MindBridge

An application that offers advice, supporting resources, and words of comfort to students dealing with mental health issues using official screening forms, questionnaires, and personalized questions.

Comment

Health Care Track

Inspiration

We have personal experience with professional mental health services and loved the idea of helping struggling students by providing intermediary support before seeing a doctor. Seeing as LLMs are popular as mental health support in recent years but notably lack data privacy, we wanted to implement a solution that is the best of both worlds.

What it does

MindBridge is an AI based application that helps to support students with mental health issues. It is NOT a diagnostic service, but rather here to provide helpful resources and advice based on official mental health questionnaires, such as the PHQ-9, GAD-7, C-SSRS, which screen for depression, anxiety, and suicidal ideation, respectively, among many others, and personalized questions. Privacy and data security were two of our top priorities for this project, and we implemented numerous security measures to ensure we reach the level of data privacy sensitive mental health information needs (HIPAA).

How we built it

We started by brainstorming ideas and working out basic details, then making a top level systems design and a process flow-chart. We took note of the most important technical considerations, particularly making the design HIPAA compliant in its level of data security to ensure complete privacy of the user’s data. Once we had fleshed out as much as we could, we began by creating a barebones prototype with Claude, and iterated on it, adding more features and security. We also used Figma for some additional CSS design elements.

Challenges we ran into

The biggest challenge of this project was refining the application to be HIPAA compliant in terms of data security and adjusting the model to be considerate of the needs of the user.

Accomplishments that we're proud of

MindBridge implements HIPAA-compliant security across every layer of the stack. All user data, including conversations, questionnaire results, and account information, is encrypted at rest using AES-256-GCM with unique initialization vectors per operation, making stored files unreadable without the server's master key. Passwords are hashed with PBKDF2 (100,000 iterations, SHA-512, unique salts) and never stored in plaintext. Data in transit is protected by TLS 1.2/1.3 via nginx and Let's Encrypt certificates. The most critical architectural decision is that the AI model runs locally on the server via Ollama, such that no user data ever leaves the infrastructure to third-party AI providers like OpenAI or Google.

Authentication uses HMAC-SHA256 signed tokens with 7-day expiry, and every API request verifies that users can only access their own data. Users also have full control over their information with the ability to delete individual conversations or their entire account, permanently removing encrypted files from all storage in compliance with HIPAA's right to deletion requirements.

What we learned

  1. Security techniques to ensure data security in both transit and rest.
  2. Setting up and hosting a remote website using Ubuntu servers and a DNS from Cloudflare.
  3. Interfacing with locally hosted LLM models
Share this project:

Updates