Project Name
Multi-Brand Healthcare Platform Rebuilt With HIPAA Compliance and SQL Injection Remediation on AWS
A North American healthcare retailer running multiple brands from one eCommerce platform had a compliance problem hiding in plain sight. PHI and non-PHI data shared the same database tables with no encryption or access controls. Communications went out from a single shared sender, no webhook attributed conversions per brand, and SQL injection vulnerabilities put patient data at direct breach risk. By applying an AI-First approach, Ksolves rebuilt the platform on PHP and Node.js – with HIPAA-compliant PHI isolation, per-brand communications, custom traffic attribution, and a full admin suite built in from day one.
- No HIPAA-Compliant PHI Separation on AWS: PHI and non-PHI eCommerce data were stored in shared database tables with no schema-level isolation, no encryption at rest, no IAM access controls, and no BAA-eligible AWS service configuration - creating direct HIPAA regulatory exposure across the entire platform.
- Single Shared Communication Identity Across All Brands: Transactional emails, order confirmations, and SMS messages were sent from one shared sender identity regardless of which brand the customer had purchased from - undermining brand differentiation and causing patient confusion when healthcare communications arrived from an unrecognised sender.
- No Per-Brand Traffic or Conversion Attribution: The existing eCommerce webhook recorded order and conversion events without attributing them to the specific brand, traffic source, or campaign that had generated the conversion - making per-brand performance measurement and ROAS calculation structurally impossible.
- SQL Injection Vulnerabilities in PHP Codebase: A security audit identified SQL injection vulnerabilities through direct string interpolation of user-supplied input into SQL statements without parameterisation or input validation - a PHI breach risk that created both HIPAA regulatory and reputational exposure.
- No Admin Interface for Per-Brand Management: Platform administrators had no governed interface for managing brand-specific configurations independently. Communication settings, product catalogues, and customer data required direct database access or code changes rather than a role-controlled admin interface appropriate for a healthcare platform.
Ksolves rebuilt the platform on PHP and Node.js with HIPAA compliance addressed as a structural design requirement from day one. Every component - data architecture, communication layer, webhook implementation, and admin interface - was designed with multi-brand isolation and healthcare data governance as first-class constraints, not afterthoughts.
- HIPAA-Compliant PHI Separation on AWS: The data architecture was redesigned with schema-level separation between PHI and non-PHI data in MySQL, with PHI tables isolated in restricted schemas, encrypted at rest using AES-256 via AWS RDS, and served only through parameterised queries. AWS infrastructure was configured with VPC isolation, IAM role-based access, Security Groups, and BAA-eligible services to meet the HIPAA Security Rule's technical safeguard requirements.
- Per-Brand Communication via Twilio and SendGrid: The communication layer was rebuilt to support independent configuration per brand. Twilio SMS was reconfigured with per-brand sender IDs, message templates, and opt-out management. SendGrid email was rebuilt with per-brand sender domains and templates managed independently through the admin suite - each storefront's customers receiving communications from the correct brand identity.
- Custom eCommerce Webhook With Per-Brand Traffic Attribution: The eCommerce webhook was replaced with a custom Node.js implementation capturing UTM parameters, referral sources, and campaign identifiers at the point of conversion - attributing each event to the specific brand, traffic source, and campaign. Marketing teams gained per-brand visibility into conversion performance and ROAS measurement for the first time.
- SQL Injection Remediation and Security Hardening: All database query construction was audited and refactored to use parameterised queries and prepared statements across the PHP codebase, eliminating string interpolation of user-supplied input entirely. Input validation was added at the application layer and validated against OWASP injection attack patterns to confirm the vulnerability class was fully closed.
- Comprehensive Per-Brand Admin Screen Suite: A full administrative interface was built covering per-brand Twilio and SendGrid configuration, product catalogue management, order administration, and customer data management with HIPAA-appropriate role-based access controls - enabling non-technical brand administrators to manage each storefront independently without database or code access.
Technology Stack
| Category | Technology |
|---|---|
| Backend | PHP |
| Frontend/API | Node.js |
| Database | MySQL |
| Cloud / Infra | AWS |
| Communication | Twilio |
| Communication | SendGrid |
| eCommerce | Webhook + Traffic Attribution |
- HIPAA Compliance Achieved - PHI Fully Isolated and Encrypted: Schema-level PHI isolation, AES-256 encryption via AWS RDS, VPC isolation, IAM access controls, and BAA-eligible AWS services provide a fully HIPAA-compliant infrastructure architecture - replacing direct regulatory exposure with a defensible, auditable compliance posture.
- Per-Brand Communication Identity Restored: Twilio and SendGrid are now configured independently per brand - each storefront's customers receive SMS and email communications from the correct brand sender identity, with independent templates, domains, and opt-out management replacing the shared sender model entirely.
- Per-Brand Traffic Attribution Enabled for the First Time: The custom webhook captures UTM parameters and referral attribution per brand at the point of conversion, enabling per-brand ROAS measurement and campaign-level optimisation across the full multi-brand portfolio - a capability that structurally did not exist before.
- SQL Injection Vulnerabilities Fully Remediated: 100% of identified SQL injection points were refactored to parameterised queries and prepared statements, validated against OWASP injection patterns, eliminating the PHI breach risk class from the PHP codebase.
- Full Admin Suite Delivered - Zero Database Access Required: A comprehensive per-brand admin suite covering communication settings, product management, order administration, and customer data with HIPAA-appropriate role-based access now enables brand administrators to manage their storefront independently through the platform interface.
A North American multi-brand healthcare retailer with no HIPAA-compliant PHI separation, active SQL injection vulnerabilities, and no per-brand attribution was transformed into a compliance-first eCommerce platform through Ksolves’ web and mobile development services. PHP and Node.js on AWS now deliver schema-level PHI isolation, AES-256 encryption, and BAA-eligible infrastructure. Twilio and SendGrid give each brand an independent communication identity, a custom webhook enables per-brand ROAS measurement for the first time, and a comprehensive admin suite puts brand management in the hands of non-technical administrators with full HIPAA-appropriate access controls throughout.
Building a HIPAA-Compliant Multi-Brand Digital Platform?
