Admit
Receptionist registers the patient with a minimal admission master — ID, names, birth date, DANE location, contact — validated against official catalogs.
Compliance-First Dental EHR
Compliance-first dental EHR for Colombia — immutable clinical folios, certified digital signatures, FHIR RDA to MinSalud, and production-grade AWS infrastructure.
Product demo
Problem
Many dental practices still rely on paper records or systems that fail electronic health record, data protection, and national interoperability requirements.
The compliance gap
Regulatory risk is existential for clinic owners — not an IT nice-to-have.
Fines can reach 2,000 SMLMV. Health authorities can suspend or close operations. The IHCE integration deadline via FHIR RDA (Resolution 1888/2025) has already passed for clinics still on paper or non-compliant software.
The product challenge was not building another clinic admin panel. It was encoding Colombian law into software: append-only records, traceable corrections, certified signatures, immutable audit trails, official catalogs, and government interoperability.
Solution
The platform enforces Colombian health and data-protection law at every step: admit, consent, document, sign, interoperate, audit, retain, and deliver.
Admit
Receptionist registers the patient with a minimal admission master — ID, names, birth date, DANE location, contact — validated against official catalogs.
Consent
Patient grants informed consent in-clinic on tablet. Staff acts as witness. No clinical folio can open without valid data-treatment consent.
Folio
Dentist opens a draft folio: clinical sections, CUPS treatment plan, and FDI odontogram. Draft persisted as encrypted JSON until signed.
Interoperate
On certified signature, the platform builds an RDA FHIR bundle, submits to IHCE, stores the VIDA, and logs the full audit trail.
Capabilities behind the journey
Signed records are never modified. Corrections are new folios referencing the original — legally defensible and audit-ready.
Treating professionals sign with Colombian CA tokens (PKCS#7/CAdES). Server verifies chain, revocation, and identity before closing a record.
Patients sign on tablet with staff witness. HMAC-sealed signatures with full audit trail — no paper, no lost authorizations.
Every signed visit generates a BundleAmbulatoryRDA and submits to MinSalud IHCE. VIDA acknowledgment stored as proof of acceptance.
CIE-10, CUPS, CUM, CIUO, ISO 3166, and DANE are first-class reference data — not free-text where the law requires a catalog.
Every read, write, export, and correction on clinical data is logged with user, action, entity, before/after values, IP, and timestamp.
Impact
The platform is built around measurable compliance KPIs that determine whether a clinic can keep its license to operate.
01 - Risk
Paper records and non-compliant systems expose clinics to fines up to 2,000 SMLMV, suspension, and closure by health authorities.
02 - Intervention
Law encoded into software: append-only folios, certified signatures, FHIR RDA automation, and immutable audit evidence.
03 - Outcome
A real dental clinic operates on production AWS infrastructure with electronic health records that satisfy Colombian interoperability and data-protection requirements.
Compliance & delivery KPIs
100%
Certified signatures
Target: every closed clinical record carries a valid certified digital signature from the treating professional.
≥ 99%
RDA / VIDA acceptance
Target: signed visits with RDA submitted and VIDA received, allowing for transient MinSalud failures with retries.
100%
Consent before care
Target: valid informed consent captured before any clinical folio can be opened.
Healthcare CRUD is not enough
The platform reframes clinic software from an admin panel into a regulatory compliance system that happens to manage patients.
Architecture
Stack, security, clinical workflows, data model, cloud infrastructure on AWS, and the CI/CD deployment pipeline.
Staff actions flow through Next.js, FastAPI, PostgreSQL, and Celery workers — with every sensitive operation audited and RDA submission decoupled via transactional outbox.
| Layer | Role | Stack |
|---|---|---|
| Staff UI | Clinical folios, odontogram, consent tablet, compliance dashboard. | Next.js · React |
| FastAPI | RBAC, use cases, signature verification, OpenAPI contracts. | FastAPI · Python |
| PostgreSQL | Clinical records, audit logs, catalogs, outbox events. | PostgreSQL · pgcrypto |
| Celery | RDA submission, retention classifier, outbox dispatch. | Celery · Redis |
| Amazon S3 | Radiographs, consent images, and FHIR bundle archives in production. | S3 |
| AWS Production | EC2 hosts Docker Compose stack; RDS for PostgreSQL; ECR for images; IAM roles for S3 access. | EC2 · RDS · ECR |
| MinSalud IHCE | FHIR RDA submission and VIDA acknowledgment. | FHIR R4 · OAuth2 |
Decisions
Lessons
What is worth carrying into the next regulated product.
What deserves another iteration.
What changed my engineering judgment.
Next step
Explore the repository or reach out if you want to talk through append-only clinical records, FHIR interoperability, or regulated full-stack design.