Dr. RCL
We built Dr. RCL, the digital clinical record system for a plastic surgery practice, and shipped it to production on its own server (drrcl.com.mx). We took a practice that lived across Excel, Word, Drive, Calendar and Notion and moved it onto a single platform where the patient, their record, their post-op photos, their appointments and their files are all connected and every action is logged. The hard part wasn't the screen, it was the compliance: medical data is sensitive personal data under Mexican law, so we designed an audit log that nobody can alter, not even the admin, with 5-year retention, and a versioned template engine that lets the doctor change the record's format without breaking already-signed records, exactly as NOM-004 demands. The proof is in the code: 11 data models, 34 API routes, 14 pages and 92 components, 4-role access control verified server-side, medical files in object storage with URLs that expire in minutes plus DICOM support, all deployed in containers over hardened HTTPS. We built it end to end: data model, API, interface, security and infrastructure.
Category
Healthcare
Stack
Next.js, React, TypeScript
The problem
The practice ran its medical records spread across Excel, Word, Google Drive, Google Calendar and Notion. The problem wasn't in any single tool, it was between them: a patient lived in a spreadsheet, their record in a loose document, their photos in an unowned folder and their appointments in yet another calendar, with nothing tying them together and no trace of who touched what. For medical data, which Mexican law classifies as sensitive personal data, that fragmentation is also a compliance risk: with no standard format, no access control and no audit trail, there is no way to prove compliance with NOM-004 or LFPDPPP.
What we built
- —Patient directory with automatic age and BMI calculation, free tags, search and a tabbed detail view (records, follow-ups, appointments, files).
- —Clinical records built on versioned templates: a visual editor defines sections and fields of 8 types and the form renders dynamically; editing a template creates a new version while existing records keep theirs (the structural immutability NOM-004 requires).
- —Post-operative evolution notes with unlimited entries of 4 types (free text, checkable lists, captioned images, documents), each linked to a patient and a record.
- —Calendar with 3 views (month/week/day) and 8 appointment types (surgery, virtual, pre-op, post-op, Botox/AH, etc.), each with a configurable color and tied to patient and record.
- —Medical file management on S3 with a contact > record > follow-up hierarchy, presigned URLs that expire in 5 min (upload) and 15 min (download), a 50 MB cap and DICOM support for medical imaging.
- —Immutable audit log: records user, IP, device, browser, OS and approximate geolocation for every action; nobody, not even the admin, can edit or delete it; minimum 5-year retention per LFPDPPP.
- —Role-based access control (ADMIN, DOCTOR, NURSE, RECEPTION) on a least-privilege model, enforced in middleware and re-verified server-side on every API route.
- —PDF export for records, follow-ups, appointments and the patient directory; plus full-record export as a ZIP with every attachment organized into folders.
- —Configurable values (dynamic enums) manageable from the UI: occupation, prior-surgery and appointment types, each with key, label, colors and order, with no code changes.
- —Hardened self-hosted deployment: HTTPS with HSTS, custom authentication, the database reachable only over the internal network, and the app exposed only to localhost behind the reverse proxy.
Results
11 data models in MongoDB via Prisma (patient, record, follow-up, template, appointment, file, audit log, configurable values, users and sessions).
34 REST API routes covering auth, contacts, records, follow-ups, calendar, files, templates, users, audit and values.
14 application pages and 92 UI components.
8 field types in the template engine and 8 appointment types in the calendar.
4 differentiated roles (ADMIN, DOCTOR, NURSE, RECEPTION) with ~30 audited action types.
Presigned URLs expiring in 5 min (upload) / 15 min (download) and a 50 MB per-file cap.
Minimum 5-year audit retention per LFPDPPP.
Live in production at drrcl.com.mx, in containers with automatic HTTPS.