> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://blueprint.ziro.health/llms.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://blueprint.ziro.health/_mcp/server.

# Development & Architecture

Health application development requires rigorous engineering practices combined with deep knowledge of healthcare compliance requirements.

## Tech Stack Decisions

Choose technologies that support your compliance and integration needs:

| Layer    | Considerations for Health                                              |
| -------- | ---------------------------------------------------------------------- |
| Frontend | React/React Native for cross-platform, Swift/Kotlin for native         |
| Backend  | Node.js, Python, Go — any language works, architecture matters more    |
| Database | HIPAA-eligible: AWS RDS, GCP Cloud SQL, Azure SQL; encryption required |
| Cloud    | AWS (HIPAA), GCP (HIPAA/BAA), Azure (HIPAA/BAA)                        |
| Auth     | Auth0, Cognito, Azure AD — must support MFA, RBAC, SSO                 |
| CI/CD    | GitHub Actions, GitLab CI — with security scanning integrated          |

## HIPAA-Compliant Cloud Architecture

Key architectural requirements:

* **Encryption at rest**: AES-256 for all PHI storage
* **Encryption in transit**: TLS 1.2+ for all data transmission
* **Access controls**: Least-privilege access, MFA for all production access
* **Audit logging**: Immutable logs of all PHI access, retained per regulatory requirements
* **Data segregation**: Logical or physical separation of PHI
* **Backup and DR**: Encrypted backups, tested recovery procedures

## Mobile Health Development

Mobile health apps have unique requirements:

* **Offline capability**: Patients may have limited connectivity
* **Local encryption**: Encrypt health data stored on device
* **Background sync**: Data must sync when connectivity is available
* **Push notifications**: Medication reminders, alerts (with privacy considerations)
* **Platform compliance**: App Store review considerations for health apps

## Integration Architecture

Health apps rarely exist in isolation. Plan for integrations:

* **EHR integration**: FHIR, HL7 v2, SMART-on-FHIR
* **Device integration**: Bluetooth/BLE, Apple Health, Google Fit, Health Connect
* **Pharmacy integration**: Prescription fulfillment, drug interaction checks
* **Lab integration**: HL7 order/result interfaces
* **Payment integration**: Insurance eligibility, claims submission

***

## Related Chapters

* [API Design & FHIR](/technical-architecture/api-design-fhir) — Health API patterns
* [Cybersecurity Framework](/technical-architecture/cybersecurity) — Security implementation
* [Digital Health Stack](/foundations/digital-health-stack) — Architectural overview