Full-Stack Developer — HIPAA-Compliant Healthcare Voice AI Platform (Retell + Supabase + Next.js)
Worldwide
We're an AI infrastructure company building a Voice AI receptionist platform for medical and dental practices — an AI that answers patient calls, qualifies them, books appointments, and follows up 24/7. The marketing and demand side is already strong; we have practices waiting. Our priority now is building the real application and getting the security + HIPAA compliance right the first time, at scale. We're looking for a developer (or small team) who can wear two hats: ship the application and architect it to be HIPAA-compliant from the ground up. You'll work directly with the founder and our technical lead. WHAT YOU'LL BE BUILDING 1. A custom dashboard / web app (currently bare-bones) — practice-facing portal for call review, lead pipeline, and appointment/booking management. Front end + API + database. 2. Voice AI agents on Retell — configuring, deploying, and iterating inbound/outbound voice agents (knowledge bases, call flows, transfers, post-call data capture). Retell, Vapi, or similar experience strongly preferred. 3. The HIPAA / PHI compliance layer — the hard part and the reason for this hire (below). THE HIPAA / COMPLIANCE WORK (MOST IMPORTANT) Patient data (PHI) is moving off our voice vendor and into our own application. We need someone who can own the technical half of HIPAA: - Encryption in transit and at rest, secure architecture, least-privilege access, MFA, and tamper-proof audit logging. - PHI de-identification before LLM calls — masking real patient data before it hits OpenAI/Anthropic and re-inserting on return, with minimal added latency (latency matters a lot for live voice). - Patient-rights mechanisms — working "right to erasure" / deletion that propagates to every system the data touched, plus right-to-access and an append-only consent ledger (exact wording, version, timestamp, response). - Retention / auto-purge policies and BAA/DPA handling with sub-processors. - Helping us evaluate and integrate a PHI vault / proxy (tokenization vault where flagged PHI never sits in our own DB) vs. building controls ourselves. We understand HIPAA is self-attested and roughly half technical, half policy/process. You own the technical half and help us document due diligence to stay audit-ready. OUR CURRENT STACK - Voice: Retell (Anthropic Claude for reasoning) — BAA-capable - Frontend / hosting: Next.js on Vercel - Database / backend: Supabase (Postgres) - Automation: Make.com - Other: Twilio (numbers/SMS), Stripe (billing) You don't need every one — tell us which you've shipped production work with. YOU'RE A STRONG FIT IF YOU HAVE - Proven full-stack delivery (TypeScript/Node, React/Next.js, Postgres) on production SaaS. - Real HIPAA experience in a US healthcare product — not theoretical. Bonus: HITECH, SOC 2, PHIPA/PIPEDA, GDPR. - Experience with voice AI (Retell/Vapi/LiveKit) or conversational AI agents. - Experience integrating LLM APIs (Anthropic/OpenAI) safely, including de-identification patterns. - Bonus: dental/medical practice software (PMS) integration (Open Dental, Dentrix, etc.). - Clear communicator who flags risk and tradeoffs early. We move fast but we will not cut corners on PHI. ENGAGEMENT & BUDGET - Hourly, ongoing engagement. We have not fixed a rate — we want your honest quote. - Range posted is wide because the roles differ (full-stack build vs. HIPAA/security architecture). Quote the rate that reflects your real expertise — we pay for people who get PHI right. - We'll begin with a small paid trial milestone (about $300–$500) before any larger commitment. - Overlap with North American (Mountain Time) hours preferred. Start immediately. IN YOUR PROPOSAL, PLEASE INCLUDE 1. Your hourly rate. 2. A rough estimate (hours + cost) to take our app from bare-bones to a compliant, launchable MVP — a ballpark range is fine. 3. A healthcare/HIPAA project you shipped — your specific role and how you handled PHI. 4. Whether you've worked with Retell or another voice-AI platform (link a build if you can). 5. Your read, in 1–2 sentences, on the best way to handle PHI de-identification for a low-latency voice app. 6. What you'd charge for the trial task: "Design the PHI de-identification flow + audit-log schema for a low-latency Retell voice app (written doc + diagram)." Applications that skip items 5 and 6 will not be reviewed. Required 1. Describe a HIPAA-compliant system you personally built and your specific role in it. 2. In 1–2 sentences: best approach to PHI de-identification for a low-latency voice app? 3. What is your hourly rate, and your ballpark estimate (hours + cost) for the MVP?
- More than 30 hrs/weekHourly
- 1-3 monthsDuration
- ExpertExperience Level
$10.00
-
$150.00
Hourly- Remote Job
- Ongoing projectProject Type
Skills and Expertise
Activity on this job
- Proposals:50+
- Last viewed by client:yesterday
- Interviewing:25
- Invites sent:15
- Unanswered invites:0
About the client
- CANLethbridge10:15 PM
- $150 total spent2 hires, 1 active
- 8 hours
Explore similar jobs on Upwork
How it works
Create your free profileHighlight your skills and experience, show your portfolio, and set your ideal pay rate.
Work the way you wantApply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
Get paid securelyFrom contract to payment, we help you work safely and get paid securely.
About Upwork
- 4.9/5(Average rating of clients by professionals)
- G2 2021#1 freelance platform
- 49,000+Signed contract every week
- $2.3BFreelancers earned on Upwork in 2020
Find the best freelance jobs
Growing your career is as easy as creating a free profile and finding work like this that fits your skills.
Trusted by