• Goal

Our client approached us with an ambition to disrupt the Dutch eHealth market. They wanted to offer an easier and less expensive way to build medical apps. The one that wouldn’t require building infrastructure and passing rigorous certification.

Their idea was to create a ready‑made certified foundation that already handled the heavy lifting. Thus, companies could focus on innovation instead of compliance.

• Our Solution

The first task was to turn that idea into a clear product concept. After several sessions with our client, we determined that it would be a white-label eHealth backend platform integrable with healthcare systems and devices.

Then we defined the core use cases, data flows, integration standards (openEHR, HL7 FHIR R4), and compliance obligations (ISO 27001, NEN 7510, MedMij, GDPR) the platform needed to meet. With all of this in mind, we designed the backend architecture.

To comply with ISO 27001 and NEN 7510, and to support MedMij’s trust‑framework obligations, we built enforced role‑based access control, encrypted data storage (in transit and at rest), centralized audit logging, and strict separation of environments. We also implemented detailed logging and monitoring to ensure every action could be traced — a requirement shared across all three frameworks.

GDPR obligations such as data minimization, consent tracking and the ability to anonymize or pseudonymize records were built directly into the data model and service layer.

Then we architectured integrations. For semantic interoperability, we implemented the openEHR standard, structuring clinical data using openEHR archetypes and templates. Thus, medical information remained consistent, meaningful, and vendor‑neutral.

For communication with external healthcare systems, we built a dedicated HL7 FHIR API layer. This allowed the platform to exchange data using standardized FHIR resources, making integrations with hospitals, labs, and third‑party systems like Google Fit and Apple Health predictable and compliant.

Once the core architecture was in place, we developed the platform’s unified API. It exposed all essential capabilities — identity management, medical record storage, device data ingestion, appointment workflows, and secure messaging.

We added validation layers to ensure that all incoming and outgoing data adhered to openEHR and FHIR specifications, preventing malformed or non‑compliant data from entering the system.

Finally, we delivered developer‑facing tools that made the platform accessible to our client’s customers. This included SDKs, sandbox environments, onboarding flows, and documentation explaining how to work with openEHR, FHIR, and the platform’s security model.

• Workflow

The development team operated fully remotely, following Agile methodology with structured sprints and bi-weekly demos to ensure continuous feedback and alignment. Transparent communication and progress tracking were maintained through Jira for task management and Slack for daily collaboration.