We built a modern, secure, and scalable healthcare management platform designed to address the complex operational needs of an occupational health practice. Built with enterprise-grade architecture and security-first principles, this platform demonstrates advanced .NET development practices, cloud-native deployment strategies, and comprehensive compliance frameworks.

🏥 Multi-tenant SaaS platform supporting unlimited healthcare organisations

🔒 Zero-trust security architecture with fine-grained authorisation

⚡ Modular Monolith architecture to allow for future scalability

🌐 Cloud-native deployment with Azure Container Apps

📊 Role-based access control and IAM using Keycloak

Our client approached us as they wanted to build a healthcare management platform that would allow them to streamline their clinical operations. They needed a solution that would seamlessly organise their clinical workflows, facilitate efficient referrals from their customers and enhance communication channels with their clients. Having recently secured several substantial contracts with large organisations they faced the critical challenge of scaling their operations to meet increased demand.

Our approach initially started with comprehensive system design to evaluate the scaling requirements and map out their existing clinical workflows. We worked closely with the client and our UI/UX designer initially designed high fidelity mockups in Figma

Over a period of four months we then built out the web application. We used .NET 9 for the Server, a popular engineering framework with which we had extensive experience and Blazor (a frontend framework similar to React) for the frontend. We adopted a modular monolith architecture to allow for the flexibility of building out new features but the simplicity of a monolith repository. Each business domain (CRM, Clinical, Scheduling, Billing, Metrics Dashboard, Authentication) is implemented as an independent module with strict layering: Domain entities define business rules, Application layers handle use cases through MediatR patterns, Infrastructure manages data persistence via Entity Framework Core with PostgreSQL, and Endpoints expose APIs through ASP.NET Core minimal APIs. We also built out sophisticated authorisation handlers that implement fine-grained, resource-based access control. For example, junior clinicians can only access patient data for referrals specifically assigned to them, whereas senior clinicians can review referrals assigned to them and also assigned to other clinical colleagues as they are required to have access for oversight.

We built the application as a cloud-native solution leveraging Microsoft Azure's serverless container platform through Azure Container Apps. The infrastructure follows a multi-tier deployment strategy with separate environments for development, staging, and production, each isolated through distinct resource groups and managed identities. We used a number of resources from Azure given that we deployed with container architecture. These included: Azure Container Registry for secure image storage,Azure Log Analytics for centralised logging and Azure Keyvault for secrets management. We deployed all resources behind a virtual network allocating subnets to the frontend, containers and databases respectively. Azure PostgreSQL Flexible Server provides the database backbone with automated backups, point-in-time recovery, and geo-redundant storage for disaster recovery scenarios.

The entire cloud infrastructure was defined and managed through Terraform, ensuring consistent, version-controlled, and reproducible deployments across all environments.

Given the highly sensitive nature of the data we were dealing with, we decided to implement multiple layers of protection specifically designed for healthcare data sensitivity and regulatory compliance. Identity and Access Management (IAM) was centralised through Keycloak integration, providing enterprise-grade OAuth 2.0/OIDC authentication We also implemented custom authorisation handlers that perform real-time, context-aware access control decisions evaluate resource ownership, tenant boundaries, and hierarchical permissions which allowed for multi-tenancy. Data encryption was also enforced at multiple levels: TLS 1.3 for all data in transit, Azure Storage encryption for data at rest, and application-level tokenisation for sensitive personally identifiable information (PII) to meet HIPAA requirements.

Our client ended up very pleased with the outcome. The application has now been deployed and is being used by the client in their daily workflow. Our agency has been retained for ongoing technical support and platform evolution, ensuring continued system reliability and security updates. This long-term partnership demonstrates client confidence in our technical capabilities and our commitment to delivering sustainable, enterprise-grade solutions that build significant enterprise value for the business.