EmeritaCRM badge
EmeritaCRM Enterprise
Backend Infrastructure

Enterprise Backend & API Lab

FastAPI microservices, PostgreSQL models, JWT auth, PHI scrubbing middleware, and Terraformable infrastructure—ready for diligence.

Average request latency 182 ms
Screeners managed 126
Audit events / day 340k
Failover drills Pass • 6/6
Core endpoints
POST /api/v1/screeners

Create configurable prescreening flows mapped to study UUIDs.

GET /api/v1/screeners/public/{id}

Anonymous participant access with rate limiting + eligibility calculators.

POST /api/v1/demo/screening/evaluate

Demo-only evaluation path bypassing auth for stakeholder walk-throughs.

PUT /api/v1/participants/{id}

Secure participant updates with PHI scrubber middleware.

Live request lab 
POST /api/v1/demo/screening/evaluate HTTP/1.1
Host: emeritacrm-production.up.railway.app
Authorization: Bearer demo-token
Content-Type: application/json

{
  "age": 29,
  "gender": "female",
  "dental_history": "regular_checkups",
  "fluoride_allergy": "no",
  "consent_to_contact": true
}
[12:02:11] ✅ 200 OK /api/v1/screeners/public/87cf
[12:03:08] ✳️ queued risk scoring job jobId=ab17
[12:04:22] 🔐 JWT verified for role=coordinator
[12:05:01] 📁 File asset stored region=us-east
[12:06:44] ⚠️ Rate limit warn for ip=23.18.*.* (auto-mitigated)
Resilience & compliance

Security contract

  • Zero-trust JWT auth + rotating refresh tokens
  • Field-level encryption & PHI masking pipeline
  • Audit_log middleware streaming to Railway

Data contract

  • SQLAlchemy models w/ versioned migrations
  • Async session handling + typed schemas
  • Seed/demo data script for stakeholder trials

Operations contract

  • Health/liveness endpoints
  • Structured logging + request correlation IDs
  • Terraform modules for environments
Sample model definition 
class Screener(Base):
    __tablename__ = "screeners"

    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid4)
    study_id = Column(UUID(as_uuid=True), ForeignKey("studies.id"), nullable=False)
    title = Column(String, nullable=False)
    instructions = Column(Text)
    estimated_duration_minutes = Column(Integer)
    created_at = Column(DateTime(timezone=True), server_default=func.now())

    questions = relationship("ScreenerQuestion", cascade="all, delete-orphan")
Emerita Clinical Research Management (EmeritaCRM) - Enterprise Backend API Demo
🏢 ENTERPRISE BACKEND - Emerita Clinical Research Management (EmeritaCRM): Complete HIPAA Infrastructure + Microservices - emeritaclinical.com

🏛️ Emerita Clinical Research Management (EmeritaCRM) - Enterprise Backend Architecture

Complete HIPAA-compliant backend infrastructure demonstration

ENTERPRISE vs BASIC: This demonstrates full enterprise backend infrastructure beyond simple prescreen forms - complete with FastAPI microservices, PostgreSQL database, JWT authentication, audit logging, and HIPAA compliance features.

📋 Screener Management API

POST /api/v1/screeners
{ "title": "Dental Caries Prevention Study", "description": "Pre-screening for dental research", "study_id": "uuid-here", "estimated_duration_minutes": 5, "instructions": "Please answer all questions honestly" }
GET /api/v1/screeners/public/{screener_id}
✅ Anonymous access for participants
POST /api/v1/screeners/{id}/questions
{ "question_text": "What is your age?", "question_type": "NUMBER", "required": true, "order_index": 1, "validation_rules": { "min_value": 18, "max_value": 100 }, "eligibility_criteria": { "min_value": 18, "max_value": 65, "weight": 25 } }

⚡ Processing & Evaluation API

POST /api/v1/demo/screening/evaluate
{ "age": 28, "gender": "female", "dental_history": "regular_checkups", "cavity_history": "yes_recent", "fluoride_allergy": "no", "pregnancy_status": "not_pregnant", "medications": "none", "consent_to_contact": true }
⚠️ Demo mode only - bypasses authentication
POST /api/v1/screeners/public/{id}/submit
{ "responses": [ { "question_id": "uuid-here", "answer_number": 28 }, { "question_id": "uuid-here", "answer_choices": ["female"] } ], "contact_info": { "email": "participant@example.com", "phone": "+1234567890" } }

🗄️ Database Models & Validation

Screener Model

id: UUID
Primary key, auto-generated
study_id: UUID
Foreign key to studies table
eligibility_status: EligibilityStatus
PENDING, ELIGIBLE, INELIGIBLE, REQUIRES_REVIEW
eligibility_reason: Optional[str]
Explanation of eligibility determination
contact_info: Optional[dict]
Encrypted participant contact data
responses: List[ScreenerResponse]
One-to-many relationship

ScreenerResponse Model

screener_id: UUID
Foreign key to screeners table
question_key: str
Indexed question identifier
question_type: QuestionType
TEXT, NUMBER, BOOLEAN, SELECT, etc.
answer: str
Serialized response data
is_phi: bool
HIPAA PHI classification flag
is_valid: bool
Validation status

🧪 Interactive API Testing

Test the screening evaluation API with different scenarios

[00:00:00] [SYSTEM] API testing interface ready. Click buttons above to test scenarios.

🔍 ScreenerService Processing Flow

class ScreenerService(BaseService): """Service for screener management and eligibility determination.""" async def evaluate_eligibility( self, screener: Screener, responses: List[ScreenerResponseSubmission] ) -> EligibilityDetermination: # 1. Validate responses against questions await self._validate_responses(screener, responses) # 2. Apply eligibility criteria score = await self._calculate_eligibility_score(responses) # 3. Determine eligibility status status = self._determine_eligibility_status(score) # 4. Log HIPAA audit trail await self.audit_context.log_data_access( "screener_evaluation", {"screener_id": screener.id, "score": score} ) # 5. Return determination return EligibilityDetermination( status=status, score=score, reasons=self._get_eligibility_reasons(responses), next_steps=self._get_next_steps(status) )

🔐 HIPAA Compliance Features

  • Audit Logging: All data access logged with request ID
  • PHI Classification: Automatic identification of protected health information
  • Data Validation: Input sanitization and type checking
  • Access Control: Role-based permissions (PI, Study Coordinator, etc.)
  • Encryption: Contact info encrypted at rest
  • Anonymization: Participant codes instead of direct identifiers

🏗️ Technology Stack

Backend:
FastAPI + Pydantic
SQLAlchemy 2.0
PostgreSQL
Security:
JWT Authentication
RBAC Authorization
HIPAA Compliance
Infrastructure:
Docker Containers
Alembic Migrations
Structured Logging

Portfolio: emeritaclinical.com | Email: contact@emeritaclinical.com