A HIPAA-conscious patient education assistant for orthopedic and sports medicine, built with FastAPI and vanilla JavaScript.
- 🤖 AI-powered patient education chatbot
- 🏥 Orthopedic & sports medicine knowledge base
- 💬 Conversation history with context
- 💳 Subscription management (Stripe-ready)
- 📱 Responsive mobile-friendly design
- 🔒 JWT authentication
⚠️ Mandatory medical disclaimers
- Backend: Python 3.10+, FastAPI, SQLAlchemy, JWT
- Frontend: Vanilla HTML/CSS/JavaScript
- Database: SQLite (easily swappable to PostgreSQL)
- AI: OpenAI API (configurable)
cd jointwise
pip install -r requirements.txtCreate a .env file:
# Required for AI responses
OPENAI_API_KEY=sk-your-openai-api-key
# Security
SECRET_KEY=your-super-secret-key-change-in-production
# Optional: Stripe for subscriptions
STRIPE_SECRET_KEY=sk_test_xxx
STRIPE_PRICE_ID=price_xxx# Start backend
cd backend
uvicorn main:app --reload --host 0.0.0.0 --port 8000
# In another terminal, start frontend server
cd frontend
python -m http.server 8080- Frontend: http://localhost:8080
- API Docs: http://localhost:8000/docs
jointwise/
├── backend/
│ ├── main.py # FastAPI application
│ ├── config.py # Configuration settings
│ ├── models.py # SQLAlchemy models
│ ├── database.py # Database connection
│ ├── routers/
│ │ ├── auth.py # Authentication endpoints
│ │ ├── chat.py # Chat endpoints
│ │ └── subscription.py # Subscription endpoints
│ ├── services/
│ │ └── chat_service.py # OpenAI integration
│ └── utils/
│ └── security.py # Security utilities
├── frontend/
│ ├── index.html # Main application
│ ├── css/
│ │ └── styles.css # Styles
│ └── js/
│ └── app.js # Frontend logic
├── docs/
│ ├── api.md # API documentation
│ ├── system_prompt.md # JointWise system prompt
│ ├── disclaimer.md # Medical disclaimer
│ └── compliance.md # Compliance documentation
├── requirements.txt
├── README.md
└── deploy.md
POST /api/auth/register- Register new userPOST /api/auth/token- Login and get JWT tokenGET /api/auth/me- Get current user info
POST /api/chat/chat- Send message and get AI responseGET /api/chat/conversations- List all conversationsGET /api/chat/conversations/{id}- Get conversation with messagesDELETE /api/chat/conversations/{id}- Delete conversation
GET /api/subscription/status- Get subscription statusPOST /api/subscription/subscribe- Create Stripe checkoutPOST /api/subscription/cancel- Cancel subscriptionPOST /api/subscription/webhook- Stripe webhook handler
JointWise uses a carefully crafted system prompt that:
- Defines the AI's role as an educator (not a diagnostician)
- Sets a warm, professional tone
- Lists capabilities and limitations
- Enforces mandatory medical disclaimers
- Handles sensitive topics appropriately
See docs/system_prompt.md for the full prompt.
Every AI response includes:
⚠️ This content is for educational purposes only and does not constitute medical advice. Please consult your doctor for specific medical guidance.
| Feature | Free | Premium ($9.99/mo) |
|---|---|---|
| Daily messages | 5 | Unlimited |
| Conversation history | ✓ | ✓ |
| Rehabilitation plans | - | ✓ |
| Priority support | - | ✓ |
- Password hashing with bcrypt
- JWT token authentication
- CORS configuration
- Input validation
- SQL injection prevention
- User data stored securely
- Audit logging capability
- PHI anonymization helpers
- Data export capability
Note: This is an MVP. For full HIPAA compliance, additional measures are needed (encryption at rest, secure backups, BAA with cloud providers, etc.).
pytest backend/tests/ -vflake8 backend/
black backend/MIT License - See LICENSE file for details.
Built with ❤️ for better patient education.