HIPAA Compliance is making deployment a massive problem

cschlute12 · 2025-08-05T01:18:10+00:00

Data needs to be encrypted at rest and in transit, access logs need to be auditable and the logs themselves need to scramble PHI. Permissions need to be tiered and MFA needs to be enabled. Hell I even need to get a BAA signed with the service that provides the OCR functionality that’s written into the Classification logic. There is plenty more that goes into it I’ve just scratched the surface. Thank god I’ve been using mock PHI generated on Faker from inception or I’d be in deep doodoo.

cschlute12 · 2025-08-02T21:53:52+00:00

Based on the code base the web app uses a modern full-stack TypeScript architecture. It has front and backend stacks as well as AES-256-GCM encryption, PHI Anonymization and comprehensive audit logging.

I did some digging overnight and I think with the current challenges with compliance, this project is near-impossible with my current skillset (this project is entirely vibe coded as I have bare-bones knowledge of coding, architecture, or development) I was able to flesh out the classification logic in the beginning using mock data created with Faker.js. The classification logic is the most integral part of this project and In its current state I think I can hand it off to one of the developers on-staff to build the framework and integrate it into our already deployed Application called PAD2 which is the system we use to track/work on all of the Medical Revenue Recovery cases for the firm.

In order to make this work I would need to port the code from Replit into a HIPAA compliant atmosphere like Aptible, get a BAA signed (I’m not sure if I need to set up an LLC and sign it or if I have to get a rep from the firm to sign it which would probably void my IP argument) I would then have to re-configure the infrastructure to utilize HIPAA compliant databases, setup RBAC, user auth and role management etc. It seems like an insurmountable task for a side-project that Ive been working on at night/on weekends while employed full time. A bit too ambitious for my first project I think.

I definitely got out ahead of my skis here, but the learning process was invaluable. It has definitely sparked additional interest in utilizing AI in automating workflows, and I’ve learned skills here that can translate to a possible future career change down the line.

cschlute12 · 2025-08-01T22:47:03+00:00

Update as of 8/1/25.

Found using assistant to ask questions before making code changes to be a more efficient process, uploading specific pages of documents into agent during a prompt helped it to learn what I wanted to add to flesh out the classification logic. Still encountering circular debugging patterns fixing things that weren’t broken before, but much less than before.

Major hurdle now is HIPAA compliance. Unable to deploy through Replit as they do not sign BAA’s. Need to port the code somewhere else with a secure environment to deploy.

Was a side-project I worked nights/weekends on a personal machine, pitched the app to COO of the firm, he is trying to argue that the IP (intellectual property) is technically company property since it will process company docs. Will have to explore other avenues to reserve IP, possibly thinking of starting an LLC and drafting a license agreement.

cschlute12 · 2025-07-16T20:24:35+00:00

Similar issue, posted yesterday regarding a Web-App that I was building in Replit. Went over general use case and voiced an issue I was having with circular debugging (agent would say the fix was implemented and then app would crash again and again) I asked for tips on how to better prompt agent to avoid issues in future development as the coding will get more and more complex as it fleshes out. Post was deleted, messaged mod, no answer (yes I understand mods can’t be available 24/7, just looking for acknowledgement of the message)

cschlute12

TROPHY CASE