> abridge-deploy-integration
Deploy Abridge clinical AI integration to HIPAA-compliant cloud infrastructure. Use when deploying to GCP Cloud Run, AWS ECS, or Azure Container Apps with healthcare-grade secrets management and compliance controls. Trigger: "deploy abridge", "abridge production deploy", "abridge Cloud Run", "abridge AWS deploy", "abridge HIPAA infrastructure".
curl "https://skillshub.wtf/jeremylongshore/claude-code-plugins-plus-skills/abridge-deploy-integration?format=md"Abridge Deploy Integration
Overview
Deploy Abridge clinical AI integration to HIPAA-compliant cloud infrastructure. Healthcare deployments require BAA-covered cloud services, encrypted secrets, audit trails, and VPC-restricted networking.
Prerequisites
- Completed
abridge-prod-checklist - BAA-covered cloud account (GCP, AWS, or Azure)
- Container registry access
- Abridge production credentials from partner portal
Instructions
Step 1: HIPAA-Compliant Dockerfile
# Dockerfile
FROM node:20-slim AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
RUN npm run build
FROM node:20-slim
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates curl && rm -rf /var/lib/apt/lists/*
# Run as non-root (HIPAA best practice)
RUN groupadd -r abridge && useradd -r -g abridge abridge
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package.json ./
USER abridge
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
CMD curl -f http://localhost:3000/health || exit 1
CMD ["node", "dist/server.js"]
Step 2: GCP Cloud Run Deployment (HIPAA BAA)
#!/bin/bash
# deploy-cloud-run.sh
PROJECT_ID="${GCP_PROJECT_ID}"
SERVICE_NAME="abridge-integration"
REGION="us-central1"
# Build container
gcloud builds submit --tag "gcr.io/${PROJECT_ID}/${SERVICE_NAME}"
# Deploy to Cloud Run with HIPAA controls
gcloud run deploy "${SERVICE_NAME}" \
--image "gcr.io/${PROJECT_ID}/${SERVICE_NAME}" \
--region "${REGION}" \
--platform managed \
--no-allow-unauthenticated \
--min-instances 1 \
--max-instances 10 \
--memory 1Gi \
--cpu 2 \
--timeout 120 \
--set-secrets="ABRIDGE_CLIENT_SECRET=abridge-client-secret:latest,ABRIDGE_ORG_ID=abridge-org-id:latest,EPIC_CLIENT_SECRET=epic-client-secret:latest" \
--vpc-connector "projects/${PROJECT_ID}/locations/${REGION}/connectors/abridge-vpc" \
--vpc-egress all-traffic \
--set-env-vars="NODE_ENV=production,NODE_TLS_MIN_VERSION=TLSv1.3,AUDIT_LOG_ENABLED=true"
# Verify health
SERVICE_URL=$(gcloud run services describe "${SERVICE_NAME}" --region="${REGION}" --format='value(status.url)')
curl -s "${SERVICE_URL}/health" -H "Authorization: Bearer $(gcloud auth print-identity-token)"
Step 3: Health Check Endpoint
// src/server/health.ts
import express from 'express';
const app = express();
app.get('/health', async (req, res) => {
const checks = {
server: 'healthy',
abridge: await checkAbridgeApi(),
fhir: await checkFhirEndpoint(),
timestamp: new Date().toISOString(),
};
const allHealthy = Object.values(checks).every(v => v === 'healthy' || typeof v === 'string');
res.status(allHealthy ? 200 : 503).json(checks);
});
async function checkAbridgeApi(): Promise<string> {
try {
const res = await fetch(`${process.env.ABRIDGE_BASE_URL}/health`, {
headers: { 'Authorization': `Bearer ${process.env.ABRIDGE_CLIENT_SECRET}` },
signal: AbortSignal.timeout(3000),
});
return res.ok ? 'healthy' : 'degraded';
} catch { return 'unhealthy'; }
}
async function checkFhirEndpoint(): Promise<string> {
try {
const res = await fetch(`${process.env.EPIC_FHIR_BASE_URL}/metadata`, {
signal: AbortSignal.timeout(3000),
});
return res.ok ? 'healthy' : 'degraded';
} catch { return 'unhealthy'; }
}
app.listen(3000, () => console.log('Abridge integration server on :3000'));
Step 4: GCP Secret Manager Setup
# Create secrets (one-time setup)
echo -n "partner_secret_here" | gcloud secrets create abridge-client-secret --data-file=-
echo -n "org_id_here" | gcloud secrets create abridge-org-id --data-file=-
echo -n "epic_secret_here" | gcloud secrets create epic-client-secret --data-file=-
# Grant Cloud Run service account access
SA="abridge-integration@${GCP_PROJECT_ID}.iam.gserviceaccount.com"
gcloud secrets add-iam-policy-binding abridge-client-secret \
--member="serviceAccount:${SA}" --role="roles/secretmanager.secretAccessor"
Output
- HIPAA-compliant Docker image with non-root user
- Cloud Run deployment with VPC connector and TLS 1.3
- Health check endpoint monitoring Abridge + FHIR
- Secrets managed via GCP Secret Manager
Error Handling
| Issue | Cause | Solution |
|---|---|---|
| Deploy rejected | Missing BAA | Sign Google Cloud BAA first |
| Secret access denied | IAM misconfigured | Grant secretAccessor role to service account |
| Health check fails | Cold start latency | Set min-instances to 1 |
| VPC connector error | Not created | Create VPC connector in same region |
Resources
Next Steps
For webhook event handling, see abridge-webhooks-events.
> related_skills --same-repo
> fathom-cost-tuning
Optimize Fathom API usage and plan selection. Trigger with phrases like "fathom cost", "fathom pricing", "fathom plan".
> fathom-core-workflow-b
Sync Fathom meeting data to CRM and build automated follow-up workflows. Use when integrating Fathom with Salesforce, HubSpot, or custom CRMs, or creating automated post-meeting email summaries. Trigger with phrases like "fathom crm sync", "fathom salesforce", "fathom follow-up", "fathom post-meeting workflow".
> fathom-core-workflow-a
Build a meeting analytics pipeline with Fathom transcripts and summaries. Use when extracting insights from meetings, building CRM sync, or creating automated meeting follow-up workflows. Trigger with phrases like "fathom analytics", "fathom meeting pipeline", "fathom transcript analysis", "fathom action items sync".
> fathom-common-errors
Diagnose and fix Fathom API errors including auth failures and missing data. Use when API calls fail, transcripts are empty, or webhooks are not firing. Trigger with phrases like "fathom error", "fathom not working", "fathom api failure", "fix fathom".