Secure Media Management Portal
HIPAA-Compliant Image Management System
Architected and developed a secure, scalable media management portal using Google Sites, Google Drive, Python, Flask, and Azure Computer Vision API to enable compliant collaboration between program managers and marketing teams while maintaining strict access control for sensitive media of at-risk youth.
Client
CJR
Completion
2 months
Category
Security & Compliance
Situation
CJR faced critical challenges in securely managing and sharing sensitive media of at-risk youth between program managers and marketing teams. Communication and collaboration gaps, combined with the absence of proper access controls, created compliance risks. The sensitive nature of the photos required strict adherence to waiver requirements, as some youth did not have signed waivers. Manual sorting and identifying individuals in photos was time-consuming and error-prone, making it difficult to maintain compliance with privacy regulations.
Task
Design and implement a secure, scalable media management solution that enables program managers to upload images, automatically identifies individuals using image recognition, organizes content by program and individual, and provides role-based access control to ensure only authorized personnel can view media based on consent status and program assignments.
Action
→Architected a secure portal using Google Sites as the frontend interface, providing an intuitive user experience for program managers to upload media
→Developed a Flask-based Python application to serve as the middleware layer, handling authentication, authorization, and business logic
→Integrated Google Drive API for secure, scalable cloud storage of sensitive media with granular access controls
→Implemented Azure Computer Vision API for automated facial recognition and individual identification, eliminating manual sorting processes
→Built automated compliance verification system that cross-references identified individuals with waiver database to enforce access restrictions
→Designed role-based access control (RBAC) system ensuring marketing teams can only access media for individuals with proper consent
→Created program-based organization structure allowing media to be automatically categorized and filtered by program assignment
Results
✓Eliminated compliance risks by ensuring only authorized personnel can access media based on waiver status and program assignments
✓Streamlined collaboration between program managers and marketing teams through secure, organized media access
✓Reduced manual sorting time by implementing automated individual identification using Azure Image Recognition API
✓Established a scalable architecture that can accommodate future growth in media volume and user base
✓Maintained strict HIPAA-compliant data handling practices throughout the entire media lifecycle
✓Enabled secure, efficient workflow that supports both operational needs and regulatory compliance requirements