BookedMD — United States
Doctor Appointment Booking Platform for BookedMD
- HIPAA-aware, BAA-covered
- Architecture
- Product pod + cloud SRE
- Team
- Laravel · React · PostgreSQL · AWS
- Tech stack
- Live in production
- Status
Project details
The Challenge
BookedMD is a US-based platform letting patients discover healthcare providers and book appointments online. The problem it addresses is well-trodden but stubborn: most provider scheduling still happens by phone, most providers run on calendar systems that don't naturally expose availability, and most patients want to book the way they book a restaurant. The product surface has to make that simple on the patient side while not asking providers to throw away the scheduling tools they already run their practice on.
The brief was the full product: a patient-facing discovery and booking flow, a provider-facing scheduling and patient-management surface, and the calendar integrations to make the two halves stay in sync without double-bookings. All of it built with HIPAA-aware architectural choices, since even basic appointment data carries protected health information.
Our Approach
We led the platform build end-to-end — product discovery, architecture, implementation, and the cloud foundation underneath. The defining product call was that provider availability is owned by the provider, not by the platform. The platform reads availability, holds appointments, and writes back; it does not try to replace the provider's existing scheduling software. That decision is what made BookedMD adoptable by providers who would otherwise have refused to migrate.
Architecture:
- Patient front end — provider search, filtering by specialty / location / insurance, real-time availability rendering, and a booking flow tuned for completion on mobile.
- Provider workspace — appointment list, patient detail with the minimum necessary PHI, availability override controls, and patient communication tooling.
- Calendar integration layer — bidirectional sync with provider calendar systems, with conflict detection and a deterministic resolution policy so the patient and provider never see different truths.
- HIPAA-aware foundation — encryption at rest and in transit, audit logging on every PHI access, role-based scopes on what each user type can see, BAA-covered cloud services, and a deliberate minimisation policy on what data the platform stores in the first place.
For the HIPAA-aware architecture: we made a conscious choice not to be flashy. The platform stores the least data needed to operate the booking flow, encrypts what it does store, logs every access, and treats PHI handling as a first-class architectural concern rather than a feature added later. This shows up in small decisions — what notifications can include, how search indexes are structured, what the provider sees in their dashboard — that add up to a credible posture for a healthcare product.
Stack: Laravel · PHP 8 · React · PostgreSQL · AWS, deployed under a BAA, with observability and incident-response tooling configured for a production healthcare workload.
The Outcome
The platform is live, with patients booking appointments and providers managing their schedules through the BookedMD surface. The architectural choices on the provider integration side mean that signing up a new provider does not require them to abandon the calendar they already use, which has been the unlock for adoption on the supply side.
Our pod continues to work on the platform — extending integrations, evolving the patient experience, and operating the cloud foundation alongside BookedMD's team. The engagement is the kind that compounds: each integration the team ships becomes part of the platform's moat.
Capabilities used
Services that powered this project
Next project
Confidential — Private Shipping Group, Netherlands