time-bounded URLs for every attachment, and nightly backup verification. HIPAA compliance is ultimately a Business Associate Agreement and an organizational program — the operator runs that — but the platform was built so a HIPAA audit can be answered with a query, not a re-architecture.
Six months end-to-end. Roughly: 3 weeks of discovery, threat model, and data design; 14 weeks of Django REST API + Next.js SPA build with two-week sprints, automated tests on every PR, and security review before promotion to production; 4 weeks of AWS hardening, observability, audit-log work, and clinician training; 4 weeks of pilot with one facility followed by a same-week rollout to the remaining 4 facilities.
A Next.js (React) SPA front-end, a Django + Django REST Framework API, PostgreSQL on Amazon RDS, S3 + KMS for encrypted attachments, Celery + Redis for background jobs, JWT-based auth with per-endpoint and per-field role permissions, and CloudWatch + Sentry for observability — all containerized with Docker and deployed via infrastructure-as-code on AWS.
Yes — the data model and permissions system are facility-agnostic by design. Adding a new facility is an admin action, not a code change; a new operator can re-brand the front-end and reuse the same multi-tenant backend. The same architecture (`facility_id` boundary + audit_event log + signed-URL attachments) is reusable for any HIPAA-adjacent multi-tenant SaaS — clinics, behavioral-health groups, home-care agencies, and similar.
Enterprise / Healthcare100% On-device inference — zero customer data leaves the laptopHow we replaced a $4.2K/month OpenAI bill with a fully on-device LLM workflow using Ollama, llama.cpp, and a FastAPI orchestration layer — keeping 100% of customer data on the user's laptop while delivering sub-second responses.
Healthcare / Wellness Coaching SaaS2.5x Lift in week-4 retention vs. the Zoom + PDF baselineHow UnlockLive turned a Zoom-and-PDF coaching practice into a production gamified nutrition coaching SaaS — a Next.js client app with calorie + macro tracking, a Python-powered recipe and lesson engine, a points/badges/tier progression system that locks and unlocks content, and a coach console that surfaces who is active, who is stalling, and what to send next. Result: 2.5x lift in week-4 retention and thousands of clients onboarded since launch.
Higher Education / Career-College SaaS100% Of tuition payments now collected online via Stripe (zero cheques / e-transfers)How UnlockLive replaced three disconnected tools and one shared inbox with a single, custom Student Information System for a Canadian career college — a public Next.js course catalog, a student-facing enrolment + Stripe tuition portal, and a Django admin console for batches, courses, coupons, candidates, and document attachments. Net result: 100% of tuition collected online, 5x faster enrolment, and zero reconciliation spreadsheets.
Talk to the same team that built Building a HIPAA-Aligned Multi-Facility Patient Management SaaS for a US Senior-Care Group — Next.js + Django + PostgreSQL on AWS. We’ll scope your project, give you a fixed-price proposal, and show you the closest analog from our portfolio.
Book a strategy callUnlockLive IT Limited provides state-of-the-art software solutions to clients all over the world. We are a creative force with strategic alliances distributed around the globe
Copyright© UnlockLive .All right reserved 2008 - 2026