Tuva Health HEDIS Service

Tuva Health engaged me as principal architect to build the HIPAA-compliant foundation for its HEDIS quality-measurement service, a cloud-native system that scores millions of patient records across 80+ NCQA HEDIS measures.

Approach

Designed a containerized, isolated compute architecture that could handle enterprise-scale clinical data while meeting HIPAA and security review requirements. Built dual ingestion paths to accommodate different customer data hosting models and invested heavily in developer experience tooling to keep the small team moving fast.

Highlights

Role: Principal Architect & Fractional Engineering Lead

• Architected and delivered the containerized HEDIS Service on AWS ECS Fargate, orchestrating CSV to FHIR to NCQA DCS API to CSV pipelines with automated job tracking, validation, and delivery.
• Designed dual ingestion paths: a hardened SFTP endpoint for customer-hosted data and a cross-account workflow for Snowflake-hosted datasets, both feeding an isolated compute environment.
• Built developer experience tooling with DevContainers + LocalStack, declarative environment config via Pydantic, and repeatable infra provisioning with Terraform and GitHub Actions CI/CD.
• Collaborated with product and client teams to model runbooks, SLAs, and secure data exchange patterns that satisfied HIPAA and enterprise security reviews.

Tech Stack

AWS ECS Fargate, S3, Secrets Manager, Transfer Family (SFTP), Snowflake, Terraform, GitHub Actions, Python, Pydantic, Docker, LocalStack

Outcomes

Supporting multiple enterprise-scale clients (~2.5M potential patients) across 80+ NCQA measures. Established a secure, auditable architecture that Tuva can extend with additional measures and analytics services, along with a reproducible developer platform that keeps infra, code, and environments in sync from local to production.