TrustBridge Health

Posted on by Steven McDermott

Team Name

CuraSec Solutions

Timeline

Summer 2025 – Fall 2025

Students

  • Hindar Saifaden – Software Engineering
  • Arjun Parajuli – Computer Science
  • Oreolorun Akani – Computer Science
  • Krishala Chhetri – Computer Science

Abstract

TrustBridge Health is a secure telehealth web application focused on safer, easier virtual care for
patients and providers. The platform combines HIPAA-aligned authentication, role-based access
control, secure file sharing, and audit logging to protect sensitive health information. By delivering these
features as a cloud-hosted web app, TrustBridge Health enables clinics to adopt telehealth workflows
without managing complex infrastructure.

Background

Many clinics rely on insecure or fragmented tools for virtual care, exposing PHI and making remote
visits unreliable. TrustBridge Health addresses gaps in security, authentication, auditability, and
workflow consistency by implementing modern secure design principles, NIST-aligned identity
practices, and encrypted communication channels.

Project Requirements

  • Secure user registration/login with strong credentials and 2FA.
  • Role-based access control (RBAC) for patient, provider, and admin roles.
  • Support HIPAA-aligned video visits with low-latency call setup.
  • Encrypted document upload, download, and management.
  • End-to-end-aware file sharing using presigned URLs.
  • Audit logging for sensitive events (logins, file access, shares).
  • Meet performance targets for login, dashboard load, file transfer, and video join times.
  • Browser-based responsive UI with WCAG 2.1 accessibility.
  • Cloud-hosted SaaS deployment with no local installation required.
  • Modular architecture supporting maintainability and extension

Design Constraints

  • Cost: Limited budget requires using free/open-source tooling and cloud credits.
  • Schedule: Deliverables due by December 2025 affected scope decisions.
  • Legal/Public Health: Must comply with HIPAA for PHI handling.
  • Functionality: Architecture must support secure telehealth workflows modularly.
  • Usability/Accessibility: Must be simple for patients/providers; WCAG 2.1 guided UI.
  • Maintainability: Modular code structure to support future development.

Engineering Standards

  • HIPAA Security & Privacy Rules – U.S. HHS
  • NIST SP 800-63-3 Digital Identity Standards
  • OWASP Authentication and RBAC Security Guidelines
  • WCAG 2.1 Accessibility Standard
  • IEEE 829 & IEEE 1012 Software Test and Verification Standards
  • OSHA/NFPA/ANSI Lab Safety Standards (applies to Senior Design lab use)

System Overview

TrustBridge Health uses a three-layer architecture:

  • Data Layer: PostgreSQL database, S3-compatible encrypted object storage, audit logs.
  • Frontend: Next.js 15 App Router, Zod validation, ShadCN UI.
  • Backend API: NextAuth JWT authentication, RBAC middleware, Prisma ORM.

Results

By December 2025, the team delivered a functional prototype supporting secure authentication, RBAC
dashboards, encrypted file handling, and audit logging all deployed in a cloud environment.

Future Work

  • Integrate full HIPAA-grade video vendor.
  • Add appointment scheduling and reminders.
  • Extend MFA, account recovery, and administrative tools.
  • Add analytics dashboards and richer provider tooling.
  • Improve monitoring, alerts, and performance testing.

Project Files

Project Charter
System Requirements Specification
Architectural Design Specification
Detailed Design Specification
Poster
Closeout Materials

Steven McDermott

More Posts