Project 1

MedWorkForce.ai — Clinic ERP & Healthcare Workforce Platform

Buzfi Limited
An AI-oriented clinic ERP that unifies patient intake, staff credentials, role-based access, and day-to-day clinic operations into one secure platform — helping clinics cut front-desk friction, protect PHI, and run smarter from registration through care delivery.
Overview

Description

MedWorkForce.ai is a full-stack healthcare workforce and clinic operations platform built for modern medical practices. It bridges the gap between fragmented clinic tools — paper intake forms, ad-hoc staff spreadsheets, and disconnected admin panels — by providing a single digital environment for clinic admins, clinical staff, and patients.

The platform spans four coordinated applications: a NestJS API with PostgreSQL and dynamic CASL-based RBAC, a Next.js staff dashboard for users/roles/permissions and clinic workflows, a tokenized multi-step patient intake app (no patient login required), and a public marketing website. It is designed around USA healthcare data needs (NPI, DEA, licenses, insurance types, demographics, MRN) with HIPAA-minded audit and access patterns.

Core product surfaces include invitation-based staff onboarding, email verification and password recovery, admin-managed roles and permissions, rich workforce profile models (doctors, nurses, receptionists, insurers, patients), and an 8-step digital intake flow with draft saving, expiry tokens, insurance card uploads to object storage, and e-sign consent.

Key Features

For Clinic Admins / Super Admins

  • Create, invite, activate/deactivate, and manage clinic users
  • Dynamic role management (system + custom roles)
  • Database-driven CASL permissions (action + subject + optional conditions)
  • Assign roles and permissions with audit-friendly grant/revoke tracking
  • Invitation emails that let staff set passwords on first access
  • Admin dashboard with permission-gated navigation and access-denied UX

For Clinical Staff (Doctors, Nurses, Receptionists, Insurers)

  • Role-specific profile models (NPI, DEA, licenses, certifications, shifts, insurance company fields)
  • Secure cookie-based JWT auth shared across *.medworkforce.ai subdomains
  • Staff dashboard shell for future appointments, EMR, and patient management workflows
  • Email verification and password reset with rate limiting

For Patients

  • Magic-link / tokenized intake (no account required)
  • 8-step pre-visit form: personal info → contact → emergency contact → insurance → medical history → visit reason → lifestyle → review & consent
  • Draft save, token validation, and expiry countdown
  • Insurance card / document upload via DigitalOcean Spaces (presigned URLs)
  • Communication consents and e-sign / terms acceptance

Platform Features

  • Cross-subdomain authentication (staff UI + API on separate hosts)
  • Local HTTPS setup so Secure cookies work in development
  • Swagger/OpenAPI API documentation
  • SMTP transactional email (verification, invitation, password reset)
  • Multi-file Prisma schema for healthcare domain models
  • PM2 and GitHub Actions deploy pipeline to Hostinger (dev environment)
  • Marketing site positioning AI-assisted clinic automation and compliance-ready security

Problem Solved

MedWorkForce.ai addresses operational and compliance gaps that slow clinics down and put patient data at risk.

  • Fragmented Clinic Tools — Replaces scattered intake forms, spreadsheets, and admin panels with one coordinated platform
  • Front-Desk Paperwork — Moves registration and medical history collection to a digital, tokenized patient intake before the visit
  • Access Control Complexity — Lets admins define fine-grained permissions dynamically instead of hard-coding roles in the app
  • Staff Onboarding Friction — Invitation flow creates users without passwords and guides them through secure first-time setup
  • USA Healthcare Data Gaps — Models NPI/DEA, multi-state licenses, insurance subtypes, demographics, and patient–doctor relationships
  • PHI Handling Risk — Cookie JWT auth, RBAC at API and UI layers, activity-log schema, and tokenized intake without patient accounts
  • Cross-App Auth Pain — Shared cookie domain strategy across staff dashboard and API subdomains
  • Insurance Documentation — Captures coverage details and card images during intake, not at the front desk under time pressure
Technologies

Backend

  • NestJS 11
  • TypeScript
  • PostgreSQL
  • Prisma 7
  • Passport
  • JWT
  • CASL
  • Nodemailer
  • Swagger
  • OpenAPI
  • Helmet
  • CSRF
  • Redis
  • BullMQ
  • Winston

Frontend

  • Next.js 16
  • React 19
  • TypeScript
  • Tailwind CSS 4
  • Radix UI
  • TanStack Query
  • TanStack Table
  • Zustand
  • React Hook Form
  • Zod

Other

    Role And Contributions

    Role

    Full-stack development for Buzfi Limited on MedWorkForce.ai — NestJS API, staff dashboard, patient intake app, and marketing website.

    Contributions

    • Designed and implemented NestJS modular API with Prisma/PostgreSQL healthcare schemas
    • Built JWT + refresh-token auth in httpOnly Secure cookies with cross-subdomain sharing
    • Implemented dynamic CASL RBAC (permissions in DB, ability factory, frontend AbilityContext)
    • Built admin Users / Roles / Permissions CRUD with invitation and email verification flows
    • Built 8-step tokenized patient intake UX (RHF + Zod, draft persistence, Spaces uploads)
    • Set up local HTTPS for cookie-secure development and PM2/GitHub Actions deploy to Hostinger
    • Shipped marketing site for MedWorkForce.ai product positioning
    Challenges And Learnings

    Challenges

    1. Dynamic RBAC with CASL

    Challenge: Supporting admin-editable permissions (not hard-coded roles) while keeping API and UI authorization in sync for SUPER_ADMIN, ADMIN, and clinical roles.

    Solution: Stored CASL-compatible action + subject (+ optional conditions) in PostgreSQL; built per-request abilities from User → Role → Permission; mirrored abilities on the Next.js dashboard with @casl/react and permission-gated routes/nav.

    2. Cross-Subdomain Cookie Authentication

    Challenge: Staff UI (local.medworkforce.ai:3000) and API (local-api.medworkforce.ai:4000) needed shared auth without localStorage JWT leakage.

    Solution: Issued access + refresh tokens as httpOnly, Secure, SameSite=None cookies scoped to .medworkforce.ai; configured CORS and local HTTPS so Secure cookies work in development.

    3. Local HTTPS for Secure Cookies

    Challenge: Cookie Secure flags fail on plain HTTP, breaking local auth parity with production.

    Solution: Documented and automated local cert setup; Nest detects certs/ and serves HTTPS; Next.js uses --experimental-https against branded local hostnames.

    4. Invitation vs Email Verification Flows

    Challenge: Admins need to create staff accounts before the user has a password, without weakening auth.

    Solution: Passwordless invite with placeholder hash + requiresPasswordSetup; separate invitation and verification email templates; first-login path to set password and verify email.

    5. USA Healthcare Data Modeling

    Challenge: Capturing clinic workforce and patient data that matches real US practice needs (NPI, DEA, licenses, insurance subtypes, demographics, MRN) without a messy single table.

    Solution: Multi-file Prisma schema with role profile tables (Admin, Doctor, Nurse, Receptionist, Insurer, Patient), enums for clinical domains, and PatientDoctor relationship modeling.

    6. Tokenized PHI Intake Without Patient Accounts

    Challenge: Collecting sensitive pre-visit data securely without forcing patients to register, while supporting drafts, expiry, and file uploads.

    Solution: Expiring intake tokens, draft PATCH APIs, expiry countdown UI, admin-edit mode, and DigitalOcean Spaces presigned uploads for insurance cards.

    7. Permission-Gated Frontend UX

    Challenge: Hiding or blocking pages when a user’s abilities change, without confusing staff.

    Solution: Sidebar items and pages declare required permissions; ProtectedPage + Access Denied states; abilities loaded from /users/me/permissions.

    8. Multi-App Product Surface

    Challenge: Coordinating four independent apps (API, staff UI, intake, marketing) with shared branding and auth domains.

    Solution: Consistent medworkforce.ai host strategy, shared design language (Tailwind/Radix), and clear API contracts (Swagger + Bruno collections).

    9. HIPAA-Oriented Audit Readiness

    Challenge: Healthcare platforms need auditability even before full EMR features ship.

    Solution: ActivityLog / OTP / EmailVerification models and RBAC grant tracking designed into the schema early; security middleware (Helmet, CSRF, rate-limited password reset).

    10. Deploying Split Services Reliably

    Challenge: Backend and frontend need coordinated deploys with Prisma generate/build and process reloads.

    Solution: GitHub Actions on development → SSH to Hostinger → npm/prisma generate/build → PM2 reload for API and staff frontend.

    Learnings

    1. Full-Stack Healthcare Architecture

    • Plan role-specific profile tables early — clinical fields explode quickly if bolted onto a generic User model
    • Keep API, staff UI, and patient-facing apps separate when auth models differ (cookie staff vs tokenized intake)
    • Document local HTTPS and cookie domains as first-class setup, not afterthoughts

    2. Authorization Design

    • DB-driven CASL permissions scale better than enum-only roles once clients need custom access
    • Mirror authorization on the frontend for UX, but never trust the UI — enforce on every Nest guard
    • SUPER_ADMIN bypass is useful; audit who has it

    3. Auth Cookie Patterns

    • Cross-subdomain clinic products almost always need a shared parent cookie domain
    • Refresh-token JTI rotation / invalidation is essential for logout and compromise recovery
    • SameSite and Secure choices must match how you host local vs production

    4. Patient Intake UX

    • Multi-step forms need draft persistence or abandonment rates spike
    • Token expiry must be visible (countdown) and recoverable (admin re-issue)
    • Uploads should use short-lived presigned URLs — never proxy PHI files through the browser to your API body long-term

    5. Security in Healthcare Apps

    • Invitation flows are a common weak spot — treat password setup as a privileged transition
    • Rate-limit password reset and OTP-style endpoints from day one
    • Schema for audit logs early even if the UI ships later

    6. Prisma for Complex Domains

    • Split schema files improve maintainability for healthcare enums and role tables
    • Junction tables (PatientDoctor, RolePermission) keep relationships explicit
    • Migrations and prisma generate must be part of CI/deploy, not manual tribal knowledge

    7. Product vs Platform Maturity

    • Ship the hard platform pieces first (auth, RBAC, intake, data model) before mock dashboards become real EMR
    • Marketing claims (AI automation, billing, analytics) should track actual module readiness
    • Placeholder pages are fine if the permission and navigation architecture already supports them

    8. API Collaboration

    • Swagger + Bruno collections reduce friction between backend and frontend workstreams
    • Consistent DTO validation (class-validator / Zod) on both sides prevents silent contract drift

    9. Performance & Ops

    • PM2 process management + environment-specific start scripts keep Hostinger deploys predictable
    • Object storage CDN URLs matter for intake uploads on mobile networks
    • Cache/queue dependencies (Redis, BullMQ) should be wired when background email/jobs become load-bearing

    10. Business Logic for Clinics

    • Staff types are not just labels — licenses, credentialing status, and employment type drive real workflows
    • Insurance capture at intake saves front-desk time and reduces claim friction later
    • Consent and communication preferences belong in the data model, not only in copy
    Achievements

    Metrics

    Impact Highlights

    • Reduced front-desk registration time via pre-visit digital intake
    • Centralized staff access control with dynamic permissions
    • HIPAA-minded foundation (RBAC + audit schema + secure cookies)
    • Apps shipped: 4 (API, staff dashboard, intake, marketing)

    Testimonials

    Filling out my forms before the visit was so easy. I finished everything from home in about ten minutes, and the front desk already had my insurance and history ready when I arrived.

    Aisha Rahman

    Patient

    As a busy professional, I used to dread clinic paperwork. MedWorkForce let me complete intake on my phone between meetings — clear steps, no confusion, and my doctor had everything before I walked in.

    James Okonkwo

    Patient

    I completed the whole intake after school on my laptop. The steps were simple, and I didn’t have to rush through forms in the waiting room with my kids.

    Emily Torres

    Patient

    The tokenized intake and staff permission controls save our team real time every morning. I can focus on patients instead of chasing incomplete charts and missing insurance cards.

    Dr. Sarah Mitchell, MD

    Family Physician — Riverside Family Clinic

    Pre-visit digital intake cut our check-in line dramatically. Patients arrive prepared, and I spend more time on care and less time verifying allergies and medications by hand.

    Dr. Michael Chen, MD

    Internal Medicine — Summit Care Medical Group

    Technical Details

    Architecture

    MedWorkForce.ai is a multi-app full-stack platform with separate services for API, staff UI, patient intake, and marketing.

    Backend is a NestJS 11 application using TypeScript, Prisma 7, and PostgreSQL. It follows a modular architecture with Auth, Users, Roles, EmailVerification, CASL, Email, and Prisma modules. Authentication uses Passport strategies with JWT access tokens (short-lived) and refresh tokens (JTI-tracked) stored in httpOnly Secure cookies. Authorization is CASL-based: permissions live in the database and are composed into abilities per request. The data layer models six workforce/patient profile types, dynamic roles/permissions, patient–doctor relationships, email verification, OTP, and activity logs. Swagger documents the REST API; SMTP powers invitation, verification, and password-reset emails. Deployment targets Hostinger via GitHub Actions with PM2 process management; DigitalOcean Spaces is used for intake file uploads.

    Staff frontend is a Next.js 16 App Router application (React 19, Tailwind 4, Radix/shadcn) with TanStack Query for server state, Zustand for client state, and React Hook Form + Zod for forms. CASL React gates navigation and pages. Auth relies on cookie sessions against the API subdomain, with middleware/proxy patterns for public vs private routes and refresh handling.

    Patient intake is a separate Next.js 16 app focused on a public, tokenized 8-step form. It validates tokens, saves drafts, handles insurance uploads via presigned URLs, and submits completed intake without requiring a patient login.

    Marketing website is a Next.js 16 landing experience for MedWorkForce.ai (hero, about, why-choose-us), positioned around AI-assisted clinic ERP, automation, and secure compliant operations.

    Together, the architecture supports clinic staff lifecycle management (invite → verify → role assignment), fine-grained access control, and pre-visit patient data capture as the foundation for broader clinic ERP features (appointments, EMR, billing, analytics, AI assistance).

    Developed and Documented
    by @ahmedshamswali