← All work
Case study · Client product · Built end to end

The Dental Specialists

A production clinical platform with a grounded RAG copilot at its core. It answers only from the clinic's own records, cites every case, and never leaks a patient's identity to the model. I scoped, designed and shipped the whole thing for a three branch dental group in Hyderabad.

The Dental Specialists · case copilot
Who is a candidate for a dental implant?

A patient with a missing tooth, adequate bone width, and healthy adjacent teeth is a candidate for a dental implant [DS-000014].

Cited cases
DS-000014Dharamkaram Road Show image
Grounded · identity protected · gpt-oss-120b · 710 tokens · est. $0.0000
Production RAG Grounded & cited Healthcare PWA Full stack, AI assisted Next.js · Supabase
3
Branches on one system
5
Roles, enforced in the database
6/6
Specs shipped to the client
615
Automated tests, all green
Get in touch See how the AI works
The problem

The Dental Specialists is a specialist dental group running three branches across Hyderabad, a flagship in Banjara Hills plus branches in Kondapur and on Dharamkaram Road. Like most clinics its size, its entire clinical record lived in a paper case file booklet: medical history, the tooth by tooth examination, treatment plans, estimates, payments, prescriptions, discharge notes.

When I sat with the clinic, the cost of paper was everywhere. The booklet could not travel between branches, so a patient treated in Banjara Hills was effectively a stranger at Kondapur. Nobody could say who edited a plan or approved a discount. Finding an old case meant digging through a filing cabinet. And under India's data protection law, a cabinet cannot evidence consent, access control, or retention at all.

The founder also had no real time view of the business. Revenue, dues, plan conversion, and low stock across three branches were not visible in one place to the person running it.

So the mandate was clear. Replace the booklet with a staff only, multi branch app: role based access, a real audit trail, approval workflows, an interactive tooth chart, search across branches, clean printouts, and a grounded AI copilot, delivered as a live product the clinic runs itself.

A grounded RAG copilot

The most novel piece, and the one with the most ways to go wrong, is the case copilot shown in the hero. It is a retrieval augmented generation (RAG) pipeline, and it was the highest risk feature, to me the real test of AI product judgment. An assistant that invents clinical claims, or that leaks a patient's name to a third party model, is worse than no AI at all. So I designed the four steps so a wrong or unsafe answer is structurally hard, not just discouraged by a prompt.

1 · Retrieve

A single ranked search over the clinic's own records, using Postgres full text and trigram matching, returns the best matching cases. That search is also the access gate: clinicians and admins only, everyone else gets a permission error.

2 · Protect identity

Every retrieved case is stripped of name, phone, code, and email and given an opaque Case N label before anything reaches a model. The map back to the real patient stays on the server.

3 · Generate, grounded

If nothing was retrieved, it declines without ever calling the model. When it does answer, the model is restricted to the cases provided and must cite each clinical claim.

4 · Cite and cap

Citations are checked against the cases actually used and mapped back to real IDs for the clinician. Model, tokens, and cost are logged, under hard rate and cost caps.

The net effect: the copilot cannot answer from outside the records, cannot leak a patient's identity to the model, and cannot run away on cost. Each of those is enforced in code and covered by tests. Because the model is reached through OpenRouter, I can swap providers to tune quality against cost without a rewrite. Retrieval is lexical today; a vector store is already reserved to add semantic search in the next phase.
What I committed to

Before building anything, I wrote down what success had to look like, so this would be judged on outcomes, not on a demo that happened to go well. Each criterion later became part of the test suite.

  • A user of each role sees exactly their permitted actions, enforced by row level security, not just hidden buttons.
  • The full patient journey works end to end, from registration to a printable case sheet.
  • Every change is captured in an immutable audit log.
  • Any staff member can search and retrieve any patient or document across all three branches.
  • The copilot answers natural language case questions grounded in the records, under hard rate and cost caps.
  • The product is live, hosted in the India region, and installable as a PWA.

Every one of these was met at delivery.

Every screen below uses sample data, never real patient records.

A calm, serious front door

The whole clinic signs in here. There is no public sign up. Accounts are created by an admin, because this is staff only software that holds patient records, and I wanted that boundary to be obvious from the first screen.

I had the visual language, which we called Clinical Calm, designed and signed off in Figma before the build began, so every screen had a coherent target from day one. The compliance promise sits right in the footer.

The Dental Specialists login screen, staff only, with a DPDP and encryption compliance promise in the footer

The front desk runs the day from one screen

The receptionist opens straight into today at their branch: who is booked, who is checked in, who is in the chair, what is overdue, and who was just registered across all three branches.

Register, take a payment, or search, the four things that fill the front desk day, are one tap away. I kept clinical data view only for this role, so the front desk is fast without being able to touch findings.

Receptionist home screen with today's schedule, outstanding dues, recently registered patients and quick actions

One patient identity across three branches

Registration takes under a minute and generates a unique patient ID on save, so the same person is recognised at any branch and is never entered twice. A database backed duplicate guard enforces it.

A quick register path back enters the old paper files, so the clinic could move off paper without stopping operations for a day. Every field is audited.

New patient registration form with a unique patient ID generated on save

The chair sees what needs attention

The doctor lands on their clinical day: their appointments, who is in the chair now, and the treatment plans waiting on a senior sign off.

I designed each role to land on a different home screen tuned to its job, so the work that needs you today is the first thing you see, not something you have to go hunting for.

Doctor home screen with today's schedule, chair status, plans awaiting sign off and recent patients

The tooth chart, made interactive

The clinical centerpiece is a real FDI tooth chart for adult and child teeth. Click a tooth and tag the problem, the surface, and a note, and the chart colour codes findings by category.

I had this built first, because it is the hardest piece and the one a dentist judges first. From these findings the doctor builds a treatment plan and proposes it for senior approval, then it moves through its lifecycle to completed.

Interactive FDI tooth chart with a per-tooth findings panel and a colour-coded category legend

Where revenue stops leaking

Estimates build straight from the treatment plan and the total is always derived, never typed by hand. A discount stays pending, with no price change, until a senior or the founder approves it with a reason on record.

And you cannot approve a discount you requested yourself. That rule lives in the database, not in a hidden button, which is the difference between a real control and a polite suggestion.

Billing screen showing the estimates tab with a senior gated discount approval queue

Stock that protects safety and money

Every item is tracked per branch and per batch, with expiry dates, reorder levels, and low stock, expiring, and expired flags. The oldest safe batch goes out first.

Dispensing a prescription decrements the right batch automatically, so the ledger and the shelf never drift apart, and branches can move stock to each other instead of over ordering at every location.

Inventory screen with per-branch, batch-level stock, expiry dates and low stock, expiring and expired badges
Built to be trusted

This is patient data, so from the first spec I treated it as production healthcare software, not a demo. The security and compliance are structural. A feature physically cannot touch data without going through an audited, role checked path, and the screen is never the security boundary.

Security at the database

Row level security and server side write functions check the caller's real role on every change. Retrofitted security has holes, so I made it the foundation the whole product is built on.

An immutable audit trail

Every change records who, their role, the field, the value before and after, and when. It is partitioned to stay fast as it grows, and the founder and developer can read it directly.

Approvals that cannot be gamed

Discounts and treatment plan sign offs run through one reusable approval flow: proposed, pending, approved or rejected, and no one can approve their own request.

Patient data safe by construction

Private storage with short lived links, money stored as exact paise so totals never drift, caches purged on logout, and a scrubber that strips patient data from error reports before anything leaves the app.

India resident by design

Records, accounts, and patient media all run in the Mumbai region, with the app pinned to the same region, so data residency under the DPDP Act is satisfied cleanly.

How it fits together

Two diagrams carry most of the product thinking. The first is the system: how a request travels from staff to data and back, and where the safety lives. The second is the copilot's path, where the guardrails are the route itself, not a note in a prompt.

System architecture: an installable Next.js PWA calls Next.js Server Actions, which reach Supabase Auth, SECURITY DEFINER RPCs, Postgres with row level security, an immutable audit log and private storage, all in the India region, with the case copilot reaching a swappable LLM provider and Sentry receiving scrubbed errors
The decisions that matter are in the wiring. The screen is never the security boundary: every write goes through a server side function that re-checks the caller's real role and stamps the actor, row level security guards every table, and every mutation lands in an immutable audit log. Records, accounts and patient media stay pinned to the India region, and the model is reached through a swappable provider that only ever receives de-identified text.
Copilot grounding flow: a clinician question passes a role and cost gate, retrieves cases, declines if none are found, de-identifies each case, generates a grounded answer that must cite, declines again if the cases do not answer, validates citations, logs cost, and returns a grounded cited answer
The copilot's safety is the path itself. It declines before calling the model when nothing is retrieved, so there are no tokens and no ungrounded claim. It strips identity before any case reaches the model. It forces a citation on every clinical claim, validates each one against the cases actually used, and runs under hard rate and cost caps. A wrong or unsafe answer is structurally hard to produce, not just discouraged.
How I ran the build

I ran this the way I run every client engagement. Discovery first, then a roadmap broken into vertical slices, each shipped through a repeatable plan, build, validate, review, commit loop.

Discovery produced a brainstorm that locked the hard decisions early: the five roles, senior approval for discounts, FDI tooth numbering, three branches, a single backend, and removing patient identity before any AI call. That became a roadmap of six executable specs, each an end to end slice that left the product demonstrable at every step.

I de risked the two hardest, most visible pieces first, the interactive tooth chart and the grounded copilot, each with a simpler fallback in reserve, so the demo path was never at risk while the routine work was filled in. Independent slices ran as parallel workstreams and merged back to a releasable trunk, and every slice passed a code review and a dedicated security and privacy pass before it landed.

584
Database tests (pgTAP)
24
Unit tests
7
End to end tests
43
Versioned migrations

I held a production bar, not a demo bar. Quality was proven by automated tests run together, not by spot checking screens.

The whole clinic, in one view

For the first time the founder can see the whole business at a glance: revenue and collections, new patients, plan conversion, low stock, the discount approval log, and today's activity across all three branches, with a branch filter to drill in.

Decisions move from gut feel to data. A branch that is underperforming, a conversion rate slipping, or stock about to expire is visible early enough to act on.

Founder practice overview spanning all three branches with revenue, collections, plan conversion, low stock, discount approvals and today's activity
More of the system

A few more of the pieces that make it a complete system rather than a demo.

Cross-branch search with branch, document-type and date filters
Search and retrieve any patient or document across every branch, by name, phone, patient ID, or a word in a file label, scoped to what each role is allowed to see.
Branded full case sheet with a print or save PDF action
Clean, branded printouts, including a full case sheet, redesigned properly rather than photocopied from the paper form. Migrated records keep a link to their original file number.
Founder-only settings screen with the branches tab
A founder only Settings area for branches, departments, people and roles, and the clinical catalogs and prices. The clinic owns its own setup, and every change is audited.
Developer console showing the tamper-evident audit log
A super admin console exposing the tamper evident audit log, errors, feature flags, and settings. This is the concrete proof behind every change is logged.
The Dental Specialists login screen on a mobile viewport
Installable as a PWA and built for the phones the front desk and chairside staff carry, so staff are not tied to a desktop.
Outcomes

All six specs were built, tested, and handed to the client, on plan. The result is a complete, deployed product, live in the India region and installable as a PWA, that runs the full patient journey end to end with every change audited and a grounded copilot on top.

  • One system across three branches. Records and search finally travel between Banjara Hills, Kondapur, and Dharamkaram Road.
  • Safe delegation across five roles, with approvals and the no self approval rule wired into the database, not staff discipline.
  • Provable compliance: India data residency, encryption, consent capture, long retention, and an audit trail that answers who changed what, when.
  • Revenue protection through controlled discounts, visible dues, per branch daily cash close, and derived totals.
  • Patient safety through point of care allergy alerts and inventory that prevents stock outs and expired material.
  • Practice visibility for the founder, across all branches, in real time.
  • A foundation for AI, with the search backbone and a reserved vector store ready for the next phase semantic copilot.
It shipped to the client about a day before I wrote this. Because it holds patient records, the live product is not publicly accessible, which is why every screen shown here uses sample data, never real patient information.
Tech & tools I directed
Next.js 16 React 19 TypeScript Tailwind shadcn/ui Supabase (Postgres, Auth, Storage, RLS) RAG (retrieval augmented generation) pgvector OpenRouter Sentry Playwright Vercel Figma Claude Code (AI assisted build)

I directed the full stack build by giving AI coding tools tight specs, tests, and review, the same way I ship every product I take on.

My role
  • Ran discovery with the clinic, the founder, doctors, and front desk, and turned the paper booklet into a buildable product with measurable success criteria.
  • Designed the role model, the permission matrix, and the governance the whole clinic runs on: approvals, the no self approval rule, and the audit trail.
  • Designed the RAG copilot to be grounded, identity safe, cited, and cost capped, which was a product and safety design problem, not just a prompt.
  • Owned delivery end to end: a roadmap of six vertical slices, parallel workstreams, quality gates, and an on plan handover.
  • Built and shipped the production system myself by directing AI coding tools across the full stack.

Want the full walkthrough?

I am happy to demo The Dental Specialists live and talk through the product decisions, the governance model, and how I scoped and shipped it.

Get in touch See more work