Skill

abridge-deploy-integration

Deploys Abridge clinical AI integration to HIPAA-compliant GCP Cloud Run, AWS ECS, or Azure Container Apps using Docker and secure scripts.

GCP

AWS

npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin abridge-pack

Tool Access

This skill is limited to using the following tools:

ReadWriteEditBash(gcloud:*)Bash(docker:*)Bash(aws:*)

Preview

Deploy Abridge clinical AI integration to HIPAA-compliant cloud infrastructure. Healthcare deployments require BAA-covered cloud services, encrypted secrets, audit trails, and VPC-restricted networking.

SKILL.md

Similar Skills

abridge-reference-architecture

1.9k

Provides reference architecture for Abridge clinical AI integration with EHRs (Epic/Athena) via FHIR R4 APIs. Includes HIPAA-compliant data flows, project structure for multi-site health systems.

3 tools

abridge-pack

deepgram-deploy-integration

1.9k

Deploys Deepgram transcription services to Docker, Kubernetes, AWS Lambda, and Google Cloud Run using secure Dockerfiles, Compose files, and K8s manifests with health checks.

1 file5 tools

deepgram-pack

anth-deploy-integration

1.9k

Deploys Claude API services to Docker, GCP Cloud Run, Kubernetes with secret management, health checks, rollbacks, and error handling.

5 tools

anthropic-pack

Stats

Parent Repo Stars1854

Parent Repo Forks248

Last CommitMar 22, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Abridge Deploy Integration

Overview

Prerequisites

Completed abridge-prod-checklist
BAA-covered cloud account (GCP, AWS, or Azure)
Container registry access
Abridge production credentials from partner portal

Instructions

Step 1: HIPAA-Compliant Dockerfile

# Dockerfile
FROM node:20-slim AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
RUN npm run build

FROM node:20-slim
RUN apt-get update && apt-get install -y --no-install-recommends \
  ca-certificates curl && rm -rf /var/lib/apt/lists/*

# Run as non-root (HIPAA best practice)
RUN groupadd -r abridge && useradd -r -g abridge abridge
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package.json ./

USER abridge
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
  CMD curl -f http://localhost:3000/health || exit 1
CMD ["node", "dist/server.js"]

Step 2: GCP Cloud Run Deployment (HIPAA BAA)

#!/bin/bash
# deploy-cloud-run.sh

PROJECT_ID="${GCP_PROJECT_ID}"
SERVICE_NAME="abridge-integration"
REGION="us-central1"

# Build container
gcloud builds submit --tag "gcr.io/${PROJECT_ID}/${SERVICE_NAME}"

# Deploy to Cloud Run with HIPAA controls
gcloud run deploy "${SERVICE_NAME}" \
  --image "gcr.io/${PROJECT_ID}/${SERVICE_NAME}" \
  --region "${REGION}" \
  --platform managed \
  --no-allow-unauthenticated \
  --min-instances 1 \
  --max-instances 10 \
  --memory 1Gi \
  --cpu 2 \
  --timeout 120 \
  --set-secrets="ABRIDGE_CLIENT_SECRET=abridge-client-secret:latest,ABRIDGE_ORG_ID=abridge-org-id:latest,EPIC_CLIENT_SECRET=epic-client-secret:latest" \
  --vpc-connector "projects/${PROJECT_ID}/locations/${REGION}/connectors/abridge-vpc" \
  --vpc-egress all-traffic \
  --set-env-vars="NODE_ENV=production,NODE_TLS_MIN_VERSION=TLSv1.3,AUDIT_LOG_ENABLED=true"

# Verify health
SERVICE_URL=$(gcloud run services describe "${SERVICE_NAME}" --region="${REGION}" --format='value(status.url)')
curl -s "${SERVICE_URL}/health" -H "Authorization: Bearer $(gcloud auth print-identity-token)"

Step 3: Health Check Endpoint

// src/server/health.ts
import express from 'express';

const app = express();

app.get('/health', async (req, res) => {
  const checks = {
    server: 'healthy',
    abridge: await checkAbridgeApi(),
    fhir: await checkFhirEndpoint(),
    timestamp: new Date().toISOString(),
  };

  const allHealthy = Object.values(checks).every(v => v === 'healthy' || typeof v === 'string');
  res.status(allHealthy ? 200 : 503).json(checks);
});

async function checkAbridgeApi(): Promise<string> {
  try {
    const res = await fetch(`${process.env.ABRIDGE_BASE_URL}/health`, {
      headers: { 'Authorization': `Bearer ${process.env.ABRIDGE_CLIENT_SECRET}` },
      signal: AbortSignal.timeout(3000),
    });
    return res.ok ? 'healthy' : 'degraded';
  } catch { return 'unhealthy'; }
}

async function checkFhirEndpoint(): Promise<string> {
  try {
    const res = await fetch(`${process.env.EPIC_FHIR_BASE_URL}/metadata`, {
      signal: AbortSignal.timeout(3000),
    });
    return res.ok ? 'healthy' : 'degraded';
  } catch { return 'unhealthy'; }
}

app.listen(3000, () => console.log('Abridge integration server on :3000'));

Step 4: GCP Secret Manager Setup

# Create secrets (one-time setup)
echo -n "partner_secret_here" | gcloud secrets create abridge-client-secret --data-file=-
echo -n "org_id_here" | gcloud secrets create abridge-org-id --data-file=-
echo -n "epic_secret_here" | gcloud secrets create epic-client-secret --data-file=-

# Grant Cloud Run service account access
SA="abridge-integration@${GCP_PROJECT_ID}.iam.gserviceaccount.com"
gcloud secrets add-iam-policy-binding abridge-client-secret \
  --member="serviceAccount:${SA}" --role="roles/secretmanager.secretAccessor"

Output

HIPAA-compliant Docker image with non-root user
Cloud Run deployment with VPC connector and TLS 1.3
Health check endpoint monitoring Abridge + FHIR
Secrets managed via GCP Secret Manager

Error Handling

Issue	Cause	Solution
Deploy rejected	Missing BAA	Sign Google Cloud BAA first
Secret access denied	IAM misconfigured	Grant secretAccessor role to service account
Health check fails	Cold start latency	Set min-instances to 1
VPC connector error	Not created	Create VPC connector in same region

Resources

Next Steps

For webhook event handling, see abridge-webhooks-events.