Challenge Overview
CHALLENGE OBJECTIVES
PROJECT BACKGROUND
TECHNOLOGY STACK
API REQUIREMENTS
SCREEN REQUIREMENTS
The API must provide support for the following screens:
HIPPA COMPLIANCE REQUIREMENTS
Unit Tests
- Build the backend API for the Ognomy MVP project.
PROJECT BACKGROUND
- We are building an MVP of a mobile app that allows patients to schedule and participate in teleconsultations on their mobile device, and of a web app that allows doctors to view teleconsult schedules and participate in teleconsults from a desktop device.
- For the purpose of this challenge, we need to implement the backend that will support the MVP of this mobile app and web app.
- This MVP is the 1st phase of a bigger project, both the mobile app and the web app have a much bigger scope to be done later.
TECHNOLOGY STACK
- Node.js
- MongoDB
- REST
- SMTP
- Nylas API
- Data Encryption
API REQUIREMENTS
SCREEN REQUIREMENTS
The API must provide support for the following screens:
- Login - physician and patients
- Login API is needed to support both physician and patient users. And since these users have different access to the application, authorization must be implemented properly.
- Send verification code - patients only
- This API will take an email as input and send a random verification code to the provided email address. The verification code needs to have an expiration time (configurable at deployment time) and can only be used once.
- This API should check for duplicate email address.
- Signup - patients only
- Signup API is only needed for the patient users, it requires the user to provide the email, password and verification code to create the account. This API will only succeed if the verification is valid (not expired, not used before and matches the email address).
- This API should check for duplicate email address.
- List providers - physician and patients
- Check this screen: Design Files / Patient / 01 New Patient / 22A Schedule
- The API should return the list of available providers (physicians)
- Get available schedule of a provider - physician and patients
- Once a provider is selected, the app will call the API to get the available schedule of the provider, see Design Files / Patient / 01 New Patient / 24 Schedule
- This API requires integration with Nylas
- Make an appointment - physician and patients
- This API will create an appointment with the selected provided at the specified time, see Design Files / Patient / 01 New Patient / 25A Schedule
- This API requires integration with Nylas
- Please note the appointment is created for both the physician and the patient (so they can both see it)
- List Upcoming Appointments - physician and patients
- This API will allow a user (physician or patient) to see his or her upcoming appointments
- This API requires integration with Nylas
- List Past Appointments - physician and patients
- This API will allow a user (physician or patient) to see his or her past appointments
- This API requires integration with Nylas
- Update Appointment - physician and patients
- This API is used to update an appointment, for example: to change the time or mark it as completed
- Either this API or a separate API should allow the physicians to update the appointment with the meeting details, at minimum we expect the meeting id and password to be updated into the appointment when the host (physician) starts a meeting, and then the mobile app (patient) can pull the meeting id and password and join from the mobile app.
HIPPA COMPLIANCE REQUIREMENTS
- The application must be HIPPA compliant. All information storage/data/roles must adhere to HIPPA guidelines. Please note this is a critical requirement, submissions not meeting this requirement will NOT pass review.
- All data must be encrypted in the database.
- Emails sent by the system must not contain any personal or sensitive information.
- For more information:
- Summary of HIPPA: Summary of the HIPAA Privacy Rule
- HIPPA and Cloud Computing: Guidance on HIPAA & Cloud Computing
- FTC Guidance for Web App Secutiry: App Developers: Start with Security
- FTC Guidance for Health Apps: Mobile Health App Developers: FTC Best Practices
Unit Tests
- Please provide unit tests for the API in scope of this challenge.
Final Submission Guidelines
- Full code that covers all the requirements, including unit tests.
- Postman collection file to properly test the API (covering positive and negative cases).
- A document that describes the mapping from API endpoints to the screens we are implementing in upcoming challenges.
- A detailed README file including information on how to configure, run and verify your application.