Join DHI's roundtable: Leveraging the Digital Era for your Mental Health Products
NOVEMBER 30
Online

Virtual Mental Health Support During Motherhood

Strategy
Development
Integrations & Interoperability
Smiling woman with her newborn baby in her arms seated on a couch at a home
a newborn baby holding an adult's hand

The Problem

When it comes to virtual care, protecting the patient's private health information (PHI) is a key issue. Seven Starling needed to revamp their platform and tech stack to guarantee HIPAA Compliance.

This process included ensuring every tool and third-party provider involved complied with HIPAA regulations.

The Solution

As a digital healthcare product development agency and advisor, we helped Seven Starling's team make tough decisions regarding their tech stack & integrations. We analyzed their current tech ecosystem, proposed alternatives, and made adjustments.

We worked side-by-side with Seven Starling's team to define a new tech stack and make the integrations with the systems. These integrations included an EHR, a medical billing platform, an appointment scheduling tool, a marketing platform, and a payment gateway.

We are still their tech partner today. Our technological teams are working hard to enhance the product's features and user interface.

screenshot of Seven Starling's platform showing the process of purchasing its services, from registration to coordination with the therapist.

Tools that needed the custom integration

Online Appointments Scheduling
Sends info
Customer Experience Automation
Sends info
Electronic Health Record
solution’s scope

We developed an API to integrate these different systems 
the client uses daily. We deployed the solution in a secure infrastructure and also helped the client to be HIPAA-compliant in their practices, development policies, and processes.

Info
exchange
Medical Billing Platform

For security, some of the main services used where:

Web Access Control Lists acting as firewalls.

Load balancing ensuring no direct access to the servers.

HTTPS required for connections with the load balancer.

Aggressive security rules for each resource disabling all traffic as default and only allowing required traffic, including preventing all ssh access to servers.

Isolated Virtual Private Clouds to segregate environments.

AWS Inspector to detect vulnerabilities in all docker images utilized.

Database-level encryption.

a laptop resting on a bed showing a video call with people of different ages
 woman dressed in a white shirt working on her personal computer, and to the side is a smartphone.

To ensure complete logging, monitoring and adaptability:

Application-level RFC5424 compliant logging streamed directly to cloudwatch

Server (nginx) specific logging also streamed to cloudwatch

Cloudwatch alarms from previous logs (such as non 2xx responses from the server, or any log with a level of NOTICE or higher) with SNS email notifications

Infrastructure monitoring, such as database and server CPU usage, or database storage, also with enabled notifications

Database daily backups

Datadog’s Cloud Workload Security to detect key signals of an intrusion, including, but not limited to: new shell spawned, file integrity monitoring, binaries executed (curl, netcat, dig, passwd)

Screenshot of Seven Starling app

Solution tech's specifics

We led tech decisions and helped with product development while working under Agile methodologies.

This process consisted of 2 steps:

First, delegate all PHI storage to external services that were already HIPAA compliant. While no PHI was stored in our servers, the PHI still went through them to set up the different integrations.

Second, ensure the system's security and audibility. The team fulfilled this requirement using several AWS features and other external services.

After successfully completing the initial scope and its implementation, we continue to collaborate with Seven Starling as their tech partner, actively improving the product and adding new features.

Results

A secure, private, and HIPAA-compliant platform that meets US law standards for safeguarding patient health data.

A new tech stack that took the app to the next level was defined and implemented.

Tech Stack

Laravel
Nginx
Docker
AWS
Datadog

Integrations

Healthie
Stripe
Active Campaign
Acuity Scheduling
Candid Health

“Light-it added valuable engineering capacity and expertise to our team. They were able to flexibly scale up and down with our needs and were valuable thought partners in our compliance journey. They always ask for the “why” behind technical decisions and help us find the most efficient, secure, and scalable solution for our objectives. I’d highly recommend Light-it to other startups and founders.”

Portrait of a middle-aged woman with a big smile, with brown hair

Sophia Richter

Co-Founder & Chief Product Officer

Explore other projects

Man typing on a laptop computer
Tinnitus blog post
Pair of hands donning medical gloves.
African-American doctor dressed in a white robe with a stethoscope hanging from his neck typing on his smartphone
Smiling woman with her newborn baby in her arms seated on a couch at a home
a gray-haired woman smiling and waving her hand at an iPad video call wearing Vizo Glasses in her living room at home
A female physician in a white robe standing in front of her patient, talking animatedly.
LET’S INNOVATE TOGETHER
Two web developers share a screenshot showing code for a digital health product

Get in touch

We are one message away from making an impact together.

Name*
Email *
Phone number *
Type of project *
E.g. End-to-end
Project details
Budget *
E.g. 20k - 50k
How did you hear about us? *
E.g. Social media
Thank you!
Your submission has been received!
Oops! Something went wrong while submitting the form.