HealthTech5 months engagement

Medical Professional Network

QA for a SaaS platform connecting medical professionals with pharmaceutical research opportunities, handling sensitive health data and regulatory compliance. Doctors used the platform to find and participate in clinical trials, while pharmaceutical companies used it to recruit qualified participants and manage study logistics. QA was essential because the matching algorithm directly influenced which doctors saw which trials, and any data handling error could violate HIPAA and expose the company to significant legal penalties.

WebAPISecurity TestingFunctional QAAPI Testing

100%

HIPAA compliant

Vulns fixed

50K+

Profiles tested

The Challenge

PHI & HIPAA Compliance

Every feature handled protected health information requiring strict HIPAA compliance. Any data leak would have severe legal consequences.

Matching Algorithm Accuracy

Complex algorithms connected doctors with clinical trials based on specialty, location, and eligibility. Rankings needed to be accurate and explainable.

Search Performance

Over 50,000 professional profiles indexed with dozens of filterable attributes. Performance had to stay fast with complex multi-criteria queries.

Dual Regulatory Compliance

International expansion required handling GDPR requirements alongside HIPAA — two different regulatory frameworks for the same data.

Tools Used

Cypress

Postman

BrowserStack

JIRA

Swagger

Cypress

Postman

BrowserStack

JIRA

Swagger

Our Approach

How We Tested This Project

Security-First Assessment

We began with a focused security review of every endpoint that handled PHI. We tested for data exposure in API responses, browser caching of sensitive data, and unauthorized access through permission escalation. This produced a prioritized list of 23 vulnerabilities.

Matching Algorithm Validation

Worked with the client data science team to build a test dataset of doctors and trials with known correct matches. We ran the algorithm against this dataset and flagged any mismatches, false positives, or ranking anomalies for investigation.

Compliance Documentation

Built a comprehensive test evidence package mapping each HIPAA and SOC 2 requirement to specific test results. This included screenshots, API response logs, and encryption verification reports that the client used directly in their audit submission.

Performance and Search Testing

Load tested the search system with realistic query patterns to verify response times stayed under 2 seconds even with complex multi-criteria filters. We identified and reported an N+1 query issue that was causing search slowdowns for users with large result sets.

Scope

What We Tested

01PHI data handling and encryption validation across storage, transit, and backup systems

02Doctor-trial matching algorithm accuracy against a verified dataset of expected matches

03HIPAA and SOC 2 compliance verification across all platform features

04Email notification and communication flows with PHI redaction in preview text

05Search and filtering performance across 50K+ profiles with compound filter combinations

06Cross-browser and responsive testing across Chrome, Safari, Firefox, and Edge

07Document upload security scanning and file type validation

08Session management and automatic logout for inactive sessions handling PHI

09GDPR consent management and data deletion request workflows

10Audit log completeness for every PHI access event

Impact

Results & Business Impact

SOC 2 First-Pass Audit

Passed SOC 2 Type II audit on the first attempt. Auditors specifically noted the thoroughness of access logging and data isolation.

23 Vulns Resolved

All 23 security vulnerabilities identified and resolved before launch, including two critical PHI exposure issues.

$2M Contracted Revenue

15 pharmaceutical partners onboarded in Q1 post-launch, generating $2M in contracted revenue.

2x Doctor Signups

Doctor signup rates doubled after the platform earned a HIPAA compliance badge substantiated by our testing.

More Projects

Related Case Studies

HealthTech

Clinical Wound Assessment App

QA for an FDA-regulated mobile application used by clinicians to photograph, measure, and track wound healing progress with AI-powered analysis. Nurses and wound care specialists in hospitals and home health settings relied on the app daily to document patient wounds and generate treatment reports. Because the AI measurements directly influenced clinical decisions, testing accuracy was not just a quality concern but a patient safety requirement.

Telehealth & Patient Portal

QA for a telehealth platform enabling virtual consultations, prescription management, and patient health record access across web and mobile. Patients used the platform to book appointments, have video consultations with their doctors, receive prescriptions, and access their health records from anywhere. QA was critical because a failed video call meant a missed medical consultation, and any error in the prescription workflow could have direct patient safety consequences.

Prop Trading Platform

End-to-end QA for a proprietary trading platform handling real-time market data, trader evaluations, and automated payout processing across web and mobile. The platform served thousands of active traders who relied on accurate profit calculations to determine their payouts. QA was critical because even a small rounding error in the evaluation engine could cascade into incorrect payouts across the entire user base.

Ready to get similar results?

Every project starts with a free strategy call. Tell us about your product and we will outline a testing plan.

Book a Free Call →← All Projects