Building a cloud-based, HIPAA-compliant mobile and web app in 6 months

Zest Health to market in six months

We put our technical expertise to work in the healthcare industry, creating a full-service, cloud-deployed, HIPAA-compliant mobile and web solution that simplifies access to complex healthcare benefits information for a Chicago-based startup Zest Health. Entrepreneurs from 7Wire and Lightbank chose Devbridge to deliver on an idea that we felt could represent a paradigm shift in the delivery and management of healthcare services. We built a dedicated Product Team and rolled up our sleeves.

Zest Health iPad

Objective – the quantified self

Our charge was to create a HIPAA-compliant, full-service solution for on-demand benefits and health information for providers and patients, with an emphasis on the healthcare consumer. With Zest, we wanted to reinvent the way consumers experience health and employers pay for it; we wanted to achieve the “quantified self” in the most personalized form, making healthcare benefits information easily understandable and easily accessible. We aimed to do so with a solution that incorporated cloud-deployed technology, mobile applications and web development.

Lack of consumer focus in healthcare

When it comes to a comprehensive understanding of healthcare benefits, many consumers find the information required to make intelligent decisions tough to find and hard to understand. In the healthcare arena, this information is often inefficiently passed back and forth between providers and insurance agencies, holds little value, and the accountability for the delivery of the information often falls somewhere in between. It may take a lot of time and seem like a true burden for the consumer, in this case the patient, to receive this information.

Zest Employees

Reinventing the way customers experience health and employers pay for it.

What exactly causes this information bottleneck? From our extensive research and a bit of knowledge sharing from Zest, we pinpointed a lack of a consumer-focused approach and a lack of technology to make this sort of approach possible.

What’s more, the requirements for HIPAA compliance presented an issue from a technical, regulatory and privacy standpoint. Acting as a barrier to entry, HIPAA compliance prevents many innovative startups from building market disruptive services purely due to complexity of regulatory requirements. Since we specialize in user experience and are experts at cloud-deployed solutions at Devbridge, a project with these sort of requirements is a perfect fit for our team.

The smarter healthcare consumer

For convenience, security, efficiency of data delivery and management - all key aspects of a consumer-centric approach to healthcare benefits managements - we created a solution consisting of an application for both a mobile phone and a tablet computer, as well as a web-based portal.

From the initiation of the project, our team worked closely with the team at Zest Health, defining requirements and establishing a plan. Our deep-dive method of research and discovery helped us develop not only a thorough understanding and knowledge base pertaining to the industry specifics, but it also fostered a transparent and trusting partnership with Zest Health.

When it came to the development process, we followed our tried-and-true Agile process, working in sprints and delivering a high quality product. Through this process, what began simply as an informational tool quickly morphed into a reinvention of the healthcare experience. Our consumer-focused approach expanded from just a comprehensive view of benefits information to include real-time tracking of spending, responsive healthcare guidance, and even a symptom checker as well as the ability to schedule and manage appointments, all directly from the app.

Project: Mobile Healthcare Platform Design and Development

Date Completed: December 2014


We focused on four critical areas of delivery to be covered by the mobile app that would make up the Zest Health Experience. We coined these categories “Talk to Me”, “Schedule Me”, “Evaluate Me” and “Inform Me”, and built a consumer-focused experience around the critical services and information we could provide within the categories.

Inform me

Through the “Inform Me” feature, healthcare consumers have access to their Personal Health Record (PHR) and Health Risk Assessment (HRA) – which is information that can be used to make informed, intelligent decisions. The app also provides a link to the claims database, further expanding upon the consumer’s view of their healthcare information and history. To round out this comprehensive collection of valuable information, the app allows the consumer to view their lab test results and prescription data, as well as their specific plan information and plan utilization.

Talk to me

The “Talk to Me” category brings a level of interaction and accessibility previously unseen in healthcare without a trip directly to the doctor’s office. The Zest mobile app provides a live, round-the-clock connection with a healthcare professional, and allows for immediate responses to questions. Additionally, in an effort to cut down on unnecessary emergency room trips, the app provides education regarding the appropriate use of urgent care, healthcare guidance and personal coaching and disease management based on specific symptoms and ailments.

Schedule me

The ability to schedule and manage appointments with care providers was built in to the app. Consumers also get an easy way to locate physicians using multiple search criteria, such as distance, language spoken, services provided, specialty and availability. From within the app, consumers can facilitate payment for procedures, access pharmacy networks and provider directories, and evaluate cost rankings on providers and hospitals.

Evaluate me

To round out the personalized features of the Zest mobile app, consumers are given the ability to evaluate their own well-being in an interactive, educative manner. The app provides a symptom checker, allowing the consumer to work through a series of self-assessment questions. It provides information for a course of action according to symptoms, as well as steps other people with similar symptoms took in efforts to treat their symptoms and how satisfied they were with their experience.

All of these features were made possible by our expertise in cloud-deployed and mobile app solutions, as well as our methodology, which fosters a completely transparent relationship and allows us to quickly deliver products to market. We were able to completely immerse ourselves in the healthcare industry from Zest’s point of view, evaluating the target audience and settling on the list of capabilities we would include.

The native app we created for Zest stands out as both an effective mobile presence and a highly functional, value-added solution. There is one other supremely important aspect that made Devbridge the perfect partner for Zest on this endeavor, and that is security.


Security is a major hurdle when it comes to healthcare. When you’re creating a solution for the healthcare industry, you absolutely must ensure that your solution is HIPAA-compliant. The HIPAA Privacy Rule exists to protect medical and personal information as it is saved, accessed and shared, while the HIPAA Security Rule, also known as electronic protected health information, outlines security standards that aim to secure health data that is received, created, maintained or transmitted electronically.

HIPAA compliance

To maintain HIPAA compliance, we utilize security measures that ensure the secure transfer of data, including physical safeguards, technical safeguards and technical policies. One of the main aspects that is key to staying within compliance, is ensuring that absolutely no data is actually stored on the phone or tablet, within the app. This aspect, coupled with our expertise in cloud-deployed solutions, is one of the main reasons we will were so well-suited to tackle this project. So the information is safe on the database, we included a BitLocker feature, which encrypts OS drives where SQL databases are stored.

With our solution, all of the Zest Health platform components are hosted in the Windows Azure infrastructure. In this case, we must have a Business Associate Agreement with a Vendor that provides hosting services for the platform. We incorporated secure storage methods, virtual machines and cloud services, as well as a virtual network, to ensure security and HIPAA compliance.


The Zest Health experience brings the quantified self directly in to the palm of the hand of the healthcare consumer. We’ve effectively personalized an efficient manner of healthcare information delivery and healthcare management.

We were also able to achieve round-the-clock access to a trusted healthcare professional while eliminating excessive administrative costs. We’ve focused on preventative care and disease management programs, as well as strategic buying that yields the appropriate level of care at lower costs. Ultimately, the Zest mobile app achieves happy and healthy consumers.

What’s more, we’ve partnered with Allied Health, a Third Party Administrator. Having a Third Party Administrator on board brings added benefits to any employers who would participate in the program and incorporate the Zest mobile app solution as part of their healthcare benefits.

“One of the unique elements just because of the security need around healthcare is that everything had to be cloud-based. So there's really no sensitive data stored on the phone directly. That was key. We had to have an entirely cloud-based solution. They (Devbridge) were great in terms of thinking through the architecture there and solutions that would work.”
– Shawn Ellis President, Zest Health

The build vs. buy software guide

The build vs. buy software guide

Download white paper