Modernizing a clinic system into an enterprise-class platform for veterinary rehabilitation
One operational system for the clinic — calendar, records, medical documentation and payments — built cloud-native and compliant with GDPR and NIS2.
The challenge
The client runs a modern veterinary rehabilitation clinic, and its system is the operational heart — not a simple scheduler but a full platform handling treatment scheduling, patient and owner records, medical documentation, therapists’ work, room management and billing.
Over the years, however, the functional scope outgrew the original architecture. The current model needed modernization across several critical areas at once: scalability, data security, auditability of user actions, GDPR compliance and readiness for the NIS2 directive. Medical documentation and owner data are personal and sensitive — their protection, retention and a full audit trail could not be an add-on but a foundation.
The client also set a strategic condition: the new platform must be cloud-native, modular and open to growth — with room for a client portal, omnichannel communication, analytics and AI — without rebuilding the foundation at every next step.
Project goals
Together with the client we agreed that the deployment stage should deliver a complete operational foundation — a system ready for the clinic’s daily work and, at the same time, a base that won’t require rebuilding with each further extension.
- Cloud-native platform — a modern, fast and responsive web application replacing the older architecture, ready to scale.
- Enterprise-class scheduling engine — conflict detection, dynamic therapist load, SMS/email/push reminders, resource blocking and waiting lists.
- Security and GDPR/NIS2 compliance — granular permissions (RBAC), retention policies, anonymization and pseudonymization, a full audit trail of data access.
- Enterprise-class medical documentation — versioning, e-signatures, approval workflow and attachment encryption for sensitive records.
- Architecture for the future — a shared authentication and data layer over API, documented contracts, full handover of code and rights — no vendor lock-in.
The solution
We designed and built a new platform in a layered, modular architecture, following Security by Design, Privacy by Design and Zero Trust. The frontend is Next.js / React / TypeScript, the backend Node.js / NestJS, and data sits on MS SQL with a Redis cache layer and object file storage. Everything runs in a cloud-native environment with autoscaling, monitoring, background job queues and separate staging and production environments.
Scheduling engine — the heart of the system
The appointment calendar is the clinic’s main operational module. We preserved the advanced “Tetris-style” logic of arranging treatments across rooms and extended it with automatic conflict detection, dynamic therapist load, intelligent resource blocking and waiting lists. Omnichannel reminders (SMS / email / push) are sent automatically, and the calendar syncs with Google Calendar and Outlook.
Security, GDPR and NIS2 — a boundary condition
Owner data and medical documentation are protected at the backend level, not the interface. We implemented a granular permission model (RBAC, least privilege), encryption of data and backups, TLS 1.3, tenant separation and an immutable audit log. Consent management, the right to be forgotten and retention policies are built in following Privacy by Default, and the cybersecurity layer (MFA, WAF, IDS/IPS, log monitoring) meets NIS2 standards.
Four pillars the system had to stand on:
Data security and privacy — personal and medical data protected by encryption, RBAC and an immutable audit; GDPR and NIS2 compliance built in from day one.
Performance — patient card and list reads under half a second, a smooth operational calendar, the whole app loading in under three seconds.
Availability and resilience — a high-availability architecture, daily geographic backups and a documented disaster-recovery procedure.
Openness — a modular, API-first architecture ready for a client portal, omnichannel communication, analytics and AI without rebuilding the foundation.
Integrations and automation
The platform connects with the clinic’s ecosystem: calendar sync (Google / Outlook), omnichannel communication (SMS, email, WhatsApp, push), online payments and invoicing, report export to XLSX/PDF and accounting integrations. Therapeutic workflows, checklists, automatic reminders and billing relieve the team of routine tasks.
Quality as a boundary condition:
- Test coverage of critical modules (medical data, payments, audit) ≥ 90% — the highest regression regime.
- Integration tests of full end-to-end flows: appointment registration, documentation, payment, calendar synchronization.
- Code review of every change landing on the production branch, plus a CI/CD pipeline with reversible deployment.
- Full documentation of the architecture, data model and API, plus deployment, disaster-recovery and usage procedures.
Results
The deployment stage delivered a complete operational foundation for the clinic — a working cloud-native platform with a single source of truth about the patient, the visit and the documentation. The measurable impact shows across three dimensions: operational, technical and business.
–38% no-shows
–60% admin time
99.9% availability (SLA)
- No-shows
- –38% — automatic SMS / email / push reminders cut the rate of missed appointments from ~10% to under 5%.
- Admin time
- –60% — e-registration, the client portal and automated billing eliminate most routine front-desk tasks.
- Phone-call volume
- –40% — self-service and online booking free up the phone by as much as 3–4 working hours a day.
- Platform availability (SLA)
- 99.9% — HA architecture, environment redundancy and disaster recovery (about 8.8 h downtime per year).
- Performance
- < 0.5 s — patient card and list read time (p95); full view loads under 3 seconds.
- Critical-code quality
- ≥ 90% — test coverage of the medical-data, payments and audit modules.
- Implementation time
- ~3 months — a full deployment stage from architecture to stabilization thanks to a ready modular foundation.
- Calendar utilization
- +15–25% — 24/7 booking, waiting lists and fewer schedule gaps raise real therapist occupancy.
- IT costs
- predictable — a SaaS model: a flat subscription instead of an in-house team and infrastructure.
- Scheduling — an enterprise-class engine with conflict detection, waiting lists and Google/Outlook sync.
- Data security — encryption, RBAC, tenant separation and an immutable audit log — GDPR and NIS2 compliance.
- Medical documentation — versioning, e-signatures, approval workflow and encrypted attachments.
- Client experience — a client portal: visit overview, online payments, confirmations and communication with the clinic.
- Data consistency — one source of truth about the patient and the visit feeding all modules and channels.
- Openness — documented API, full handover of code and rights — no vendor lock-in, AI-ready.
Client testimonial
„What mattered most to us was that patient and owner data is secure and GDPR-compliant, and the front-desk work simpler. We got both — plus a cloud foundation on which we calmly add further modules.”
What's next
The deployment stage was, by design, the beginning of a long-term development relationship in a hybrid SaaS model. The growth-ready architecture allows adding further elements without rebuilding the foundation:
- AI and analytics — occupancy forecasting, treatment recommendations, automatic visit summaries and therapy-effectiveness analysis.
- Omnichannel communication — full SMS / email / WhatsApp / push handling from a single platform.
- Extended business analytics — financial reporting, accounting integrations, receivables control and automatic invoicing.
- Scaling — developing the product toward a full SaaS platform for the veterinary market (sector CAGR ~13% per year).
The percentage indicators are deployment targets based on industry benchmarks for clinic-management software (reminders, automation, online booking) and SaaS platform standards (availability, performance). Sources: no-show reduction via reminders (25–38%, target <5%) — IDEXX Software, PetDesk, ezyVet, VetSyCare; admin time/cost reduction (up to 60–90% of tasks automated) — Tebra, Tactionsoft; call-volume drop (–40%, 3–4 h/day) — PetDesk (Osage Veterinary Clinic); 99.9% SLA availability and <3 s load — Binadox / Catchpoint SaaS Performance Benchmark 2025; veterinary-software market growth (CAGR ~13%) — Grand View Research.
About EWOSOFT
EWOSOFT Systemy Informatyczne has been on the market since 2000. We specialize in high-performance B2B and B2C sales platforms, ERP/CRM-class systems, applications processing sensitive data and integrations between systems. We co-created some of the first Polish ERP systems — that experience shapes how we design business logic and systems maintained for years. We work in stable teams, hand over the full code and rights, and build systems, not one-off projects.
Facing a similar challenge?
Let's talk about a dynamic-pricing module, ERP ↔ e-commerce integrations, or a system that grows with your company.