Daniel Ellis

Appearance

MaxWell Clinic

HIPAA-compliant EMR integrations for a Nashville healthcare clinic

Designed and built HIPAA-compliant integrations around the clinic’s electronic medical record, replacing manual workflows with reliable serverless automation.

HIPAA-Grade Clinical Automation

HIPAA-compliant infrastructure supporting real clinical operations

Overview

The clinic relied on manual processes around its EMR for onboarding, follow-ups, and patient communication. Staff were repeatedly checking record states, sending reminders, and coordinating next steps.

I worked directly with management to turn these bottlenecks into automated workflows built on the EMR’s webhook and API capabilities.

What Was Built

  • Webhook-driven integrations reacting to EMR events
  • Automated patient onboarding to reduce front-desk workload
  • Reminder workflows for incomplete pre-appointment tasks
  • Status-based triggers to drive next-step actions
  • Patient notifications for labs, messages, and updates
  • Scheduled checks to catch incomplete workflows before appointments
  • Serverless infrastructure with full infrastructure as code

In total, five core workflows replaced repeated manual follow-up.

Key Decisions

Serverless architecture

Chose serverless functions and managed infrastructure to minimize operational overhead. The system could deploy cleanly, run without ongoing maintenance, and be handed off easily.

Compliance as a constraint

Designed the system around HIPAA requirements from the start.

  • Wrote compliance documentation
  • Performed technical risk assessment responsibilities
  • Managed access and reviewed systems for vulnerabilities
  • Ensured appropriate handling and storage of protected health information

Working within a legacy EMR

Built around the constraints of an existing EMR.

Mapped clinic needs to what the webhook system and API could support, avoiding additional manual work.

Engineering Approach

  • Event-driven and scheduled workflows using serverless functions
  • Managed databases to reduce operational risk
  • Infrastructure as code for reproducibility and handoff
  • Clear system documentation for maintainability
  • Production ownership, including security and access management

The system was designed to run reliably in the background.

Role

  • Sole developer
  • Owned architecture, implementation, deployment, and maintenance
  • Worked directly with management to define workflows
  • Translated operational problems into working systems
  • Led technical implementation of HIPAA-compliant decisions

Result

Replaced several manual clinic processes with automation, saving tens of staff hours per week.

Delivered a stable, compliant operational layer around the EMR that could be handed off and maintained without ongoing engineering overhead.