FASTCLINIC SOLUTION · DOORCTA

Tell us what hurts. Talk to a doctor in under 30 seconds.

Doorcta is the telehealth layer of the Fastclinic ecosystem. AI triages your intake, the matcher finds you a verified doctor, the consult runs over secure video, and the notes flow into OneHealth. Idempotent on the credit side, audited on the clinical side.

Get matchedRead the docs
10:42MTN5G
Tell us what hurts
Matched in under 30 seconds
Find a doctor
AI triage · routed to a licensed doctor
Choose your path
I'm a

Patient

Matched to a doctor in under 30 seconds.

Read this view →
I'm a

Doctor

Go online. Take consults. Get paid.

Read this view →
I'm a

Practice & Clinic Admin

Roster, coverage, payouts, SLA.

Read this view →
Doorcta is the telehealth layer of the Fastclinic ecosystem — AI triage with hard safety guardrails, a matching engine that connects patients to verified doctors in seconds, and a credit hold that never double-charges, all composed on the platform's shared identity, credits, and records.

Technical overview

Doorcta is the telehealth layer of the Fastclinic ecosystem. The promise is simple: a Nigerian patient with a clinical question should be talking to a verified doctor in under 30 seconds — with a credit ledger that never double-charges, a record that is never lost, and a triage step that escalates a red flag faster than the platform asks for confirmation.

Every intake is triaged for urgency before a doctor is matched, and triage is one-way — it can raise urgency but never lower it. A deterministic safety check for red-flag symptoms such as chest pain, breathlessness, or signs of stroke runs first and can force an emergency escalation on its own. The assistant never diagnoses and never prescribes — those guardrails are non-negotiable — and every step it takes is logged.

When a patient requests care, Doorcta doesn't grab the first available doctor — it scores eligible, verified, online doctors on specialty fit, rating, responsiveness, and current load, then reassigns quickly if a doctor doesn't respond. A consultation reserves a credit when matching starts and only charges it when the consult actually happens; if the match fails or the patient cancels, the hold is released — so a patient is never charged for care they didn't receive.

Doctor notes and prescriptions are written straight into OneHealth, the patient's single encrypted record surface — Doorcta keeps no medical records of its own, so a patient's clinical history isn't scattered across every app that touched it. Consultations happen over encrypted video, and the realtime connection is what makes the under-30-seconds promise possible.

The NDPA 2023 governs every piece of personal data, the data controller is Fastclinic Limited (RC 1919428), and everything runs within African data residency. Doctors never self-onboard into the live pool: they submit their MDCN registration, a government ID, and a liveness check, and stay invisible to the matcher until those checks pass. The result is a Nigerian-context telehealth product that doesn't fragment the patient's data, doesn't double-charge, doesn't skip triage, and doesn't put an unverified clinician in front of a sick person.

Capabilities

AI base
  • Triage agent on Opus · single-shot classifier
  • Deterministic red-flag pre-check · runs before LLM
  • Triage invariant · urgency only increases
  • All AI calls audit-logged · input/output/tools/guardrails
  • Healthcare guardrails non-negotiable · no diagnosis, no Rx
  • Single import boundary · ai/base.ts is the only call site
Match state machine
  • DOCTOR_RESPONSE_TIMEOUT_MS = 15s · accept/decline window
  • PATIENT_CONFIRM_TIMEOUT_MS = 10s · confirm window
  • MAX_REASSIGNMENT_ATTEMPTS = 10 · ceiling on retries
  • Doctor pool gate · online + verified + capacity
  • Atomic claim · Redis SETNX with 20s TTL
  • 5-factor scorer · BASE_WEIGHTS tunable without redeploy
Cost & credits
  • CONSULTATION_COST = 1 credit · 1 credit = 1 naira
  • Hold at match start · capture at consult end
  • Release on cancel · release on match failure
  • Reference grammar · consultation:<id>
  • Idempotent retries · UNIQUE(account_id, reference)
  • Doubly-delivered webhooks converge on one debit
Records & PHI
  • Notes flow to OneHealth · POST /v1/records
  • Doorcta keeps no PHI · only the OneHealth record ID
  • Envelope encryption · per-record DEK + UUIDv5 AAD
  • Audit-chained on write · 7-year retention
  • Patient retrieves through OneHealth · single product surface
  • Provenance-tagged on prescription · MDCN signature
Realtime & video
  • Websocket gateway · per-app channel
  • Match events push · no polling
  • Daily.co video · per-session rooms + tokens
  • End-to-end encryption · regulated video provider
  • Chat over the same socket as match events
  • Connection-quality telemetry · admin throughput surface
Verification & compliance
  • MDCN registration verified · mdcn.gov.ng
  • Didit identity check · ID document + face match
  • Selfie liveness · prevent stolen-photo onboarding
  • Re-verify quarterly · suspend on registry change
  • NDPA 2023 compliant · controller Fastclinic Limited
  • African data residency · single Nigerian region

Integrations

Fastclinic
FastLogin

FastLogin is identity. Patient app and Doctor app are OAuth2/OIDC clients of FastLogin (the doorcta-mobile authorization-code-with-PKCE client) and the Doorcta server-to-server callers use the doorcta-server client_credentials grant. Tokens are 15-minute access plus 24-hour refresh with rotation; JWKS is cached for 5 minutes with a singleflight group on unknown-kid lookup. Doctor onboarding routes through FastLogin's KYC handoff (Didit identity-document verification + selfie liveness) before the doctor can flip to verificationStatus=active in the doctor pool. The middleware classifies tokens by client_id because Hydra 2.x stamps sub=client_id on client_credentials tokens.

Fastclinic
FastCredits

FastCredits is the credit ledger. Doorcta calls POST /v1/accounts/:id/hold at match start with the deterministic reference consultation:<id>, captures through POST /v1/holds/:id/capture at consult end, and releases through POST /v1/holds/:id/release on cancel or match failure. CONSULTATION_COST is 1 credit. The single-writer 409-is-success invariant applies: a 409 from a retry is a confirmation that the prior call succeeded and the response was lost, not an error to surface to the patient. The duration_seconds parameter is now honoured (post-OH-09 fix); Doorcta passes the consult's expected lifetime so the hold does not silently default to 10 minutes.

Fastclinic
OneHealth

OneHealth is the record store. Doctor consult notes and any prescription land via POST /v1/records — envelope-encrypted with a per-record DEK, AAD bound to a UUIDv5 derived from the record ID, audit-chained on write. Doorcta stores only the OneHealth record ID locally for the link-back; the body is OneHealth's. The architectural decision is that PHI lives in one product so a patient can retrieve it through one surface. The same record API is used by the doctor's prescription pad — a Sign + send to OneHealth call writes the prescription as a Provenance-tagged record bound to the consult.

External
Daily.co

Daily.co is the video provider. Each consult provisions a per-session room and a per-participant token through doorcta/server/src/video/daily.ts; the rooms are end-to-end encrypted; tokens expire with the consult. The architectural decision is to use a regulated video provider with E2E encryption rather than build a media server — Daily handles SFU, NAT traversal, codec negotiation, and the regulated-region routing that lets us keep the media path inside Africa. The Daily API call is the only routine cross-border edge in the Doorcta data flow; it carries metadata, never PHI.

Compliance & safety

NDPA 2023 — controller Fastclinic Limited (RC 1919428)

Doorcta processes the personal-data fields it needs to operate the consult — the FastLogin user identifier, the chat transcripts, the call metadata, the rating and free-text feedback — under NDPA 2023 §25 lawful bases. The data controller is Fastclinic Limited, RC 1919428, registered in Lagos. The data-processing record is updated alongside every release that touches a new dataset or a new processor. We do not claim NDPC processor registration; that filing is in progress. Clinical content (consult notes, prescriptions) is held by OneHealth under the same controller, not by Doorcta — the architectural separation matches the legal separation.

NDPA 2023
MDCN registration — verified before live pool

Doctors do not self-onboard into the live pool. The onboarding flow uploads the MDCN (Medical and Dental Council of Nigeria) registration number plus a government ID and a selfie liveness; the admin panel runs the manual checks against the MDCN public registry; only when the doctor's verificationStatus flips to active can they go online. Re-verification runs quarterly; suspension on registry-status change is enforced. The pool query gates on both isOnline=true and verificationStatus=active, so the matcher only ever surfaces a verified clinician.

MDCN public registry
Healthcare guardrails — no diagnosis, no prescription from AI

The AI base is a triage and red-flag-detection layer. It does not diagnose; it does not prescribe. Every agent registered in doorcta/server/src/ai/agents/ declares which guardrails apply to it, and the healthcare guardrails (no diagnosis, no prescription) are non-negotiable. Diagnosis and prescribing happen exclusively in the doctor's app, signed by an MDCN-licenced clinician. The deterministic red-flag pre-check runs before the LLM and forces an emergency escalation on a small set of keywords regardless of what the model says, so the AI cannot down-rank a true emergency.

Source — doorcta CLAUDE.md AI base
African data residency — single Nigerian region

Postgres, Redis, and the Daily.co video region all run in or close to a Nigerian-region AWS account that the Fastclinic Limited data controller operates. The chat messages live in the Doorcta database for the consult lifetime; clinical data flows to OneHealth at consult end. Cross-border transfer is limited to specifically-named processors under signed agreements (Daily.co for video media, Paystack for the FastCredits cash on-ramp). The architectural decision is a single residency posture across the ecosystem: the patient's data does not jump regions when they switch from the Doorcta app to OneHealth or to FastCredits.

Master spec — residency policy
Audit posture — every AI call, every match, every consult

Every AI base interaction is audit-logged: input, output, tool calls, guardrail flags, token usage. Every match-state transition is audit-logged through the state machine. Every consult is bracketed by startConsultation and endConsultation events with timestamps, doctorId, patientId, and the FastCredits hold reference. Doorcta itself does not hold PHI; the consult notes and any prescription audit-chain against OneHealth's hash-chained log on POST /v1/records. The 7-year retention applies to the OneHealth audit chain, which is where the clinical record of every consult is anchored.

OneHealth audit posture

Plain answers

Ready to ship with Doorcta?

Request a 30-minute architecture review. We will walk through the integration points, the compliance posture, and the timeline.

Request demoRead the docs