WhatsApp-based Medical Records System

Project Overview I am looking to develop a secure WhatsApp-based Personal Medical Record Storage System. The system must: • Allow users to upload medical reports via WhatsApp • Store documents securely in encrypted storage • Allow retrieval via simple WhatsApp commands • Follow strict consent-based data handling • NOT provide any medical advice or diagnosis • Be privacy-focused and secure by design This is NOT a chatbot for medical consultation. This is purely a secure document storage and retrieval system via WhatsApp. ⸻ Complete Functional Flow ⸻ ENTRY POINT (FIRST CONTACT) When a user sends ANY message to the WhatsApp number: Examples: • “Hi” • “Hello” • Sends a PDF • Sends an image The system must trigger the consent gate. ⸻ CONSENT GATE (MANDATORY – STRICT RULES) Bot must reply ONLY with: This service securely stores your personal medical records. We do NOT provide medical advice or diagnosis. By continuing, you consent to us storing your uploaded documents. Reply YES to continue. Rules: • If user reply ≠ YES → ignore all messages • No uploads allowed before YES • No menus • No replies • Store consent timestamp in database when YES received Consent is mandatory and non-bypassable. ⸻ IDENTITY CREATION (Minimal & Safe) Identity must be: WhatsApp mobile number only No OTP No Aadhaar No email No password ⸻ Step 3: One-time Profile Creation After consent, ask sequentially: Q1 – Name (Required) Q2 – Date of Birth (Required) Q3 – City (Required) (Important: Ask one question at a time for better UX) After completion: • Create user profile • Permanently link profile to WhatsApp number ⸻ Step 4: Confirmation Bot response: Thanks, Your profile is ready. You can now send your medical reports anytime. ⸻ REPORT UPLOAD FLOW (Core Feature) ⸻ Step 5: User sends medical report Allowed file types: • PDF • JPG • PNG Maximum file size: 10MB ⸻ Step 6: System Validation Validate: • Consent = YES • Profile completed • File type allowed • File size limit • Rate limit (anti-spam protection) If invalid → Reject with clear reason. ⸻ Step 7: Upload Acknowledgement Bot: Report received Please answer a few questions to save it properly. ⸻ Step 8: Metadata Collection (Sequential) Ask one-by-one: Q1 – Visit date Q2 – Hospital / Lab name Q3 – Report type / Tag (Examples: Blood Test, Scan, Prescription, Discharge Summary) ⸻ Step 9: Secure Storage (Backend Requirements) System must: • Revalidate file • Store file in encrypted object storage (AWS S3 / GCP / Azure equivalent) • Encrypt at rest • Save metadata in database • Link report to mobile number • Delete file from WhatsApp server after storage • Maintain upload logs ⸻ Step 10: Confirmation Bot: Report saved successfully. You can ask for it anytime. ⸻ REPORT RETRIEVAL FLOW ⸻ Step 11: User Request Examples User may type: • “Show my reports” • “Last report” • “Blood test reports” • “Reports from Apollo” • “Reports from last year” ⸻ Step 12: System Logic System must filter by: • Date • Type • Hospital • Keywords (basic logic matching) ⸻ Step 13: Return Report List Bot example: Here are your reports: Blood Test – 12 Jan 2025 Scan – 20 Dec 2024 Reply with the number to download. ⸻ Step 14: User selects report ⸻ Step 15: Secure Access System must generate: • Time-limited signed download link • Valid for 10 minutes • Forced file download (no preview) • HTTPS only ⸻ Special Commands System must support: • HELP • MYDATA → Show profile summary • UPDATE → Update name or city • DELETE LAST REPORT • DELETE ALL DATA (Full account wipe) Delete operations must be permanent

Projekt-ID: 40239660