Telemedicine Cursor Rules Template | Telehealth Stack | Suhas Bhairav

Overview

Direct answer: This Cursor rules template provides a concrete, copyable .cursorrules block for a telemedicine stack. It targets a Next.js frontend with a NestJS API, PostgreSQL via TypeORM, WebRTC for video, Stripe for payments, and Cursor AI to guide implementation with strict data handling and security.

Cursor AI rules are embedded to keep PHI safe and to constrain automation to verifiable, auditable actions.

When to Use These Cursor Rules

When building a HIPAA-conscious telemedicine platform with video calls
When implementing patient intake and triage workflows
When modeling doctor notes and charting data
When integrating payments and billing flows
When enabling secure messaging between patients and providers
When enforcing RBAC, auditing, and data-residency requirements

Copyable .cursorrules Configuration

# Telemedicine Cursor Rules for Next.js + NestJS + PostgreSQL stack
# Framework Role & Context
framework: 'Next.js (TypeScript) + NestJS (TypeScript)'
context: 'Telemedicine platform with video calls, patient intake, doctor notes, payments, and secure messaging. PostgreSQL via TypeORM. WebRTC video. Stripe payments. JWT/OAuth2 auth. Cursor AI rules enforce security and architecture.'
# Code Style and Style Guides
style: 'eslint + prettier, strictTypeScript, noImplicitAny, consistent naming'
# Architecture & Directory Rules
architecture: 'Monorepo: apps/web, apps/api; packages/database, packages/payments, packages/messaging, packages/telemedicine'
directoryRules: 'Domain modules: patient, doctor, appointment, visitNote, payment, message, videoSession; shared libs for types; use path aliases'
# Authentication & Security Rules
authentication: 'OAuth2 Authorization Code flow; JWT access tokens; refresh tokens; PKCE for SPA; TLS 1.3; RBAC'
security: 'PHI encrypted in transit and at rest; audit logs; CSRF protection; input validation; secrets managed via env; no secrets in code'
# Database and ORM patterns
database: 'PostgreSQL with TypeORM; entities: Patient, Doctor, Appointment, VisitNote, Payment, Message, VideoSession; migrations; indexes; soft delete'
# Testing & Linting Workflows
testing: 'Jest unit tests; Supertest for API; Playwright for E2E; lint with ESLint; format with Prettier; CI with GitHub Actions'
# Prohibited Actions and Anti-patterns for the AI
antiPatterns: 'Do not generate raw PHI in prompts; do not bypass auth checks; do not perform direct DB writes from client; avoid insecure WebSocket usage; no hard-coded secrets; never skip input validation'

Recommended Project Structure

workspace-root/
  apps/
    web/
      src/
        pages/
        components/
    api/
      src/
        main.ts
        modules/
  packages/
    database/
      src/
        entities/
        migrations/
    payments/
      src/
        stripe/
    messaging/
      src/
        chat/
        secureMessaging/
    telemedicine/
      src/
        intake/
        notes/
        video/
        payments/
  scripts/
  tests/

Core Engineering Principles

Security-first by default with explicit PHI handling
HIPAA-aligned data governance and access controls
End-to-end typing and domain-driven design
Observability, tracing, and structured logging
Defensive coding with strict input validation and test coverage
Performance-conscious architecture and caching strategy

Code Construction Rules

Use TypeScript across frontend and backend; enable strict mode
Define DTOs and input schemas for API boundaries
Implement repository pattern with an ORM (TypeORM) and migrations
Apply consistent naming conventions and folder structure
Validate all inputs; never trust client data
Keep business logic out of UI components
Respect API versioning and backwards compatibility
Audit and log security-relevant events

Security and Production Rules

Enforce TLS 1.3 end-to-end; encrypt PHI at rest
RBAC with audit trails; restrict PHI access by role
CSRF protection and appropriate CORS policies
Secrets management via environment variables and secret stores
Secure WebRTC signaling and media paths; validate tokens
Regular vulnerability scans and dependency updates

Testing Checklist

Unit tests for domain models (Patient, Doctor, VisitNote, Payment)
Integration tests for API endpoints with real DB in test env
End-to-end tests for video call flow and intake forms
Linting, formatting, and type checks in CI
Security regression tests and access control verification
Backup restore and disaster recovery drills

Common Mistakes to Avoid

Storing PHI in insecure locations like localStorage
Failing to enforce proper RBAC and audit logs
Overusing client-side redirects without server validation
Committing secrets or API keys in code
Neglecting video quality and retry logic in WebRTC
Ignoring compliance requirements during rapid feature adds

Related Cursor rules templates

Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.

FAQ

What is the Telemedicine Cursor Rules Template?

A copyable Cursor rules configuration block tailored to a telemedicine stack (video calls, intake, notes, payments, and secure messaging) built with Next.js/NestJS, PostgreSQL via TypeORM, and Cursor AI rules.

Which stack does this template target?

Frontend: Next.js (TypeScript); Backend: NestJS (TypeScript); Database: PostgreSQL via TypeORM; Video: WebRTC; Payments: Stripe; Auth: OAuth2/JWT; Cursor AI guides development with architecture constraints.

How do I apply this template in my project?

Copy the .cursorrules block into the project root, adjust environment values, and align your folder structure with the recommended layout.

Is PHI protected by default in this template?

The template enforces encrypted transport and at-rest protection, RBAC, and audit logging. To meet exact HIPAA requirements, configure deployment security, retention, and access policies.

Can I customize the video call and secure messaging components?

Yes. The template provides guidance for WebRTC signaling and messaging storage while maintaining strict access controls and audit logs.

Telemedicine Cursor Rules Template for Secure Video Calls, Intake, Notes, Payments, and Messaging

Target User

Use Cases