Healthcare Patient Intake System Architecture Guide

🎯This Week's Journey

From prompts to production-grade patient intake system.

Monday showed 3 core prompts. Tuesday automated the workflow. Wednesday mapped team roles. Today: complete technical architecture. Multi-agent orchestration, FHIR integration, HIPAA compliance, and scaling from 100 to 10,000 patients per day. This is the production system design that powers modern healthcare automation.

📋

Key Assumptions

Patient volume: 100-10,000 intakes per day depending on deployment tier

Compliance scope: HIPAA, HITECH, state privacy laws (CCPA where applicable)

EHR systems: Epic, Cerner, or Allscripts with FHIR R4 API access

Data residency: US-based healthcare data centers with BAA coverage

Integration timeline: 3-6 months for full production deployment

System Requirements

Functional

Extract 47+ structured fields from free-text patient narratives
Validate completeness against EHR requirements (demographics, insurance, medical history)
Generate contextual follow-up questions for missing critical data
Detect and redact PHI before LLM processing (names, SSNs, MRNs)
Transform extracted data to FHIR R4 bundles for EHR ingestion
Maintain audit trail for all PHI access (7-year retention)
Support multi-language intake (English, Spanish minimum)

Non-Functional (SLOs)

latency p95 ms5000

freshness min2

availability percent99.9

extraction accuracy percent99

phi detection recall percent99.99

💰 Cost Targets: {"per_intake_usd":0.15,"monthly_infra_startup_usd":500,"monthly_infra_enterprise_usd":5000}

Agent Layer

planner

Decomposes intake request into subtasks, selects appropriate tools and agents

🔧 task_decomposer, agent_selector, context_analyzer

⚡ Recovery: If task decomposition fails: fallback to simple sequential flow, If agent selection uncertain: route to human review queue, Retry with simplified plan (max 2 retries)

executor

Extracts structured data from patient narrative using LLM

🔧 claude_api, gpt4_api, schema_validator, rag_retriever

⚡ Recovery: If LLM API fails: switch to backup LLM (GPT-4 → Claude → Gemini), If extraction confidence < 0.7: flag for human review, If schema validation fails: retry with clarified prompt, Max 3 retries with exponential backoff

evaluator

Validates completeness and quality of extracted data against EHR requirements

🔧 field_validator, completeness_checker, clinical_rule_engine, icd10_validator

⚡ Recovery: If validation rules fail: use fallback rule set, If critical field missing: escalate to urgent review, If quality score < 0.8: trigger re-extraction

guardrail

PHI detection, redaction, safety checks, policy enforcement

🔧 comprehend_medical, phi_detector, safety_classifier, policy_engine

⚡ Recovery: If PHI detection fails: block processing entirely (fail-safe), If safety score < threshold: escalate to compliance team, If policy violation detected: halt and audit, Zero tolerance for PHI leakage

question_generator

Generates contextual follow-up questions for missing critical data

🔧 gpt4_api, clinical_context_retriever, question_ranker

⚡ Recovery: If question generation fails: use template-based questions, If no clinical context: generate generic questions, Max 5 questions per iteration

orchestrator

Coordinates all agents, manages workflow state, handles routing decisions

🔧 state_manager, routing_engine, decision_tree, retry_handler

⚡ Recovery: If agent fails: route to backup agent or human queue, If workflow stuck: timeout after 30s and escalate, If loop detected: break after 3 iterations, Maintain workflow state for resume on failure

ML Layer

Feature Store

Update: Real-time for online features, daily batch for historical aggregates

• patient_intake_history_count
• avg_extraction_confidence
• missing_fields_frequency
• question_answer_rate
• session_completion_time_seconds
• phi_entity_density
• clinical_complexity_score
• language_detected
• source_channel

Model Registry

Strategy: Semantic versioning with A/B testing for production rollout

• extraction_model
• phi_detector
• question_generator

Observability Stack

Real-time monitoring, tracing & alerting

0 active

SOURCES

Apps, Services, Infra

COLLECTION

11 Metrics

PROCESSING

Aggregate & Transform

DASHBOARDS

5 Views

ALERTS

Enabled

📊Metrics(11)

📝Logs(Structured)

🔗Traces(Distributed)

intake_requests_total

✓

extraction_latency_p95_ms

✓

validation_pass_rate

✓

question_generation_latency_ms

✓

ehr_integration_success_rate

✓

phi_detection_latency_ms

✓

Deployment Variants

🚀

Startup Architecture

Fast to deploy, cost-efficient, scales to 100 competitors

Infrastructure

✓

Vercel (frontend + API routes)

✓

Supabase (PostgreSQL + Auth)

✓

Redis Cloud (cache)

✓

Anthropic API (Claude)

✓

AWS Comprehend Medical

✓

Resend (email notifications)

→Serverless-first for low operational overhead

→Managed services to avoid DevOps complexity

→Pay-as-you-go pricing

→Quick deployment (< 2 weeks)

→Good for 0-500 patients/day

→Single-tenant, single-region

Risks & Mitigations

⚠️ PHI leakage to LLM provider

Low

✓ Mitigation: Mandatory PHI redaction before LLM processing. Fail-safe: block all processing if PHI detection fails. AWS Comprehend Medical for detection. Audit trail for all PHI access. Regular penetration testing.

⚠️ LLM hallucination causes medical error

Medium

✓ Mitigation: Multi-layer validation: confidence thresholds, drug database cross-reference, logical consistency checks, human review queue. Current hallucination rate: 0.3%, 100% caught before EHR write. Shadow mode testing before production rollout.

⚠️ EHR integration downtime

Medium

✓ Mitigation: Multi-LLM failover. Retry queue with exponential backoff. Alerting within 5 minutes. Manual override process. SLA: 99.0% (allows 7.2 hours/month downtime).

⚠️ Cost overrun from LLM usage

Medium

✓ Mitigation: Cost per intake target: $0.15. Monitoring and alerting at $0.20. Automatic throttling at $0.25. Optimize prompts to reduce token usage. Use cheaper models for non-critical tasks (e.g., GPT-3.5 for question generation).

⚠️ Compliance audit failure

Low

✓ Mitigation: 7-year audit trail retention. Regular internal audits. Third-party HIPAA audit annually. SOC 2 Type II certification. Dedicated compliance officer. Incident response plan tested quarterly.

⚠️ Agent loop / infinite retry

Low

✓ Mitigation: Circuit breaker after 3 iterations. Timeout after 30 seconds. Monitoring for loop detection. Automatic escalation to human review. Workflow state persistence for recovery.

⚠️ Data residency violation (cross-border transfer)

Low

✓ Mitigation: US-based AWS regions only (us-east-1, us-west-2). No cross-region replication. Patient consent for data processing. Regular audits of data flows. DLP (Data Loss Prevention) policies.

🧬

Evolution Roadmap

Progressive transformation from MVP to scale

🌱

Phase 1Months 0-3

Phase 1: MVP (0-3 months)

Deploy startup architecture (Vercel + Supabase)

Implement 3 core agents (Intake, Validation, Question)

Integrate with 1 EHR (Epic FHIR)

Achieve 95% extraction accuracy

Process 100 patients/day

Complexity Level

▼

🌿

Phase 2Months 3-6

Phase 2: Scale (3-6 months)

Migrate to queue-based architecture (SQS + Lambda)

Add multi-LLM failover

Integrate with 2 more EHRs (Cerner, Allscripts)

Achieve 99% extraction accuracy

Process 1,000 patients/day

Complexity Level

▼

🌳

Phase 3Months 6-12

Phase 3: Enterprise (6-12 months)

Migrate to EKS multi-region

Add 6 specialized agents (Planner, Evaluator, Guardrail, etc.)

Implement agentic RAG

Achieve 99.5% extraction accuracy

Process 10,000+ patients/day

SOC 2 Type II certification

Complexity Level

🚀Production Ready

🏗️

Complete Systems Architecture

9-layer production architecture from patient portal to EHR

🌐

Presentation Layer

4 components

Patient Portal (React/Next.js)

Tablet Kiosk App (iPad)

SMS/Text Intake (Twilio)

Voice Intake (Deepgram + Whisper)

⚙️

API Gateway Layer

4 components

API Gateway (Kong/AWS API Gateway)

Rate Limiter (Redis-based)

Auth Service (OAuth 2.0 + SMART on FHIR)

Load Balancer (ALB/NLB)

💾

Agent Layer

6 components

Planner Agent (Task decomposition)

Intake Agent (Data extraction)

Validation Agent (Completeness check)

Question Agent (Follow-up generation)

Guardrail Agent (PHI detection, safety)

Orchestrator Agent (Workflow coordination)

🔌

ML Layer

5 components

Feature Store (Tecton/Feast)

Model Registry (MLflow)

Prompt Store (Versioned prompts)

Evaluation Engine (LangSmith/Phoenix)

Embedding Service (text-embedding-3-large)

📊

Integration Layer

4 components

FHIR Adapter (HAPI FHIR)

HL7 v2 Adapter (Mirth Connect)

PHI Handler (AWS Comprehend Medical)

EHR Connectors (Epic, Cerner, Allscripts)

🌐

Data Layer

5 components

Primary Database (PostgreSQL with pgvector)

Cache Layer (Redis Cluster)

Vector Store (Pinecone/Weaviate)

Audit Log Store (S3 + Glacier)

Message Queue (SQS/RabbitMQ)

⚙️

External Services

6 components

LLM APIs (Anthropic Claude, OpenAI GPT-4)

Epic FHIR API

Cerner FHIR API

AWS Comprehend Medical

Twilio (SMS)

Deepgram (Voice)

💾

Observability Layer

5 components

Metrics (Prometheus + Grafana)

Logs (ELK Stack / CloudWatch)

Traces (Jaeger / X-Ray)

Alerting (PagerDuty / Opsgenie)

ML Monitoring (Arize / WhyLabs)

🔌

Security Layer

5 components

WAF (CloudFlare / AWS WAF)

Secrets Manager (AWS Secrets Manager / Vault)

KMS (AWS KMS / Azure Key Vault)

IAM / RBAC Service

SIEM (Splunk / Datadog Security)

🔄

Complete Request Flow - Patient Intake to EHR

Automated data flow every hour

Step 0 of 17

End-to-End Data Flow

Patient text → Sanitized → Extracted → Validated → Questions → FHIR → EHR

Patient Portal0ms

User submits intake form → Free-text narrative (500-2000 words)

API Gateway50ms

Authenticates and rate limits → Validated request

Guardrail Agent800ms

Scans for PHI entities → PHI flags + sanitized text

Planner Agent150ms

Creates task plan → Agent sequence + tool selection

Intake Executor3200ms

Extracts structured data via Claude → JSON with 47 fields + confidence scores

Validation Evaluator1800ms

Checks completeness against EHR schema → Missing fields array + quality score

Orchestrator50ms

Routes based on completeness → Decision: complete OR incomplete

Question Generator2500ms

Generates 5 contextual questions (if incomplete) → Questions + expected answer formats

Patient Portal100ms

Displays questions to patient → Interactive form

Intake Executor1200ms

Merges answers into existing JSON → Updated JSON (now complete)

FHIR Adapter800ms

Transforms to FHIR R4 bundle → FHIR Bundle (Patient, Condition, Observation, AllergyIntolerance, MedicationStatement)

Epic FHIR API2200ms

Persists to EHR → 201 Created + Patient MRN

Audit Logger100ms

Records all PHI access → Audit trail entry

Volume

0-100 patients/day

Pattern

Serverless Monolith

🏗️

Architecture

Next.js API routes on Vercel

Supabase PostgreSQL

Redis Cloud (cache)

Direct LLM API calls

AWS Comprehend Medical

Cost & Performance

$200/month

per month

5-8 seconds p95

Volume

100-1,000 patients/day

Pattern

Queue + Workers

🏗️

Architecture

API server (Node.js/Express)

SQS message queue

Lambda workers (agent execution)

RDS PostgreSQL

ElastiCache Redis

S3 for audit logs

Cost & Performance

$800/month

per month

3-5 seconds p95

Volume

1,000-10,000 patients/day

Pattern

Multi-Agent Orchestration

🏗️

Architecture

ECS Fargate containers

LangGraph orchestration

SQS + SNS for event routing

Aurora PostgreSQL (Multi-AZ)

Redis Cluster

Pinecone vector store

CloudWatch + X-Ray

Cost & Performance

$3,500/month

per month

2-4 seconds p95

Recommended

Volume

10,000+ patients/day

Pattern

Enterprise Multi-Region

🏗️

Architecture

EKS Kubernetes clusters (multi-region)

Kafka event streaming

Aurora Global Database

Redis Enterprise (multi-region)

Multi-LLM failover (Claude, GPT-4, Gemini)

Datadog full-stack monitoring

Private VPC with Transit Gateway

AWS PrivateLink for EHR connections

Cost & Performance

$12,000+/month

per month

1-3 seconds p95

Key Integrations

Epic FHIR API

Protocol: HL7 FHIR R4

Obtain OAuth token from Epic authorization server

Transform extracted JSON to FHIR resources

POST Patient resource (demographics)

POST Condition resources (diagnoses)

POST Observation resources (vitals, labs)

POST AllergyIntolerance resources

POST MedicationStatement resources

Receive Epic MRN in response

Cerner FHIR API

Protocol: HL7 FHIR R4

Similar to Epic but uses Cerner-specific extensions

Different authorization endpoint

Cerner-specific patient identifier format

Additional validation rules for Cerner

AWS Comprehend Medical

Protocol: AWS SDK (boto3)

Send patient text to DetectPHI API

Receive entity list (NAME, SSN, MRN, etc.)

Redact entities before LLM processing

Log all PHI detections to audit trail

Use DetectEntitiesV2 for medical terms

HL7 v2 (Legacy Systems)

Protocol: HL7 v2.5.1 (ADT, ORM messages)

Transform FHIR bundle to HL7 v2 messages

Send ADT^A04 (register patient)

Send ORM^O01 (order message for labs)

Receive ACK acknowledgment

Handle NACK and retry

Security & Compliance Architecture

Failure Modes & Recovery

Failure	Fallback	Impact	SLA
LLM API down (Anthropic outage)	Automatic failover to GPT-4, then Gemini. If all fail, queue for manual processing.	Degraded performance (slower), not broken	99.5% (allows 3.6 hours/month downtime)
Extraction confidence < 0.7	Flag for human review, send to intake coordinator queue	Quality maintained, slight delay	99.9% (manual review within 2 hours)
EHR API timeout (Epic/Cerner down)	Retry 3x with exponential backoff. If fails, store in retry queue with 5-minute interval.	Eventual consistency (data arrives late)	99.0% (allows 7.2 hours/month)
PHI detection service fails	BLOCK ALL PROCESSING. Fail-safe mode. No PHI to LLM under any circumstance.	System unavailable until PHI detection restored	100% (zero tolerance for PHI leakage)
Database unavailable	Switch to read replica for read operations. Write operations queued.	Read-only mode, writes delayed	99.9%
Agent loop detected (infinite retry)	Circuit breaker after 3 iterations. Escalate to human.	Prevents resource exhaustion	N/A (safety mechanism)
FHIR validation fails	Log error, retry with corrected mapping. If fails 3x, human review.	Data quality maintained	99.5%

System Architecture

┌──────────────────────────────────────────┐
│         ORCHESTRATOR AGENT               │
│  (Workflow coordination & routing)       │
└────────────┬─────────────────────────────┘
             │
     ┌───────┴────────┬────────┬─────────┬──────────┐
     │                │        │         │          │
┌────▼─────┐   ┌─────▼────┐ ┌─▼──────┐ ┌▼────────┐ ┌▼────────┐
│ PLANNER  │   │GUARDRAIL │ │ INTAKE │ │VALIDATOR│ │QUESTION │
│  AGENT   │   │  AGENT   │ │ AGENT  │ │  AGENT  │ │  AGENT  │
│          │   │          │ │        │ │         │ │         │
│ Task     │   │ PHI      │ │Extract │ │Check    │ │Generate │
│ Decomp   │   │ Detect   │ │Fields  │ │Complete │ │Follow-up│
└──────────┘   └──────────┘ └────────┘ └─────────┘ └─────────┘
     │                │          │          │           │
     └────────────────┴──────────┴──────────┴───────────┘
                       │
                  ┌────▼─────┐
                  │   FHIR   │
                  │  ADAPTER │
                  └────┬─────┘
                       │
                  ┌────▼─────┐
                  │ Epic EHR │
                  └──────────┘

🔄Agent Collaboration Flow

Orchestrator

Receives patient text, initializes workflow state, routes to Planner

Planner

Analyzes text complexity, decomposes into subtasks, selects agent sequence → Returns plan to Orchestrator

Guardrail

Scans for PHI entities, redacts sensitive data, checks safety rules → Returns sanitized text + PHI flags

Intake Executor

Extracts 47 structured fields via LLM with RAG context → Returns JSON + confidence scores

Validation Evaluator

Checks completeness against EHR schema, validates data quality → Returns gap list + quality score

Orchestrator

Decision: If complete (100%) → Route to FHIR Adapter. If incomplete → Route to Question Agent

Question Agent

If incomplete: Generate 5 contextual follow-up questions based on gaps → Loop back to Orchestrator → Wait for patient answers

FHIR Adapter

If complete: Transform JSON to FHIR R4 Bundle → Send to Epic/Cerner → Receive MRN confirmation

🎭Agent Types

Reactive Agent

Low (Level 1)

Intake Agent - Responds to input, returns output. No memory.

Stateless

Reflexive Agent

Medium (Level 2)

Validation Agent - Uses rules + context. Limited decision-making.

Reads context, no persistent state

Deliberative Agent

High (Level 3)

Question Agent - Plans questions based on gaps. Reasons about what to ask.

Stateful (remembers previous questions)

Orchestrator Agent

Highest (Level 4)

Orchestrator - Makes routing decisions, handles loops, manages workflow state.

Full state management (workflow history, retry counts, etc.)

📈Levels of Agent Autonomy

Tool (No Autonomy)

Human calls, agent responds. No decisions.

→ Monday's prompts - human copies, pastes, reads output

Chained Tools (Sequential)

Pre-defined sequence. No branching.

→ Tuesday's code - extract → validate → question (always in order)

Agent (Decision-Making)

Makes routing decisions. Can loop.

→ Orchestrator - routes based on completeness, retries on failure

Multi-Agent (Collaborative)

Agents collaborate autonomously. Emergent behavior.

→ This system - agents call each other, negotiate, recover from failures

RAG vs Fine-Tuning Decision

Hallucination Detection

Evaluation Framework

Dataset Curation

Agentic RAG

Prompt Versioning

Complete Tech Stack

Frontend

Next.js 14, React, TypeScript, Tailwind CSS

Backend

Node.js, Express, Python (agent workers)

LLMs

Claude 3.5 Sonnet (primary), GPT-4 Turbo (backup), Gemini Pro (tertiary)

Orchestration

LangGraph, LangChain

Database

PostgreSQL (Aurora), pgvector extension

Cache

Redis Cluster

Vector Store

Pinecone or Weaviate

Queue

AWS SQS, SNS (pub/sub)

Compute

ECS Fargate (startup), EKS (enterprise)

PHI Detection

AWS Comprehend Medical

EHR Integration

HAPI FHIR, Mirth Connect

Monitoring

Datadog (enterprise), CloudWatch (startup)

Logging

ELK Stack (Elasticsearch, Logstash, Kibana)

Tracing

AWS X-Ray, Jaeger

Security

AWS WAF, AWS KMS, HashiCorp Vault

Auth

Okta (SSO), Auth0 (patient portal)

CI/CD

GitHub Actions, ArgoCD

🏗️

Need Architecture Review?

We'll audit your system design, identify bottlenecks, show you how to scale 10x, and ensure HIPAA compliance. 90-minute deep dive with actionable recommendations.

No part of this content may be reproduced, distributed, or transmitted in any form without prior written permission.

Patient Intake System Architecture 🏗️

From prompts to production-grade patient intake system.

Key Assumptions

System Requirements

Functional

Non-Functional (SLOs)

Agent Layer

planner

executor

evaluator

guardrail

question_generator

orchestrator

ML Layer

Feature Store

Model Registry

Observability Stack

Deployment Variants

Startup Architecture

Infrastructure

Risks & Mitigations

⚠️ PHI leakage to LLM provider

⚠️ LLM hallucination causes medical error

⚠️ EHR integration downtime

⚠️ Cost overrun from LLM usage

⚠️ Compliance audit failure

⚠️ Agent loop / infinite retry

⚠️ Data residency violation (cross-border transfer)

Evolution Roadmap

Phase 1: MVP (0-3 months)

Phase 2: Scale (3-6 months)

Phase 3: Enterprise (6-12 months)

Complete Systems Architecture

Presentation Layer

API Gateway Layer

Agent Layer

ML Layer

Integration Layer

Data Layer

External Services

Observability Layer

Security Layer

Complete Request Flow - Patient Intake to EHR

End-to-End Data Flow

Scaling Patterns: Startup to Enterprise

Key Integrations

Epic FHIR API

Cerner FHIR API

AWS Comprehend Medical

HL7 v2 (Legacy Systems)

Security & Compliance Architecture

Failure Modes & Recovery

Multi-Agent Collaboration Architecture

🔄Agent Collaboration Flow

🎭Agent Types

Reactive Agent

Reflexive Agent

Deliberative Agent

Orchestrator Agent

📈Levels of Agent Autonomy

Advanced ML Engineering Patterns

RAG vs Fine-Tuning Decision

Hallucination Detection

Evaluation Framework

Dataset Curation

Agentic RAG

Prompt Versioning

Complete Tech Stack

Need Architecture Review?