---

SecureMed 🏥

SecureMed is an enterprise-grade healthcare management platform designed with a "Security First" approach. It connects patients, doctors, and administrators through a secure, role-based environment, facilitating appointment scheduling, medical record management, and telemedicine services while ensuring data privacy and compliance.

Table of Contents

• Intro
• Architecture
• Installing and Updating
  • Docker Setup
  • Manual Install
    • Backend Setup
    • Frontend Setup
  • Environment Variables
• Core Capabilities
  • Identity & Access Control (RBAC)
  • Patient Management & Consent
  • Clinical Tools & E-Prescribing
  • Telemedicine
• Security Infrastructure
  • Audit Logging
  • Break-Glass Protocol
  • Data Anonymization
• Running Tests
• API Documentation
• Deployment
• License

Intro

SecureMed provides a decoupled, secure ecosystem for managing healthcare operations. Unlike standard hospital management systems, every interaction in SecureMed is governed by strict consent policies and audit trails.

Quick Glance:

• Frontend: Next.js 14 (App Router), Tailwind CSS, Shadcn UI.
• Backend: Django 5.0+, Django REST Framework, SimpleJWT.
• Infra: Docker, PostgreSQL 15+, Redis, Celery.

Architecture

SecureMed operates as a headless system where the Django backend serves as the single source of truth for security policy enforcement.

• Authentication: JWT (JSON Web Tokens) with rotation and refresh mechanisms.
• MFA: Time-based One-Time Passwords (TOTP) via pyotp.
• Compliance: HIPAA-compliant data structures for medical records.

Installing and Updating

Docker Setup (Recommended)

To install and start the entire SecureMed stack (Backend, Frontend, DB, Redis), run the following:

git clone [https://github.com/anurup-r-krishnan/securemed.git](https://github.com/anurup-r-krishnan/securemed.git)
cd securemed
docker-compose up --build

This will spin up:

* Backend: [http://localhost:8000](http://localhost:8000)
* Frontend: [http://localhost:3000](http://localhost:3000)
* PostgreSQL: Port 5432
* Redis: Port 6379

---

## 🔧 Manual Install

If you prefer to run services individually for development or debugging.

---

### 🖥 Backend Setup

**Prerequisites:** Python 3.10+, PostgreSQL

```bash
cd securemed-backend

Create and activate virtual environment:

python -m venv venv
source venv/bin/activate  # Windows: venv\Scripts\activate

Install dependencies:

pip install -r requirements.txt

Run migrations and seed data:

python manage.py migrate
python manage.py runscript seed_data

Start server:

python manage.py runserver

---

🌐 Frontend Setup

Prerequisites: Node.js v18+

cd securemed-frontend

Install dependencies:

npm install

Configure environment:

cp .env.local.example .env.local
# Ensure NEXT_PUBLIC_API_URL=http://localhost:8000

Start development server:

npm run dev

---

🔐 Environment Variables

Create a .env file inside securemed-backend/.

Core

• SECRET_KEY – Django secret key (critical for crypto signing)
• DEBUG – True (dev), False (prod)
• ALLOWED_HOSTS – Comma-separated list of allowed hosts

Database

• DB_NAME
• DB_USER
• DB_PASSWORD
• DB_HOST
• DB_PORT

Email (SMTP)

• EMAIL_BACKEND
• EMAIL_HOST
• EMAIL_PORT
• EMAIL_HOST_USER
• EMAIL_HOST_PASSWORD

Security

• FRONTEND_URL – Used for generating password reset and invitation links

---

🧠 Core Capabilities

🔑 Identity & Access Control (RBAC)

SecureMed implements strict Role-Based Access Control.

Roles:

• Patient
• Doctor
• Provider
• Admin

Security Features:

• MFA (Google Authenticator compatible TOTP)
• Rate Limiting (5 failed attempts → 15 min lock)
• HttpOnly/Secure cookies
• Automatic JWT blacklisting on logout

---

👤 Patient Management & Consent

• Consent Dashboard (granular access control)
• Timeline View (appointments, labs, medications)
• Policy Versioning with re-consent triggers

---

🩺 Clinical Tools & E-Prescribing

• Digital Prescription Writer
• Locked prescriptions after signing
• Password re-entry for digital signature verification
• Lab Orders with unique Sample ID
• Medication history tracking

---

📹 Telemedicine

• Secure video rooms (UUID-based)
• Waiting room with manual admit
• Session-persistent chat sidebar

---

🛡 Security Infrastructure

📊 Audit Logging

• JSON structured logs
• Logs UserID, Endpoint, Timestamp, Method
• Differentiates Read vs Write actions
• PII scrubbed before storage

---

🚨 Break-Glass Protocol

Emergency access when consent cannot be obtained.

• Endpoint: /api/medical_records/break_glass/
• Mandatory justification required
• High-priority audit alert logged

---

🧬 Data Anonymization

• PrivacyEngine utility
• Research export with UUID identifiers
• Right to be Forgotten (30-day grace period + PII scrubbing)

---

🧪 Running Tests

Backend tests:

cd securemed-backend
python manage.py test

Verification scripts:

# Verify RBAC
python manage.py runscript verification_tests.verify_rbac

# Verify MFA
python manage.py runscript verification_tests.verify_mfa

---

📘 API Documentation

When backend is running:

• Swagger UI: http://localhost:8000/api/docs/
• ReDoc: http://localhost:8000/api/redoc/

---

☁️ Deployment

The project is containerized and ready for cloud deployment (e.g., Google Cloud Run).

Build:

docker build -t securemed-backend .

Deploy:

gcloud run deploy securemed-backend --source .

Ensure cloudrun-service.yaml is configured with your project ID.

---