Medical Supplies App Development

Healthcare providers, procurement teams, and direct-to-consumer medical supply platforms need engineering teams who understand the regulatory complexity of medical device classification, controlled substance tracking, HIPAA-compliant data handling, and the supply chain integrity requirements that distinguish medical procurement from general e-commerce. Scrums.com provides dedicated software engineering teams for medical supplies app development, deploying production-ready systems with UDI-compliant product catalogues, append-only procurement ledgers, HIPAA audit controls, and the formulary and e-prescribing integration that connects supply procurement to clinical workflows.

Product Catalogue, Regulatory Classification, and Procurement Architecture

Medical supply catalogues carry regulatory metadata that general e-commerce platforms do not model: FDA device classification, GMDN codes, UDI (Unique Device Identifier) for Class II and Class III devices, CE marking status, sterility requirements, and applicable compliance standards. The product model must capture and version this regulatory metadata alongside commercial attributes.

The product master table carries: product_id, manufacturer_id, device_class (I | II | III | OTC | RX_ONLY | CONTROLLED), gmdn_code, udi_di (device identifier component of UDI), sterile (boolean), single_use (boolean), and a regulatory_clearances child table with clearance_type (FDA_510K | FDA_PMA | CE_CLASS_I | CE_CLASS_IIa | CE_CLASS_IIb | CE_CLASS_III), clearance_number, issued_at, and valid_until. Regulatory clearances are immutable records; if a clearance is updated or renewed, a new row is written: the original clearance row is never overwritten.

UDI compliance for dispensable units uses a product_instances table capturing the UDI-PI (production identifier: lot number, serial number, manufacture date, expiry date). product_instances are immutable once created; transfers, dispensing events, and recalls reference instance rows rather than modifying them.

Procurement orders follow an append-only workflow: a purchase_order_events table captures CREATED, SUBMITTED_TO_SUPPLIER, CONFIRMED_BY_SUPPLIER, PARTIALLY_RECEIVED, FULLY_RECEIVED, INVOICED, PAID, and CANCELLED states with timestamps and operator references. Goods receipt writes inventory_receipts rows that link received quantities to the purchase order line and the specific product_instances created on receipt. The inventory ledger is the same append-only transactions table used across Scrums.com-built distribution platforms, ensuring that stock on hand is always a computable aggregate rather than a mutable field.

Inventory Management, Order Fulfilment, and Supply Chain Tracking

Medical supply inventory requires tracking by lot, expiry, and serial number, not just by SKU quantity. The inventory_transactions ledger carries variant_id, product_instance_id (for lot and serial tracked items), location_id, transaction_type (RECEIPT | DISPENSED | RETURNED | QUARANTINED | RECALLED | ADJUSTED | TRANSFERRED), quantity, and a reference to the source document.

Lot expiry management uses a materialised view of inventory by lot and expiry date, refreshed on a configurable schedule. Dispensing logic applies FEFO (First Expiry First Out) by default: when a dispensing order is fulfilled, the system selects the lot with the nearest expiry date that has sufficient quantity available. FEFO behaviour is configurable per product category via a dispensing_config table: some consumables follow FIFO instead, so the rule is adjustable without a code change.

Recall management uses the product_instances table to trace affected units. When a recall is issued, a recall_events row is created with the recalled lot numbers, recall classification, and required action (QUARANTINE | RETURN_TO_SUPPLIER | DESTROY). A recall_inventory_holds table creates holds against all inventory_transactions rows that reference the recalled lots, preventing dispensing of affected units before the recall action is completed. Hold status follows its own state machine (ACTIVE / UNDER_REVIEW / RELEASED | DESTROYED | RETURNED) with each transition appended to recall_hold_events.

Order fulfilment for healthcare provider accounts applies a multi-step authorisation workflow for controlled and RX-only items. A fulfilment_authorisations table records the authorising clinician, credential type, authorisation reference, and the items authorised. Fulfilment of controlled items cannot proceed without an APPROVED row in fulfilment_authorisations; the check is enforced at the application layer before any inventory_transaction row is written.

Medical supplies apps like these are built and delivered by dedicated engineering teams through our mobile app development service.

HIPAA Compliance, Controlled Substance Controls, and Audit Architecture

Medical supply platforms that handle patient-linked orders, prescription records, or delivery addresses tied to health conditions must comply with HIPAA. Protected health information (PHI) fields (patient_id references, delivery addresses for prescription items, diagnostic codes on formulary orders) are stored with row-level encryption and access is controlled by a role-permission matrix enforced at the database layer rather than in application code alone.

Access to PHI-linked records is logged in an access_log table: user_id, resource_type, resource_id, access_type (READ | WRITE | EXPORT), and accessed_at. An HMAC chain links each access_log row to the previous row, making the log tamper-evident: if a row is deleted or modified, the HMAC chain breaks. A scheduled integrity check verifies the chain and alerts if a break is detected. Break-glass access: emergency access by users outside their normal permission set, writes to a separate break_glass_events table and triggers a Privacy Officer notification queue.

Controlled substance tracking implements DEA Schedule requirements. Controlled substance product lines carry a dea_schedule attribute (II | III | IV | V). Orders for Schedule II items require a order_authorisation_events row with the prescriber's DEA number, the authorisation date, and the authorised quantity before any dispensing transaction can be written. A controlled_substance_dispensing_log table captures every dispensing event for controlled items with dispensing pharmacist credential, patient reference, and quantity dispensed: this log is immutable and satisfies DEA record-keeping requirements.

The audit trail for regulatory purposes is generated directly from the append-only source tables: procurement events, inventory transactions, access logs, dispensing logs, and recall events. Because none of these tables use in-place updates, the audit trail cannot be retroactively altered. Regulatory reports can be generated from these tables at any time without extracting data to a separate audit database.

Telehealth Integration, e-Prescribing Workflows, and Formulary Management

Medical supply platforms serving clinical providers increasingly integrate with telehealth systems to close the gap between prescribing and fulfilment. A prescription_adapter layer normalises inbound e-prescriptions from NCPDP SCRIPT-compliant sources and maps them to the platform's internal product catalogue using NDC codes and GMDN lookups. Prescriptions are stored in a prescription_records table as immutable documents: prescriber_id, patient_reference, prescribed_items (JSONB with NDC, quantity, days_supply, refills_authorised), and received_at. An outbound prescription_status_messages adapter sends NCPDP status responses back to the prescribing system at each fulfilment milestone.

Formulary management for healthcare provider accounts uses a formularies table: account_id, formulary_name, effective_from, effective_to, and a formulary_items child table with product_id, tier (PREFERRED | NON_PREFERRED | RESTRICTED | EXCLUDED), and any quantity or frequency limits. Formulary versions are immutable: a new formulary record and formulary_items set is created for each update, and the previous version is retained with its effective_to date set. Orders are validated against the formulary version active at order submission time, not the current version, preventing retroactive formulary changes from invalidating completed orders.

Integration with EHR systems uses an HL7 FHIR R4 adapter that maps patient demographics (Patient resource), medication orders (MedicationRequest), and supply orders (SupplyRequest) to the platform's internal schema. The FHIR adapter writes inbound resource payloads to an fhir_inbound_log for traceability. Outbound FHIR messages (fulfilment status updates and supply delivery confirmations) are generated from internal order events and dispatched via the adapter. Switching EHR integration partners requires a new adapter module, not changes to core order or inventory logic.

Patient-specific delivery management for home healthcare supply orders tracks consignments to patient addresses without embedding raw patient addresses in order tables. Delivery records carry a patient_address_token that resolves to the encrypted address record in a separate, access-controlled table. This tokenisation ensures that fulfilment staff who need delivery routing information access only the address they require, without exposure to the patient's broader health record.