Business Aspect
Our team began by thoroughly analyzing the business and market requirements essential for TopDoc. We involved the client in workshops to assess needs, clarify priorities, and define the project scope, ensuring alignment on objectives. A primary challenge was to reduce visit times by automating manual tasks, making the experience smoother and more efficient for doctors and patients. This allows doctors to spend more time on patient care and provide better service in less time.
To achieve this, we explored AI solutions and selected Nabla, a leading ambient AI assistant. Nabla met our criteria by reducing documentation time from an average of 16 minutes per patient visit to less than a minute, freeing doctors to engage more with patients. By utilizing the SOAP format, Nabla standardizes and enhances communication between doctors and patients, ensuring accurate and understandable documentation. With reduced administrative burdens, doctors can spend more time with patients, leading to higher satisfaction and improved care outcomes. Nabla is also SOC2-certified and HIPAA-compliant, ensuring secure handling of patient data in line with regulatory standards.
Based on insights from the Nabla team, we developed an implementation architecture that significantly reduced setup time. We also defined the structure of post-visit notes, detailing action items and next steps for doctors.
Technology Implementation: Flutter, Python and Nabla
We leveraged Python and Flutter technologies to efficiently address development needs and ensure seamless integration with providers like Nabla. Python was chosen for its robust support from third-party providers and its capability to develop end-to-end solutions that integrate various systems and platforms. Additionally, Python offers many libraries and frameworks tailored for data processing and AI. Flutter was the clear choice for creating a cross-platform application that supports both mobile and web platforms.
Nabla’s API enables the quick generation of structured clinical notes from patient visit transcripts. For typical 10-minute encounters, Nabla’s API generates notes in about 20 to 40 seconds. The first challenge was to reduce this time since doctors needed to sum up the visit while the patient was still present. We implemented a system that generates notes every few minutes during the encounter, reducing the generation time to under 10 seconds. This approach ensures doctors can promptly summarize visits while patients are still in the office.
To maintain a high level of user experience despite network interruptions, we used a WebSocket API to stream audio chunks directly from the mobile app to Nabla API, along with a buffering mechanism to handle network interruptions. This ensures the app sends buffered data at the fastest possible rate once the network is restored. Nabla also offers the flexibility of synchronous HTTP calls or asynchronous webhook callbacks, which prevent blocking calls and improve resilience to network issues. To enhance the results, we utilize data from patients’ health profiles and medical histories obtained from the EHR system, ensuring a cohesive and comprehensive solution.
Safeguarding Patient Data and Ensuring Compliance
Security is paramount in any digital solution, especially for patients’ data in healthcare. To ensure the platform’s safety for both patients and doctors, we implemented a range of robust security measures. While AI agents can raise data security concerns, our integration with Nabla offers a smooth and secure approach.
Nabla de-identifies all protected health information (PHI) during note generation. It operates statelessly, meaning it does not store any data we send; it processes the data and returns the output generated by its algorithms. All data is securely stored on our end, giving us complete control. Nabla holds SOC2 certification and is HIPAA-compliant. Their services fully adhere to HIPAA regulations for business associates, following the HIPAA Security Rule through stringent administrative, technical, and physical safeguards. This includes policies managing workforce access and advanced technologies to control ePHI access, ensuring their physical infrastructure is protected from potential threats.
The TopDoc platform is deployed on AWS, utilizing Docker containers for application components to enable easy horizontal scaling. This setup simplifies deployments and ensures the application can handle increased loads by adding more container instances. For security and traffic control, we use AWS Web Application Firewall (WAF) and Security Groups. The WAF protects against common web exploits, while Security Groups act as virtual firewalls, controlling inbound and outbound traffic. Our infrastructure is hosted within an AWS Virtual Private Cloud (VPC), providing isolation and security through a private network. The VPC segments the network into subnets, ensuring sensitive data remains secure and internal communication is isolated from external threats.
We further enhance security with AWS CloudTrail, providing comprehensive logging of account activity and API usage. For authentication, we implement YubiKey for two-factor authentication (2FA), adding an extra layer of protection against unauthorized access.