How a Healthcare Communications Firm Built a HIPAA-Compliant App to Share Patient Stories

Company: Social Health Research

Industry: Healthcare Communications & Medical Education | Location: Chatham, New Jersey | Use Case: HIPAA-Compliant Patient and Data Management

Behind every medical breakthrough is something that can’t be measured in a lab: the patient experience. Whether it’s a life-changing diagnosis, a treatment journey with unexpected twists and turns, or clinical trials that require more information than blood tests, patient feedback is just as essential as other forms of research.

For pharmaceutical and biotech companies that are trying to develop better therapies and care pathways, these patient stories are invaluable. However, accessing them in a way that’s both authentic and compliant has always been complicated.

Understanding the Sensitivity of Gathering Patient Insights 

Joe Luzi, founder of Social Health Research (SHR) in Chatham, New Jersey, built his company around solving exactly this problem. With over 30 years in the pharmaceutical industry, Joe knew that patient insights could transform how companies understand treatment journeys and improve care. The challenge was creating a system where patients felt safe sharing sensitive health information, where that data remained secure and HIPAA-compliant, and where pharmaceutical partners could actually use the insights to make a difference.

What he needed was a patient portal that could capture stories in multiple formats, from video uploads to written narratives to guided questionnaires. And at the same time, he needed to do so while managing granular consent levels, regularly changing regulations, and strict privacy standards. 

Building something like that from scratch? Joe was sure it would require a development team, significant time, and nonstop updates as HIPAA regulations evolved.

Then Joe found a different path forward: He learned about Knack’s solutions for healthcare.

The Power and Complexity of Patient Storytelling in Healthcare

At its core, SHR helps pharmaceutical, biotech, and medical device companies understand the real-world patient experience. Beyond case studies and testimonials, SHR’s patient stories are authentic accounts from people navigating diagnoses, treatments, and the healthcare system itself.

These stories help companies identify gaps in care, understand treatment barriers, and develop more patient-centric approaches. They give healthcare providers concrete examples to share with patients about what to expect. In addition, they inform everything from drug development to support programs.

But there’s a fundamental tension in this work: the more authentic and detailed a patient story is, the more sensitive the information becomes. Medical histories, treatment details, personal health data all fall under strict HIPAA regulations that are designed to protect patient privacy.

For patients to share openly, they need to trust that their information is secure. They need control over who sees their story and how it’s used. And they need confidence that the platform handling their data takes compliance seriously.

“Patients are only going to share their story when they know the information is secure and they know how that information is being used. So, we’ve built a system that is not only secure but provides different levels of consent for who can see the information and who can view the information.”

— Joe Luzi, Founder of Social Health Research

Honoring Consent Levels

Those consent levels matter in practice. A patient might be comfortable sharing their story with SHR’s team. They might then consent to sharing with a specific pharmaceutical partner working on their condition. Some might choose to share their story within a broader patient community in the portal. Each level requires different permissions, different security considerations, and careful tracking.

Beyond the technical requirements, there’s a human element. Many of the people using the portal are dealing with serious illnesses. The platform needed to be intuitive and low-stress; not another burden in an already difficult time.

“The challenges of running a company that works with patient information is being compliant. It’s one of the major concerns and issues. And building software that is HIPAA-compliant is not easy.”

— Joe Luzi

Why Building HIPAA-compliant Software from Scratch Wasn’t Realistic

When Joe started mapping out what SHR’s patient portal would need to do, the scope became daunting: User authentication and role-based access. Encrypted data storage. Audit trails. Consent management workflows. Multiple input methods for patient stories. Integration with email systems. Admin dashboards for reviewing and approving content.

The natural instinct might be to hire developers and build something custom. But Joe quickly recognized why that wouldn’t work.

Beyond following best practices, HIPAA compliance requires specific technical implementations, regular security assessments, and ongoing monitoring. The regulations themselves aren’t static either. They evolve as technology and healthcare practices change, meaning any custom-built system would need continuous updates.

“When I was building my software, the HIPAA compliant piece was going to be an issue — meaning a very difficult process. It takes a lot of developing, a lot of coding, and I didn’t think my team was up for that.” 

— Joe Luzi

Joe also explored working with traditional software development firms. The ones who understood HIPAA compliance wanted to build everything from the ground up according to his specifications — a process that would be both expensive and slow. The timeline alone was prohibitive. SHR needed to start capturing patient stories and delivering value to pharmaceutical partners, not spend months or years in development cycles.

“Other software companies that I spoke with had a much bigger learning curve, especially on the HIPAA compliance side. And I wasn’t willing to wait for somebody to learn while I’m paying them.”

— Joe Luzi

For a consultancy focused on patient engagement and medical communications, maintaining complex software infrastructure wasn’t the business Joe wanted to be in. He needed a solution that just worked — and kept working as regulations changed.

Finding a Healthcare App Builder that Was Secure, Fast, and Flexible

Joe’s search led him to Knack, a low-code app building that was already HIPAA-compliant and had proven experience with healthcare applications. Two factors stood out immediately:

First, Knack wasn’t just claiming to be HIPAA-compliant. They were actively maintaining that compliance as regulations evolved. Joe wouldn’t have to worry about staying current with changing rules or implementing new security requirements. The platform handled that.

“The two things that were really a game changer for me with the Knack software platform was that they were keeping up with the HIPAA rules and regulations. There was a big change last year and they were keeping up with the change.”

— Joe Luzi

Second, the low-code approach meant Joe could get up to speed quickly without deep technical expertise. Instead of writing code from scratch, he could configure the platform to match his vision for how the patient portal should work.

“I also appreciated the fact that I can get up to speed very quickly using the Knack platform.” 

— Joe Luzi

3 Easy Ways to Start Building For Free

1. Generate an App with AI

2. Use one of our templates

3. Import your own data

Start Building For Free

Free 14-Day Trial. No Credit Card Required

A Key Difference Between Knack and Other Platforms

The difference between Knack and other options came down to ownership and control. With Knack, Joe could build the exact portal he envisioned on top of an already-compliant foundation. Other vendors wanted to build the HIPAA-compliant platform and the custom software simultaneously — an approach that would take longer and give Joe less control over the final product.

“When I researched the software, the one thing that stood out was Knack is a HIPAA-compliant platform, that I could build the software the way I wanted to on top of it. Others were going to create that HIPAA-compliant platform and build the software while I was giving them my specs. That wasn’t going to turn out the way I wanted, and it was going to take way too long.”

— Joe Luzi

Working with Knack’s team, Joe had the portal built in days. Patients log in and choose how they want to share their story through free text, video upload, or guided questions. 

On the admin side, Joe’s team manages consent levels through simple checkboxes and forms built right into the platform. Patients can return anytime to edit or expand their stories. Plus, the system integrates with SHR’s email server to communicate with patients once they’re in the portal.

The results have validated the approach. Patients are sharing their stories, pharmaceutical clients are getting the insights they need to improve care, and Joe’s team can focus on their core mission instead of software maintenance.

A Scalable Foundation for Patient Engagement Today and into the Future

Knack helped SHR create a foundation that will grow as SHR evolves. The platform’s scalability means that as Joe learns more about what patients need or as HIPAA regulations change, the portal can adapt without requiring a rebuild. New features can be added. Workflows can be refined. The system evolves alongside the business.

“In the end, that was what made Knack the perfect fit. It was scalable. As the rules change or you learn more from patients on how to approach them, this can easily scale up or change or modify.”

— Joe Luzi

Looking ahead, Joe sees the portal expanding beyond its current use. The same system that captures patient stories for pharmaceutical companies could help advocacy organizations, healthcare providers, and other groups amplify patient voices across different contexts.

For anyone facing a similar challenge — needing to build HIPAA-compliant software without a development team — Joe’s recommendation is clear.

“If someone’s trying to build a HIPAA-compliant platform, I would wholeheartedly go with Knack. They’ve done this. They understand what HIPAA compliance means. They understand how serious it is; they take it very seriously. And their software works. It’s very easy to use and very easy to configure. It just works.”

— Joe Luzi

What started as a search for compliant software became something more valuable: a safe place for patients to share their experiences and for researchers to gather invaluable information that will scale easily as Joe’s company evolves. 

What’s your vision for a healthcare app that’s easy to build, HIPAA-ready, and secure? Book a meeting with our team today to let us know.

Start building with Knack.