Healthcare IT professional.
Software that supports care.

Real EHR analyst tools are server-rendered for performance and accessibility. Thymeleaf + Spring keeps the codebase tight and renders the dashboard in under 100ms even with thousands of rows — no client-side hydration cost.

Wait time, no-show rate, and visits-per-day are calculated with native GROUP BY queries against H2 (in PostgreSQL mode). The same SQL would run unchanged against a real Postgres or Oracle EHR data warehouse — which is what hospitals actually use.

With open-in-view: false, lazy associations would throw exceptions during Thymeleaf rendering. Custom findAllWithRefs queries eagerly fetch Patient + Provider in one round-trip, eliminating N+1 queries on the visit log.

SMART on FHIR is the standard Epic and every major EHR vendor use for patient-app authorization. Using the standard means the same code would work against Cerner, Allscripts, or Athenahealth sandboxes with only a configuration change.

For browser-launched patient apps Epic requires PKCE. A static client secret can't be stored in a browser app without exposure, so PKCE provides one-time proof of possession during the code exchange.

HAPI gives strongly-typed FHIR resources (Patient, Observation, MedicationRequest) with validation built in. Faster to develop against and forward-compatible with FHIR R4 → R5.

EC2 means patching the OS, monitoring disk space, managing Docker daemon, and scaling manually. Fargate removes all of that — you define CPU/memory and AWS handles the rest. The tradeoff is less control over the host, but for a web app that's a good trade.

ECR is private by default and in the same AWS network as ECS, so image pulls are fast and free. Docker Hub has rate limits on free accounts (100 pulls/6 hours) which can break CI/CD pipelines.

GitHub Actions lives where the code lives — no separate CI server to manage. AWS CodePipeline would add another AWS service to maintain. Jenkins would need its own EC2 instance. GitHub Actions is free for public repos and has official AWS actions.

CloudFormation is AWS-only. Terraform works with AWS, GCP, Azure, and 3,000+ providers. If I ever work with multi-cloud or non-AWS services, the same tool and language apply. The tradeoff is that CloudFormation has tighter AWS integration and catches some errors earlier.

The console is fine for learning, but infrastructure built by hand is undocumented, unreproducible, and unauditable. With Terraform, the code IS the documentation. Changes go through pull requests. If a region goes down, terraform apply rebuilds everything elsewhere in minutes.

Infrastructure and application code have different lifecycles. App code changes daily; infrastructure changes rarely. Separate repos mean separate CI/CD pipelines, separate permissions, and clearer ownership. The tradeoff is managing two repos instead of one.

ECS Fargate tasks get public IPs but no SSL support. The ALB terminates HTTPS, runs health checks, and allows scaling to multiple containers without changing DNS. Without it, there's no HTTPS, no health monitoring, and no zero-downtime deployments.

Most enterprise cloud and backend roles use Java. Spring Boot has built-in dependency injection, JPA for database access, and Thymeleaf for server-side rendering — a complete production framework. The tradeoff is a heavier JAR and longer build times vs FastAPI's simplicity.

The database has no public IP. Only the ECS security group can reach port 5432. Even with valid credentials, external connections are blocked at the network level. Defense in depth — security groups + private subnet + VPC isolation.