Healthcare Patient Portal
A Bordeaux clinic group operating 12 sites had been managing appointments via phone and paper forms. No-shows ran at 28% and receptionist time was consumed by reminder calls. They needed a patient-facing mobile app with appointment booking, teleconsultation, and secure document sharing — but their IT procurement process required a full data privacy and GDPR compliance audit before approving any new vendor.
Build something similar →The Challenge
A Bordeaux clinic group operating 12 sites had been managing appointments via phone and paper forms. No-shows ran at 28% and receptionist time was consumed by reminder calls. They needed a patient-facing mobile app with appointment booking, teleconsultation, and secure document sharing — but their IT procurement process required a full data privacy and GDPR compliance audit before approving any new vendor.
Our Solution
We built a FlutterFlow app backed by a Supabase instance hosted in the EU (Frankfurt region) with field-level encryption for sensitive health data. Xano served as the HIPAA-boundary API layer — no patient data ever reached WeWeb or FlutterFlow directly; the app only receives tokenised references which Xano resolves inside the secure perimeter. Teleconsultations run via a Twilio Video embed, with recordings stored encrypted in Supabase Storage.
Compliance first: designing the data architecture
Healthcare apps must meet GDPR and, for telemedicine, the French HDS (Hébergeur de Données de Santé) certification requirements. We structured the data model so that directly identifying data (name, DOB, NHS number) is stored in a dedicated Supabase schema with AES-256 field encryption managed by a Xano vault service. Clinical data references this schema by an opaque UUID — even if the clinical tables were exported, they contain no personally identifiable information without the vault key. The architecture document formed the basis of the client's CNIL compliance filing.
Appointment engine across 12 sites
Each clinic has its own calendar resource in Supabase with opening hours, practitioner schedules, and blocked slots. The booking UI in FlutterFlow queries an Xano endpoint that returns available slots for the next 14 days across all sites within a given radius. Slot reservation uses a Supabase advisory lock with a 10-minute hold — if the patient doesn't confirm payment within 10 minutes, the slot is released. This prevents double-booking without a separate queue service.
Teleconsultation with Twilio Video
We integrated Twilio Programmable Video via a FlutterFlow custom widget wrapping the Twilio Flutter SDK. Xano generates a short-lived Twilio room token server-side on consultation join — the client app never holds a long-lived Twilio credential. Recordings are captured by Twilio, then a Twilio callback webhook triggers a Xano function that downloads the recording, encrypts it with the patient's public key, and stores it in Supabase Storage. Only the patient (and their designated practitioners) can decrypt.
Impact: 40% fewer no-shows
The reminder sequence — 48h SMS, 24h push, 2h push — reduced no-shows from 28% to 16.8% within the first month, which translated directly to additional consultations the clinics could schedule. The group's operations director estimated a revenue impact of approximately €18K/month across the 12 sites. Patient satisfaction surveys gave the app 4.8/5, with the most-cited positive being "finally a French medical app that works on my phone".
Features delivered
Technology stack
Want similar results?
Book a free call and we'll scope your project and give you a fixed quote within 48h.
Get a free quote →The compliance architecture they designed passed our CNIL review without a single revision request. That alone justified the entire project cost.Dr. Sophie R.Medical Director, Clinic Group (Bordeaux)
Ready to build yours?
Every project starts with a free 30-minute call. We'll scope your idea, answer your questions, and give you a fixed quote.
Book a free call →