Case Study: Custom Healthcare Software Solutions for Secure Patient Data Deidentification

A healthcare provider was looking for a solution that could help them share medical information within and outside their clinics without violating patients’ rights. The client operates across multiple clinical locations and is subject to strict data protection regulations such as HIPAA and regional data privacy laws.

• Delivery of tailored solutions for secure deidentification of patient data across multiple data sources
• Flexible extraction and masking logic configurable by non-technical users
• Encryption and masking algorithms designed to prevent reverse engineering
• Reusable deidentification templates for recurring data exchange tasks
• Streamlined compliance with HIPAA and internal data governance policies
• Built-in scheduler and template management for automation

The healthcare provider faced a challenge within their existing systems: how to share sensitive medical information while maintaining patient confidentiality. They needed to ensure that personal data such as names, addresses, date of birth, and phone numbers were deidentified to prevent any breach of privacy.

They required a solution that would enable internal teams and external collaborators to access medical datasets - such as lab results, treatment plans, treatment histories, or referral records - without exposing personally identifiable information (PII). This demanded not only a robust deidentification process but also an interface flexible enough to adapt to different data formats and user workflows.

• 1 Senior Backend Developer (.NET, data pipelines, encryption engine)
• 1 Senior Frontend Developer (Angular, UI/UX for rule creation and app development)
• 1 QA Engineer (automated testing with Karma & Jasmine)

To address this challenge, Softellar’s team developed a custom healthcare software solution - a deidentification tool that allowed the healthcare provider to deidentify patient data before sharing it within or outside their clinics. The solution was implemented in a flexible way so that users could specify what data sources to use, what fields to extract, how the data should be joined, what data should be encrypted or masked.

The solution used .NET for the backend and Angular for the frontend. The team also used a set of encryption algorithms and masking mechanisms.

Additionally, we implemented a template feature that allowed the healthcare provider to save deidentification rules and reuse them later for scheduled data extractions.

Customizable Deidentification Engine

The backend, developed in .NET and C#, included a rule-based engine capable of applying masking, tokenization, or encryption to selected fields based on configuration. Fields such as names, contact information, and dates were anonymized according to defined rules that meet HIPAA and GDPR standards.

Web-Based Configuration Interface

The frontend was built using Angular and TypeScript, offering healthcare professionals and administrators an intuitive interface for defining deidentification workflows. Through the interface, users could select data sources, specify field-level transformations, and preview masked results before executing the job.

Template and Scheduler Module

To support recurring data extraction tasks, the system included a reusable template engine. Users could define and save deidentification templates with specific field mappings and transformation rules, and then apply these templates to scheduled jobs or new datasets.

Security & Compliance Layer

Data masking and encryption logic adhered to security best practices, with support for AES-based encryption and configurable tokenization. Data never left the server without first being anonymized, and logs were maintained for traceability.

Containerized Deployment & Scalability

The entire system was packaged using Docker to support scalable deployments across multiple environments. PostgreSQL was used as the database layer to store templates, logs, and processing metadata.

Automated Testing and Quality Assurance

Karma and Jasmine were used to test Angular components, while backend logic was validated with unit and integration tests. CI pipelines ensured quality gates were met on every release.

Softellar followed a structured delivery process that balanced speed with compliance:

1. Discovery & Requirements Gathering
   Worked closely with client stakeholders to map PII fields across systems
   Identified key privacy constraints under HIPAA and internal policy
   Designed a modular architecture that could be adapted to new data formats
2. Proof-of-Concept Development
   Built a backend prototype to test masking strategies and field-level selectors
   Created UI wireframes for rule creation and result preview
3. MVP Delivery in Medical Software Development
   Developed the core engine and frontend configuration module
   Delivered a working version with manual rule input and preview
   Integrated template management
4. Enhancement Phase
   Added job scheduling, export options, and user access controls
   Implemented logging, audit trails, and additional encryption options
5. QA & Deployment
   Set up automated testing (unit/UI), Docker-based deployment, and CI
   Provided technical documentation and training for internal users

The new deidentification solution, a direct outcome of expert healthcare software development services, provided the Customer with a secure and efficient way to share medical information without violating patient privacy. The solution helped the provider to comply with data privacy regulations and reduce the risk of data breaches. As a result, the provider was able to improve the quality of patient care, streamline their data sharing process, and prepare clean datasets for potential use in patient engagement software.

Business Outcomes

• Enabled safe data sharing between clinics, external researchers, and for feeds to patient portals without risking PII exposure
• Reduced manual work and human error in anonymization processes
• Improved auditability and compliance with regional and national data privacy regulations
• Increased confidence among stakeholders in handling patient data securely, indirectly supporting higher patient satisfaction through trusted care

Technical Outcomes

• Successfully deployed a modular, scalable deidentification platform within 6 months
• Achieved field-level rule flexibility through UI-driven configuration
• Integrated encryption and masking pipelines into clinic IT and medical workflows
• Ensured 80%+ automated test coverage and stable CI/CD pipelines

Technologies powering our custom software and healthcare development services: .NET, C#, Docker, PostgreSQL, Angular, SASS/SCSS, Karma, Jasmine