Overview
Description
MedWorkForce.ai is a full-stack healthcare workforce and clinic operations platform built for modern medical practices. It bridges the gap between fragmented clinic tools — paper intake forms, ad-hoc staff spreadsheets, and disconnected admin panels — by providing a single digital environment for clinic admins, clinical staff, and patients.
The platform spans four coordinated applications: a NestJS API with PostgreSQL and dynamic CASL-based RBAC, a Next.js staff dashboard for users/roles/permissions and clinic workflows, a tokenized multi-step patient intake app (no patient login required), and a public marketing website. It is designed around USA healthcare data needs (NPI, DEA, licenses, insurance types, demographics, MRN) with HIPAA-minded audit and access patterns.
Core product surfaces include invitation-based staff onboarding, email verification and password recovery, admin-managed roles and permissions, rich workforce profile models (doctors, nurses, receptionists, insurers, patients), and an 8-step digital intake flow with draft saving, expiry tokens, insurance card uploads to object storage, and e-sign consent.
Key Features
For Clinic Admins / Super Admins
- Create, invite, activate/deactivate, and manage clinic users
- Dynamic role management (system + custom roles)
- Database-driven CASL permissions (action + subject + optional conditions)
- Assign roles and permissions with audit-friendly grant/revoke tracking
- Invitation emails that let staff set passwords on first access
- Admin dashboard with permission-gated navigation and access-denied UX
For Clinical Staff (Doctors, Nurses, Receptionists, Insurers)
- Role-specific profile models (NPI, DEA, licenses, certifications, shifts, insurance company fields)
- Secure cookie-based JWT auth shared across *.medworkforce.ai subdomains
- Staff dashboard shell for future appointments, EMR, and patient management workflows
- Email verification and password reset with rate limiting
For Patients
- Magic-link / tokenized intake (no account required)
- 8-step pre-visit form: personal info → contact → emergency contact → insurance → medical history → visit reason → lifestyle → review & consent
- Draft save, token validation, and expiry countdown
- Insurance card / document upload via DigitalOcean Spaces (presigned URLs)
- Communication consents and e-sign / terms acceptance
Platform Features
- Cross-subdomain authentication (staff UI + API on separate hosts)
- Local HTTPS setup so Secure cookies work in development
- Swagger/OpenAPI API documentation
- SMTP transactional email (verification, invitation, password reset)
- Multi-file Prisma schema for healthcare domain models
- PM2 and GitHub Actions deploy pipeline to Hostinger (dev environment)
- Marketing site positioning AI-assisted clinic automation and compliance-ready security
Problem Solved
MedWorkForce.ai addresses operational and compliance gaps that slow clinics down and put patient data at risk.
- Fragmented Clinic Tools — Replaces scattered intake forms, spreadsheets, and admin panels with one coordinated platform
- Front-Desk Paperwork — Moves registration and medical history collection to a digital, tokenized patient intake before the visit
- Access Control Complexity — Lets admins define fine-grained permissions dynamically instead of hard-coding roles in the app
- Staff Onboarding Friction — Invitation flow creates users without passwords and guides them through secure first-time setup
- USA Healthcare Data Gaps — Models NPI/DEA, multi-state licenses, insurance subtypes, demographics, and patient–doctor relationships
- PHI Handling Risk — Cookie JWT auth, RBAC at API and UI layers, activity-log schema, and tokenized intake without patient accounts
- Cross-App Auth Pain — Shared cookie domain strategy across staff dashboard and API subdomains
- Insurance Documentation — Captures coverage details and card images during intake, not at the front desk under time pressure
Technologies
Backend
- NestJS 11
- TypeScript
- PostgreSQL
- Prisma 7
- Passport
- JWT
- CASL
- Nodemailer
- Swagger
- OpenAPI
- Helmet
- CSRF
- Redis
- BullMQ
- Winston
Frontend
- Next.js 16
- React 19
- TypeScript
- Tailwind CSS 4
- Radix UI
- TanStack Query
- TanStack Table
- Zustand
- React Hook Form
- Zod
Other
Role And Contributions
Role
Full-stack development for Buzfi Limited on MedWorkForce.ai — NestJS API, staff dashboard, patient intake app, and marketing website.
Contributions
- Designed and implemented NestJS modular API with Prisma/PostgreSQL healthcare schemas
- Built JWT + refresh-token auth in httpOnly Secure cookies with cross-subdomain sharing
- Implemented dynamic CASL RBAC (permissions in DB, ability factory, frontend AbilityContext)
- Built admin Users / Roles / Permissions CRUD with invitation and email verification flows
- Built 8-step tokenized patient intake UX (RHF + Zod, draft persistence, Spaces uploads)
- Set up local HTTPS for cookie-secure development and PM2/GitHub Actions deploy to Hostinger
- Shipped marketing site for MedWorkForce.ai product positioning
Challenges And Learnings
Challenges
1. Dynamic RBAC with CASL
Challenge: Supporting admin-editable permissions (not hard-coded roles) while keeping API and UI authorization in sync for SUPER_ADMIN, ADMIN, and clinical roles.
Solution: Stored CASL-compatible action + subject (+ optional conditions) in PostgreSQL; built per-request abilities from User → Role → Permission; mirrored abilities on the Next.js dashboard with @casl/react and permission-gated routes/nav.
2. Cross-Subdomain Cookie Authentication
Challenge: Staff UI (local.medworkforce.ai:3000) and API (local-api.medworkforce.ai:4000) needed shared auth without localStorage JWT leakage.
Solution: Issued access + refresh tokens as httpOnly, Secure, SameSite=None cookies scoped to .medworkforce.ai; configured CORS and local HTTPS so Secure cookies work in development.
3. Local HTTPS for Secure Cookies
Challenge: Cookie Secure flags fail on plain HTTP, breaking local auth parity with production.
Solution: Documented and automated local cert setup; Nest detects certs/ and serves HTTPS; Next.js uses --experimental-https against branded local hostnames.
4. Invitation vs Email Verification Flows
Challenge: Admins need to create staff accounts before the user has a password, without weakening auth.
Solution: Passwordless invite with placeholder hash + requiresPasswordSetup; separate invitation and verification email templates; first-login path to set password and verify email.
5. USA Healthcare Data Modeling
Challenge: Capturing clinic workforce and patient data that matches real US practice needs (NPI, DEA, licenses, insurance subtypes, demographics, MRN) without a messy single table.
Solution: Multi-file Prisma schema with role profile tables (Admin, Doctor, Nurse, Receptionist, Insurer, Patient), enums for clinical domains, and PatientDoctor relationship modeling.
6. Tokenized PHI Intake Without Patient Accounts
Challenge: Collecting sensitive pre-visit data securely without forcing patients to register, while supporting drafts, expiry, and file uploads.
Solution: Expiring intake tokens, draft PATCH APIs, expiry countdown UI, admin-edit mode, and DigitalOcean Spaces presigned uploads for insurance cards.
7. Permission-Gated Frontend UX
Challenge: Hiding or blocking pages when a user’s abilities change, without confusing staff.
Solution: Sidebar items and pages declare required permissions; ProtectedPage + Access Denied states; abilities loaded from /users/me/permissions.
8. Multi-App Product Surface
Challenge: Coordinating four independent apps (API, staff UI, intake, marketing) with shared branding and auth domains.
Solution: Consistent medworkforce.ai host strategy, shared design language (Tailwind/Radix), and clear API contracts (Swagger + Bruno collections).
9. HIPAA-Oriented Audit Readiness
Challenge: Healthcare platforms need auditability even before full EMR features ship.
Solution: ActivityLog / OTP / EmailVerification models and RBAC grant tracking designed into the schema early; security middleware (Helmet, CSRF, rate-limited password reset).
10. Deploying Split Services Reliably
Challenge: Backend and frontend need coordinated deploys with Prisma generate/build and process reloads.
Solution: GitHub Actions on development → SSH to Hostinger → npm/prisma generate/build → PM2 reload for API and staff frontend.
Learnings
1. Full-Stack Healthcare Architecture
- Plan role-specific profile tables early — clinical fields explode quickly if bolted onto a generic User model
- Keep API, staff UI, and patient-facing apps separate when auth models differ (cookie staff vs tokenized intake)
- Document local HTTPS and cookie domains as first-class setup, not afterthoughts
2. Authorization Design
- DB-driven CASL permissions scale better than enum-only roles once clients need custom access
- Mirror authorization on the frontend for UX, but never trust the UI — enforce on every Nest guard
- SUPER_ADMIN bypass is useful; audit who has it
3. Auth Cookie Patterns
- Cross-subdomain clinic products almost always need a shared parent cookie domain
- Refresh-token JTI rotation / invalidation is essential for logout and compromise recovery
- SameSite and Secure choices must match how you host local vs production
4. Patient Intake UX
- Multi-step forms need draft persistence or abandonment rates spike
- Token expiry must be visible (countdown) and recoverable (admin re-issue)
- Uploads should use short-lived presigned URLs — never proxy PHI files through the browser to your API body long-term
5. Security in Healthcare Apps
- Invitation flows are a common weak spot — treat password setup as a privileged transition
- Rate-limit password reset and OTP-style endpoints from day one
- Schema for audit logs early even if the UI ships later
6. Prisma for Complex Domains
- Split schema files improve maintainability for healthcare enums and role tables
- Junction tables (PatientDoctor, RolePermission) keep relationships explicit
- Migrations and prisma generate must be part of CI/deploy, not manual tribal knowledge
7. Product vs Platform Maturity
- Ship the hard platform pieces first (auth, RBAC, intake, data model) before mock dashboards become real EMR
- Marketing claims (AI automation, billing, analytics) should track actual module readiness
- Placeholder pages are fine if the permission and navigation architecture already supports them
8. API Collaboration
- Swagger + Bruno collections reduce friction between backend and frontend workstreams
- Consistent DTO validation (class-validator / Zod) on both sides prevents silent contract drift
9. Performance & Ops
- PM2 process management + environment-specific start scripts keep Hostinger deploys predictable
- Object storage CDN URLs matter for intake uploads on mobile networks
- Cache/queue dependencies (Redis, BullMQ) should be wired when background email/jobs become load-bearing
10. Business Logic for Clinics
- Staff types are not just labels — licenses, credentialing status, and employment type drive real workflows
- Insurance capture at intake saves front-desk time and reduces claim friction later
- Consent and communication preferences belong in the data model, not only in copy
Achievements
Metrics
Impact Highlights
- Reduced front-desk registration time via pre-visit digital intake
- Centralized staff access control with dynamic permissions
- HIPAA-minded foundation (RBAC + audit schema + secure cookies)
- Apps shipped: 4 (API, staff dashboard, intake, marketing)
Testimonials
Filling out my forms before the visit was so easy. I finished everything from home in about ten minutes, and the front desk already had my insurance and history ready when I arrived.
Aisha Rahman
Patient
As a busy professional, I used to dread clinic paperwork. MedWorkForce let me complete intake on my phone between meetings — clear steps, no confusion, and my doctor had everything before I walked in.
James Okonkwo
Patient
I completed the whole intake after school on my laptop. The steps were simple, and I didn’t have to rush through forms in the waiting room with my kids.
Emily Torres
Patient
The tokenized intake and staff permission controls save our team real time every morning. I can focus on patients instead of chasing incomplete charts and missing insurance cards.
Dr. Sarah Mitchell, MD
Family Physician — Riverside Family Clinic
Pre-visit digital intake cut our check-in line dramatically. Patients arrive prepared, and I spend more time on care and less time verifying allergies and medications by hand.
Dr. Michael Chen, MD
Internal Medicine — Summit Care Medical Group
Technical Details
Architecture
MedWorkForce.ai is a multi-app full-stack platform with separate services for API, staff UI, patient intake, and marketing.
Backend is a NestJS 11 application using TypeScript, Prisma 7, and PostgreSQL. It follows a modular architecture with Auth, Users, Roles, EmailVerification, CASL, Email, and Prisma modules. Authentication uses Passport strategies with JWT access tokens (short-lived) and refresh tokens (JTI-tracked) stored in httpOnly Secure cookies. Authorization is CASL-based: permissions live in the database and are composed into abilities per request. The data layer models six workforce/patient profile types, dynamic roles/permissions, patient–doctor relationships, email verification, OTP, and activity logs. Swagger documents the REST API; SMTP powers invitation, verification, and password-reset emails. Deployment targets Hostinger via GitHub Actions with PM2 process management; DigitalOcean Spaces is used for intake file uploads.
Staff frontend is a Next.js 16 App Router application (React 19, Tailwind 4, Radix/shadcn) with TanStack Query for server state, Zustand for client state, and React Hook Form + Zod for forms. CASL React gates navigation and pages. Auth relies on cookie sessions against the API subdomain, with middleware/proxy patterns for public vs private routes and refresh handling.
Patient intake is a separate Next.js 16 app focused on a public, tokenized 8-step form. It validates tokens, saves drafts, handles insurance uploads via presigned URLs, and submits completed intake without requiring a patient login.
Marketing website is a Next.js 16 landing experience for MedWorkForce.ai (hero, about, why-choose-us), positioned around AI-assisted clinic ERP, automation, and secure compliant operations.
Together, the architecture supports clinic staff lifecycle management (invite → verify → role assignment), fine-grained access control, and pre-visit patient data capture as the foundation for broader clinic ERP features (appointments, EMR, billing, analytics, AI assistance).
Links
Developed and Documented
by @ahmedshamswali
