Simulated Patient Portal
A 3-way medical portal system connecting Clinics, Laboratories, and Patients — built entirely on Azure cloud services.
Clinic
Register patients, create test orders, track results across the care journey.
Open Clinic Portal →Laboratory
Receive orders, process samples, score vial quality, and upload test results.
Open Lab Portal →Patient
View your orders and test results from a secure, personal patient portal.
Open Patient Portal →System Architecture
Three fully isolated portals, each with its own identity provider, frontend, and backend — connected only through a shared database.
Architecture & Security
Every layer is designed for isolation and zero-trust. No shared credentials, no shared backends, no shortcuts.
Separated Entra ID Tenants
Each portal operates under its own Microsoft Entra ID (CIAM) tenant. Credential compromise in one tenant cannot cascade to another. Staff and patient identities are completely isolated.
Separated SWA & Backends
Each portal has its own Azure Static Web App frontend paired with a dedicated Azure Functions (.NET 8) backend. No shared backend means no shared attack surface.
JWT Validation on Every Request
Every API call is validated against its tenant's OpenID Connect configuration. The backend verifies the JWT issuer, audience, and signature on every single request — no session cookies, no shortcuts.
Patient Onboarding Flow
How a patient goes from walk-in to portal access — securely and without shared secrets.
Patient Visits Clinic
Patient walks into the clinic, presents a government-issued ID, and provides their email address for registration.
Clinic Registers Patient
Clinic staff enters the patient’s name and email into the Clinic Portal. The backend calls Microsoft Graph API to create the patient’s account in the Patient Entra ID tenant.
Secure Password Auto-Generated
A cryptographically random password is generated server-side. Nobody knows it — not the clinic staff, not the system administrator. It exists only to satisfy Entra ID’s account creation requirement.
Welcome Email Sent
Azure Communication Services sends the patient a welcome email with their portal login and a password-reset link. The random password is never transmitted.
Patient Sets Own Password
On first login, the patient clicks the reset link and creates their own password. From this point, only the patient knows their credentials.
Patient Tracks Their Tests
After logging in, the patient sees a personal dashboard with real-time test tracking. Each test moves through stages: waiting for sample, sample received, processing, and results ready.
Privacy by Design
Patient data protection is architectural, not an afterthought.
No Personal Data in the Database
Neither the database nor the identity provider stores personal information beyond an email address. Cosmos DB holds only internal IDs, order references, and test results. Entra ID stores only the patient's email for authentication — no names, no addresses, nothing else. A breach of either system exposes no personally identifiable information.
Cross-Portal ID Isolation
The clinic sees its own patient ID. The laboratory sees only an internal lab-specific ID. Neither portal can see the other's identifier. Even the order that connects them uses a separate reference. A compromised lab cannot map results back to patient identities.
Tech Stack
Built with modern, production-grade Azure services and open-source frameworks.
Next.js 16
React framework with static export for Azure SWA
TypeScript
Type-safe development across all three portals
Tailwind CSS 4
Utility-first styling with custom brand tokens
MSAL React
Microsoft Authentication Library for Entra ID login
Azure Functions v4
.NET 8 isolated worker — serverless API endpoints
C# / .NET 8
Backend language with strong typing and async support
Microsoft Entra ID
3 separate CIAM tenants for clinic, lab, and patient
Microsoft Graph API
Programmatic user provisioning and management
Cosmos DB (MongoDB)
Globally distributed NoSQL for orders and results
Azure Static Web Apps
3 separate SWAs with GitHub Actions CI/CD
Azure Communication Services
Transactional emails for patient invitations
GitHub Actions
Automated build and deploy on every push to main