Case Study: Options Medical Weight Loss

Building a HIPAA-Compliant Mobile App and AWS Backend for Patient Engagement

Client Overview

Options Medical Weight Loss is a physician-led clinic network specializing in medically supervised weight management. Founded in 2014 and headquartered in Florida, the company operates nearly 40 clinics across multiple U.S. states, combining in-person care with telehealth to support personalized treatment plans. The organization has grown rapidly in recent years, doubling revenue for three consecutive years and serving tens of thousands of patients. Recognized by Newsweek as one of “America’s Best Weight Loss Clinics,” Options Medical Weight Loss continues to expand its footprint while focusing on safe, effective, and sustainable outcomes.

The Challenge

Options initially launched with a third-party white-label mobile app to establish a digital presence quickly. While this approach accelerated time to market, it came with clear trade-offs: the app’s roadmap was dictated by the vendor, integrations were limited to generic features, and clinic staff had little influence over how digital tools supported patient care. Customization requests often meant waiting months for updates, which slowed our ability to respond to patient feedback or incorporate new clinical practices.

These limitations became more pronounced as the business scaled. Options needed features that went beyond a template app: seamless integration with Apple Health, Google Fit, and connected medical devices; deduplication logic to reconcile overlapping health data sources; and a backend that could meet HIPAA’s security and auditability standards. The leadership team also wanted complete control over analytics, release cadence, and compliance practices—capabilities that were either restricted or unavailable under the white-label arrangement. In short, the existing solution had outlived its usefulness, and Options needed to own its stack to keep innovating.Must Have Requirements

Our Approach

Our work began with a discovery phase to ground the new platform in both clinical needs and business goals. We assessed the limitations of the existing white-label solution, benchmarked those against Options’ long-term roadmap, and identified where vendor constraints blocked critical features such as richer device integrations and faster release cycles. From there, we facilitated product planning sessions to define the MVP feature set and design direction while outlining a phased rollout for future enhancements. In parallel, we evaluated architectural options and built a total cost of ownership model, which guided the selection of a HIPAA-ready AWS reference architecture that could scale reliably with patient adoption while keeping operating costs predictable.

Discovery & Planning

• Cloud Architecture Evaluation: Assessed AWS, Azure, and Google Cloud against HIPAA compliance requirements, scalability, and cost efficiency.
• Cost Modeling: Produced total cost of ownership (TCO) analysis based on current user base and projected growth across each cloud provider.
• Design Asset Collection: Consolidated brand materials including style guides, logos, and typography to ensure consistent product design.
• UX & Workflow Review: Evaluated mobile and backend user experiences of the legacy solution to identify gaps and opportunities for improvement.
• MVP Definition: Facilitated discussion wit staff to define critical features needed to support patient care and engagement.
• Integration Mapping: Outlined technical requirements for Apple Health, Bluetooth-connected devices, backend, and provisioning systems.
• API & Data Architecture: Designed GraphQL APIs, schemas, and standardized data structures to ensure scalability and long-term maintainability.
• Technology Selection: Recommended mobile, frontend, and backend stacks best suited to meet functional requirements and scale with future growth.
• Risk & Constraint Analysis: Documented regulatory risks (HIPAA compliance scope), technical risks (BLE device integrations), and operational risks (clinic adoption and training).
• Release Planning: Defined MVP timeline, milestones, and phased rollout strategy to align with operations.
• Analytics & Measurement Plan: Established KPIs for engagement, retention, and compliance; recommended instrumentation with tools such as Mixpanel, GA4, or Amplitude.
• Security & Compliance Review: Reviewed high-level data governance, PHI handling protocols, and audit logging requirements.
• Change Management & Training: Planned onboarding and training to ensure successful adoption by staff and patients.

Implementation

AWS Backend & Compliance

• HIPAA-Ready Architecture: Delivered a secure backend on AWS with encryption at rest and in transit, designed to meet HIPAA compliance requirements.
• Infrastructure-as-Code: Provisioned services using Terraform for consistent, auditable deployments across environments.
• Authentication & Security: Implemented secure authentication, role-based access control, and audit logging to protect PHI.
• Data Ingestion & Normalization: Designed GraphQL APIs and standardized schemas to handle health data ingestion, deduplication, and real-time sync across multiple devices and platforms.
• Scalability: Built a foundation that can scale cost-effectively as the patient base and clinic network expand.

Mobile App Development (Flutter)

• Cross-Platform Delivery: Built iOS and Android apps in Flutter for faster delivery and unified codebase maintenance.
• Health Data Integration: Integrated Apple Health and Google Fit with permission-based, two-way sync for exercise, nutrition, hydration, sleep, vitals, and measurements.
• Bluetooth Device Support: Reverse-engineered protocols for bioimpedance scales (weight, BMI, body fat %, hydration) and blood pressure cuffs (pulse, systolic, diastolic), with results logged in HealthKit and aggregated alongside other health data.
• Data Deduplication & Accuracy: Implemented logic to reconcile overlapping inputs from devices such as Apple Watch, Oura Ring, and iPhone pedometer.
• Nutrition Tracking: Built a food logging system with keyword and barcode search, support for custom foods, Options Medical branded items, serving sizes/units, and macronutrient calculations.
• Progress Insights & Engagement: Added personalized goal setting, dashboards, notifications, and reminders to keep patients on track and engaged between visits.
• Release & Update Strategy: Adopted Shorebird for over-the-air (OTA) updates, enabling faster delivery of fixes and enhancements without waiting on App Store or Play Store approval cycles. This ensured patients and clinics always have access to the latest features and improvements.

The Solution

The final solution delivered by F3 Software brought together secure cloud infrastructure, cross-platform mobile apps, and seamless device integrations into a single patient-centered platform.

• Mobile App: A secure, user-friendly iOS and Android application enabling patients to log meals, track activity, monitor vitals, and receive care team support. The app consolidated multiple data sources—including Apple Health, Google Fit, wearables, and Bluetooth devices—into one simple interface. Built in Flutter, it supports rapid iteration and over-the-air updates via Shorebird.
• AWS Backend: A HIPAA-compliant, scalable backend running on AWS, designed for security and growth. The system provides API-driven data ingestion, normalization, and storage, with encryption at rest and in transit, audit logging, and role-based access controls. Infrastructure-as-code with Terraform ensures reproducibility and audit readiness.
• Smart Device Integration: Real-time syncing with Apple Health, Google Fit, Oura Ring, Apple Watch, and Bluetooth medical devices, including bioimpedance scales and blood pressure cuffs. Data is normalized, deduplicated, and aggregated to provide both patients and care teams with a reliable, comprehensive health record.

Together, these components gave Options Medical a proprietary digital health platform—purpose-built to deepen patient engagement, support clinical decision-making, and scale as the business expands.

The Results

• Improved Patient Engagement: Patients now track weight, steps, nutrition, and vitals seamlessly with automatic sync from devices they already use. Personalized goals and reminders keep them engaged between clinic visits.
• Clinic Efficiency: Care teams have real-time access to accurate patient data, improving accountability, enabling proactive outreach, and reducing reliance on manual logs or fragmented apps.
• Scalable Compliance: Options Medical now operates on a HIPAA-compliant AWS backend, designed to grow as new clinics and patients are added, with security, audit ability, and cost efficiency built in.
• Technical Innovation: Advanced device integrations, over-the-air app updates, and intelligent data deduplication eliminate the friction of fragmented health tracking and enable faster delivery of new features.
• Strategic Independence: By moving off a restrictive third-party white-label app, Options Medical gained full ownership of their digital platform—unlocking flexibility to innovate, adapt, and compete on their own terms.

Key Takeaways

Delivering this platform required navigating several uncertainties, from integrating proprietary Bluetooth medical devices without an SDK to managing and normalizing complex health data across multiple sources. These challenges introduced risk and complexity, but through persistence and deep technical problem-solving, F3 Software was able to deliver a secure, reliable solution. The result is a HIPAA-compliant digital health platform that combines mobile usability with a scalable AWS backend, bridging the gap between in-clinic care and daily patient engagement. By moving off a restrictive third-party solution, Options Medical gained the flexibility and ownership needed to innovate freely, roll out new features, and expand its services nationally with a strong technical foundation.