Patient Portal Development: Build vs. Buy

Table of Contents

Heading

EXCLUSIVE LAUNCH

AI Implementation in Healthcare Masterclass

Start the course

Key Takeaways

Build vs. buy for patient portals is a false binary; the EHR integration layer is always custom work regardless of which portal vendor you choose, because every major EHR exposes different APIs at different depths.
Off-the-shelf patient portal software accelerates time to launch for practices with standard workflows, but hits a ceiling when you need non-standard data flows, custom notification logic, or integration with systems the vendor doesn't support.
Multi-role access (patient, provider, admin, caregiver) needs to be designed into the data model from day one; retrofitting role-based access controls onto a single-role portal costs roughly as much as rebuilding it.
HIPAA compliance for patient portals requires more than encryption: it includes audit logging for every data access event, session timeout policies for shared clinical devices, and BAAs with every technology vendor in the stack.
Patient portal software development takes 12-20 weeks and $150K-$350K for a production-grade custom build covering scheduling, secure messaging, and health record access; off-the-shelf platforms start at $2K-$15K per month with significant integration and customization costs on top.

Is Your HealthTech Product Built for Success in Digital Health?

Download the Playbook

Introduction

Patient portal development is where healthcare startups and established practices consistently underestimate complexity. The core product concept is straightforward: give patients a web or mobile interface to access their records, schedule appointments, and communicate with their care team. The reality of building it is considerably harder. Every patient portal depends on EHR integration, which means every design decision is shaped by what your EHR exposes through its APIs, how your regulatory requirements constrain data access, and whether your patient population's workflow expectations match what standard portal software supports.

This guide frames patient portal development as a decision problem: when does custom patient portal software development make sense, when do off-the-shelf products serve you better, and what determines which category you're actually in? The answer varies by EHR vendor, specialty, patient volume, and integration depth requirements, but the decision criteria are consistent across most healthcare organizations.

The Build vs. Buy Decision Framework

The build vs. buy decision for patient portals depends on three variables: EHR integration depth, workflow differentiation, and scale. Most organizations get this analysis wrong because they evaluate the portal UI and feature set without properly scoping the integration layer underneath it.

Buy when: your EHR vendor sells or certifies a portal that already connects to your system, your patient workflows are standard (scheduling, messaging, record access), and you don't need custom data flows or non-standard integrations. Epic's MyChart, athenahealth's Patient Portal, and Oracle Health's HealtheLife serve practices with standard needs well.

The tradeoff: you get the vendor's feature roadmap, not yours. Custom notification logic, specialty-specific intake workflows, integration with a remote monitoring platform, or a patient-facing interface for a condition management program all hit the ceiling of what the vendor supports. See our analysis of custom vs. off-the-shelf EHR solutions for how to frame this decision across your full technology stack.

Build when: the patient-facing product is your core offering, not a feature of your clinical operations. Digital health companies, telemedicine platforms, and condition management programs typically fall here. Custom patient portal software development is also the right call when you're integrating across multiple EHRs, which standard portal vendors handle poorly or not at all.

Hybrid: buy the commodity UI layer (scheduling widget, secure messaging library), build the integration layer connecting it to your EHR and clinical systems, and build the custom logic specific to your use case. Most serious patient portal builds land here. The integration work is always custom regardless of what portal framework you start with.

EHR Integration: The Non-Negotiable Layer

Every patient portal decision eventually comes down to EHR integration, and this is where the framework above plays out in practice. The integration layer determines what data your portal can read and write, how current that data is, and what the maintenance cost looks like over time.

Three integration patterns exist in production patient portals.

FHIR R4 API integration is the modern standard and the right target for new builds. Epic, Oracle Health, and athenahealth all expose FHIR R4 endpoints for patient data. The FHIR and HL7 foundation guide covers what production FHIR implementations look like and where the gaps are. SMART on FHIR handles the authorization layer; see our SMART-on-FHIR implementation guide with AWS HealthLake for the technical setup.

HL7 v2 interface layer handles events and data types FHIR doesn't yet cover reliably: ADT (admit/discharge/transfer) events, lab results delivery, and appointment updates from legacy lab and scheduling systems. The HL7 standards guide covers the interface patterns relevant to portal development.

Proprietary vendor APIs fill the gaps both FHIR and HL7 v2 leave open. Our guide to EHR integration covers vendor-specific integration patterns across Epic, Oracle Health, and athenahealth.

For organizations running more than one EHR, mastering multi-EHR integration covers the normalization patterns that prevent per-EHR feature divergence.

Multi-Role Access Architecture

Patient portals sound like single-user products but they rarely are in production. Most clinical portals need at least four distinct access roles, and the permission model for each is meaningfully different.

Patient access is the obvious starting point: authenticated patients read their own records, schedule appointments, message their care team, and manage their account.

Provider access flips the view: a clinician sees their patient panel, responds to messages, reviews pending requests, and in some portals, reviews and approves documents patients have submitted.

Admin access covers scheduling management, user account administration, content management, and reporting.

Caregiver and proxy access is where most portals underinvest. Parents managing a minor child's care, adult children managing an elderly parent's records, and designated healthcare proxies all have legitimate reasons to access another person's health information. The permission model for proxy access is the most complex: you need to define what a proxy can see and do, whether the patient can revoke proxy access, and how to handle disagreements on record visibility.

Design the role model into the data schema from the start. Adding proxy access to a portal built for single-user patient access typically requires rewriting the permission and data visibility layers.

Core Feature Set for a Patient Portal MVP

Scheduling and appointment management. Patients book, reschedule, and cancel appointments without calling. Budget the majority of scheduling feature time for EHR integration, not UI.

Secure messaging. Patients send questions, receive responses, and see message history with their care team. The compliance requirement is encryption at rest and in transit, retention policies aligned with medical record requirements, and audit logs for every access event.

Health record access. Patients view their problem list, medication list, lab results, and visit summaries. The read layer is FHIR R4 for modern EHRs. This is where healthcare workflow automation overlaps with portal development: surfacing the right records at the right time reduces incoming message volume and support burden.

Patient intake and forms. Pre-visit intake questionnaires, consent forms, and demographic updates are the highest-value workflow automation in most practices. Digital intake eliminates front-desk data entry, reduces check-in time, and surfaces information before the encounter.

HIPAA Compliance for Patient Portals

HIPAA compliance isn't a checkbox; it's an architectural requirement that touches authentication, data storage, network configuration, logging, and vendor management. The HIPAA compliance guide for healthcare CTOs covers the full technical control set.

Authentication and session management. Multi-factor authentication for all portal access. Session timeouts matched to access context: a 60-minute timeout acceptable for a patient on their phone may not be acceptable for a provider on a shared clinical workstation.

Audit logging. Every PHI access event logged with who accessed what, when, from which IP, and in which session. The log is immutable, retained according to your state medical records retention law.

Encryption. TLS 1.2 or higher for all data in transit. AES-256 for data at rest. Encryption key management on a separate system with access controls and rotation policies.

Business Associate Agreements. Every technology vendor that processes or stores PHI requires a signed BAA. Missing a BAA in the chain is a HIPAA violation regardless of technical controls. Our breakdown of what counts as PHI under HIPAA covers the edge cases engineering teams routinely miss.

De-identification for non-production environments. Development and staging environments should not contain real patient data. The HIPAA-compliant software development checklist walks through the complete implementation checklist at the code level.

Timeline and Cost Reality

Off-the-shelf patient portal products: $2K-$15K per month for SaaS platforms. Add $20K-$80K for initial integration configuration, EHR connectivity setup, and any custom workflow development the vendor supports.

Custom patient portal development, standard scope (scheduling, secure messaging, health record access, patient intake, single EHR): 14-20 weeks, $150K-$250K for engineering. Add 4-6 weeks and $30K-$50K for HIPAA compliance infrastructure if starting from scratch. Teams building on HIPAA-compliant infrastructure foundations like HealthStack Terraform modules cut 2-4 weeks off that compliance infrastructure timeline.

Custom portal, multi-EHR integration: Add 8-16 weeks and $80K-$200K per additional EHR vendor. The patterns from our EHR data migration guide are relevant when migrating patient data from one system to another mid-portal build.

Ongoing: Expect 15-25% of the initial build cost per year for maintenance, EHR API version updates, security patches, and feature additions.

Frequently Asked Questions

What's the fastest way to launch a patient portal?

An off-the-shelf product certified for your EHR (Epic App Orchard, athenahealth Marketplace) is the fastest path for standard use cases: typically 4-8 weeks from contract to live. Custom development for standard scope starts at 14-16 weeks.

Do we need FHIR R4 or is HL7 v2 enough?

For a new build targeting modern EHRs (Epic, Oracle Health, athenahealth), FHIR R4 is the right starting point for patient data reads. HL7 v2 interfaces are still needed for real-time event feeds (lab results, ADT events) that FHIR Subscriptions don't yet cover reliably. Production portals typically use both.

How do we handle patients who access the portal from shared devices?

Session management and timeout policies need to match the access context. For patient-owned mobile devices, 30-60 minute timeouts are standard. For shared household computers, shorter timeouts and explicit logout prompts are better defaults. For clinic kiosks, implement automatic logout after a much shorter idle period (5-10 minutes).

Can we build a patient portal without EHR integration?

Yes, but the product is significantly limited. A portal without EHR integration can handle scheduling (if you manage your own scheduling system), secure messaging, and intake forms. It can't surface clinical records, medication lists, lab results, or visit summaries from the EHR.

What's the right first milestone for a custom patient portal build?

A functional scheduling module with EHR write-back, tested end-to-end with real appointments in a staging environment. Scheduling is the most complex EHR integration in most portal builds, and getting it right early validates your integration approach.

How much does HIPAA compliance add to a patient portal build?

For teams starting from scratch on cloud infrastructure, 3-5 weeks and $30K-$50K for HIPAA controls: BAA setup with all vendors, encryption configuration, audit logging infrastructure, access controls, and security documentation. For teams building on pre-configured HIPAA-compliant infrastructure, implementation time drops to 1-2 weeks.

What does patient portal development cost for a multi-specialty group?

A multi-specialty group portal with a single EHR, four user roles, scheduling, messaging, record access, and intake forms: 18-24 weeks, $200K-$350K for engineering. If the group runs more than one EHR system, add $80K-$150K per additional EHR. Ongoing maintenance runs 20-25% of the initial build cost per year.

Written by Piotr Ratkowski

Head of Growth

Grows Momentum's client portfolio and advises HealthTech teams on product strategy, market positioning, and where AI actually makes a difference. Writes about the trends and decisions shaping digital health.