MedNote is a serverless, cloud-based hospital management system designed to streamline operations between hospital administrators, doctors, receptionists, pharmacists, and technicians. Built using AWS CDK, AWS Lambda, PostgreSQL, and React, it features role-based authentication, secure medical record handling, and an automated deployment pipeline.
- Hospital Management: Update hospital details (hours, address, contact info).
- Staff Management: Invite new staff members (Doctors, Receptionists, Pharmacists, Technicians) via email.
- Overview: View dashboard statistics on staff and receipt counts.
- Create invite from Admin UI: Administrators open the Invite Staff form in the Admin Dashboard, enter the staff member's name, email, and role, then submit an invitation.
- Email delivery (async): The stack enqueues the invite message into SQS (the MednoteEmailQueue). The emailSender Lambda consumes the queue and sends an email containing a secure invitation link.
- Secure invitation link: The link contains a time-limited invitation token (stored server-side) so the recipient can accept the invite without an account yet. Tokens expire after a short period to reduce abuse.
Image
- Patient Interaction: Access patient receipts using secure codes.
- Security: Generate One-Time Passwords (OTP) sent to patients via email to authorize record access.
- Record Management: View patient details, save receipt data, and upload medical files (images/documents) directly to S3.
Image
- Patient Registration: Create new patient records.
- Information Access: View hospital operating information.
Image
- Medication Dispensing: Verify receipt codes and dispense prescribed medications.
- Validation: Check OTPs for secure access to prescription details.
Image
- Lab Results: Upload test results and attach files to specific patient receipts.
- Verification: Securely access records via receipt codes.
Image
- Secure access via receipt code & OTP: Patients access their records using a receipt code and a one-time password (OTP) sent to their email. This avoids storing sensitive credentials client-side.
- View receipts & visit history: Browse past visits, view receipt details, dates, providers involved, and billing-summary information.
- Download attachments: Securely download attached files (images, lab results, PDFs) stored in S3 through presigned URLs — files are never exposed publicly.
Image
The project leverages a fully serverless architecture on AWS, defined using Infrastructure as Code (IaC).
- Infrastructure as Code: AWS CDK (JavaScript)
- Frontend: React.js (hosted on S3 + CloudFront)
- Backend: AWS Lambda (Node.js 22.x)
- API: Amazon API Gateway (REST API)
- Database: Amazon RDS (PostgreSQL 17.6) in a private isolated subnet.
- Storage: Amazon S3 (Medical files and Frontend assets).
- Authentication: Custom JWT-based auth with secure password hashing (bcrypt).
- Async Processing: Amazon SQS (Email notifications).
- Security:
- Secrets Manager for database credentials.
- Strict VPC isolation (Private Subnets).
- CloudFront Origin Access Control (OAC) for S3 security.
- Presigned URLs for secure file uploads/downloads.
- React 18
- Ant Design (antd) for UI components.
- React Router for navigation.
- Node.js
- Postgres.js for database interactions.
- JWT & Bcrypt for security.
- AWS SDK v3 (S3, SQS, SecretsManager).
.
├── bin/ # CDK Entry point
├── lib/ # CDK Stack definitions (Infrastructure)
├── frontend/ # React Application source code
│ ├── public/
│ └── src/
│ ├── components/ # Role-specific dashboards (Admin, Doctor, etc.)
│ └── ...
├── lambdas/ # Backend Lambda Functions
│ ├── adminFn/ # Admin logic (Invite staff, update info)
│ ├── authFn/ # Authentication (Login, Signup, JWT)
│ ├── doctorFn/ # Doctor logic (OTP, File Uploads)
│ ├── emailSender/ # SQS Consumer for sending emails
│ ├── initdb/ # Database initialization script
│ ├── pharmacistFn/ # Pharmacist logic
│ ├── recpFn/ # Receptionist logic
│ ├── signup/ # Auth/Signup specific logic
│ └── technicianFn/ # Technician logic
└── test/ # Unit tests