Chia-Yu Chiang

About

About

Chia-Yu Chiang · 江家寓

Cross-domain background

I started at Ming Chuan University in the Department of Computer & Communication Engineering, majoring in networking, systems architecture, and security fundamentals. In my sophomore year I actively transferred to Biomedical Engineering, because I wanted to apply engineering to a domain that improves human lives.

During my two extra-year stretch I devoted nearly all my time to these two projects ── from architecture design and database authorization model to cloud deployment and CI/CD automation, all done solo.

Work history

  • After-school program admin tool (part-time / internal use)

    Designed a student-roster query and daily-management web app (Vite + Firebase) for the after-school program where I worked. Internal use only, not published.

  • Kaizei Personal Finance OS (solo build / cross-domain project)

    Electron desktop app + Cloudflare Worker cloud backend. Implemented zero-knowledge encrypted vault, OS keychain integration, double-entry ledger. Read Case Study →

  • ClinCalc / ExClinCalc medical information systems (solo build / live, open source)

    Senior thesis project, also primary portfolio for graduate school applications. View all projects →

Engineering principles

I believe a good medical information system isn't about flashy tech — it's about making "trustable" choices:

  • Privacy first ── raw patient data never leaves the user's device
  • Rules over LLMs ── models only fill in gaps that rules don't cover
  • Security at the database layer ── application breach should not leak data

My two systems prove the point: a complete clinical decision support tool can be deployed on Cloudflare + Supabase free tier (effectively zero monthly cost), open-sourced, and pass a complete security review.

Research directions

Three research directions surfaced from building these two systems. Each comes with my current preliminary thinking ── not conclusions, just engineering observations before grad school:

1Design principles for safely embedding LLMs in CDSS ── Can the "rules-first, then LLM" strategy generalize?

The "rules-first, then LLM" strategy works well in ClinCalc / ExClinCalc, with the shared characteristic that rules are explicit, boundaries are clear, and judgments can be binarized (e.g., KDIGO staging, 12 critical drug interactions). The LLM only acts as a translator, not a clinical decision-maker.

My current hypothesis: this strategy generalizes to scenarios where rules are explicit and the LLM is a translator, but does not generalize to scenarios where rules are fuzzy and the LLM must decide (e.g., differential diagnosis, symptom synthesis). In the latter, rule coverage is necessarily incomplete and the LLM cannot be given free rein due to hallucination risk ── this remains an unresolved tension.

Open question: Can we design a "graded trust" architecture that lets the LLM operate with controlled freedom where rules don't cover ── e.g., a second LLM as a fact-consistency meta-checker, or RAG using clinical guidelines as a dynamic knowledge base? This is the first direction I want to deepen in graduate school.

2Privacy architecture evaluation methodology for multi-tenant medical systems ── Latency and security evaluation of RLS under realistic load

ExClinCalc's 14 tables / 29 RLS policies run smoothly in the demo environment, but lack quantitative evaluation under realistic load. Literature on RLS performance mostly stops at "it'll be slow" or "just add an index" anecdotes — there's no systematic benchmark.

My current observation: RLS has minimal impact on point queries (e.g., "fetch my patient X"), but performance noticeably degrades on cross-table JOIN + large-row scenarios. I used EXISTS subqueries + STABLE function caching + index reinforcement, but this is engineering experience, not a principled design method.

Open questions: (a) How do you design a reproducible RLS performance testing framework that compares across schema scales? (b) How do you formally verify policy completeness (e.g., mutation testing or SMT solver to prove no row bypasses any policy)? On security, I did multi-role demo-account cross-testing, but that's not a penetration test. Grad-school plan: real clinic deployment + benchmark + formal verification.

3Trade-off framework for edge computing in healthcare ── A reproducible evaluation method for latency / privacy / availability

The Cloudflare Workers + Supabase architecture runs smoothly for both my systems, but the decision "edge over region-locked" was based on intuition, not quantification. Edge computing intuitively benefits the consumer-side ClinCalc (global low latency), but is questionable for the clinical-side ExClinCalc:

  • Regulations may require data residency ── global edge nodes may violate GDPR / Taiwan's PDPA
  • Healthcare isn't high-frequency trading ── 50ms latency improvement is imperceptible in a clinic; audit consistency / disaster-recovery predictability matter more
  • Free-tier limits could become an SLA risk ── what if a real clinic has a traffic spike and gets throttled?

Open question: Can we build a "medical-software deployment architecture decision matrix" that quantifies regulation / privacy / latency / cost / availability / disaster recovery into comparable dimensions? This direction may straddle medical-informatics management and cloud architecture ── it's the direction I'm least certain about but most want to clarify.

Reading List

Papers selected against the three research directions above, plus domain foundations. This list is what I've read or am reading, with 1-2 lines on why each matters to me ── not a showcase list, but my own learning map.

Theme 1 ── Safely embedding LLMs in CDSS

  1. Large language models encode clinical knowledge Singhal K. et al. · Nature 620, 172–180 (2023)

    The Med-PaLM source paper. Establishes that LLMs reach physician-level performance on medical multiple-choice. Reading it tells you the upper bound of LLM medical capability — and why you still cannot use it to make clinical decisions directly.

  2. Med-HALT: Medical Domain Hallucination Test for Large Language Models Pal A., Umapathi L. K., Sankarasubbu M. · EMNLP 2023 · arXiv:2307.15343

    Splits "medical hallucination" into reasoning and memory, quantifying failure modes of GPT/LLaMA-class models. The motivating paper for my "rules-first, then LLM" strategy.

  3. Evaluation and mitigation of the limitations of large language models in clinical decision-making Hager P., Jungmann F., Holland R. et al. · Nature Medicine 30, 2613–2622 (2024)

    2,400 real cases show that LLMs collapse on actual clinical decision-making (not just exam questions): they don't gather evidence proactively, don't follow guidelines, can't read lab values. Strong support for my "LLMs never make clinical decisions" stance.

Theme 2 ── CDSS classics & failure modes

  1. Improving clinical practice using clinical decision support systems: a systematic review of trials to identify features critical to success Kawamoto K., Houlihan C. A., Balas E. A., Lobach D. F. · BMJ 330: 765 (2005)

    Twenty years on, still the must-read on CDSS. Synthesizes four conditions for CDSS to actually change clinical behavior (auto-trigger, advice-not-assessment, at point of decision, computerized). My design checklist.

  2. Effects of workload, work complexity, and repeated alerts on alert fatigue in a clinical decision support system Ancker J. S. et al. · BMC Medical Informatics and Decision Making 17:36 (2017)

    Quantifies "alert fatigue" — the more interrupted physicians are by alerts, the higher the override rate. Justifies my decision to design 12 critical drug interactions (not thousands).

Theme 3 ── Multi-tenant medical data privacy

  1. The future of digital health with federated learning Rieke N., Hancox J., Li W. et al. · npj Digital Medicine 3, 119 (2020)

    Federated learning offers a systematic solution to the medical-data silo and privacy problem. My RLS solves multi-role isolation within one system; this paper handles cross-institution collaboration ── two complementary paths.

Theme 4 ── Domain foundations

  1. High-performance medicine: the convergence of human and artificial intelligence Topol E. J. · Nature Medicine 25, 44–56 (2019)

    The big-picture must-read on AI in medicine. Topol covers five vertical domains where AI applies in healthcare and the corresponding regulatory / ethical challenges. Helps you understand why I insist on open-source, explainable CDSS.

  2. KDIGO 2024 Clinical Practice Guideline for the Evaluation and Management of Chronic Kidney Disease Kidney Disease: Improving Global Outcomes (KDIGO) · Kidney International 105(4S): S117–S314 (2024)

    The source document for ClinCalc's rule engine. Dual-axis staging (GFR + Albuminuria) + CKD-EPI 2021 formula (race-coefficient removed) is what I implemented directly into referenceRanges.ts.

URLs verified 2026-05. If links break or papers get revised, please email me.
Continually adding to this — paper recommendations are welcome.

What's next

I'm applying for graduate school in AY 116, focusing on clinical decision support systems and safe LLM integration. In the meantime I'll keep refining these two systems, writing case studies, and building industry experience.

Public materials

Thesis, slides, and poster — all open for download:

Tech stack

Frontend

  • Next.js 16 (App Router)
  • React 19
  • TypeScript
  • Tailwind CSS v4

Backend

  • Supabase (PostgreSQL + Auth)
  • PostgreSQL Row Level Security
  • Cloudflare Workers
  • OpenNext for Cloudflare

Multimodal integration

  • Google Gemini 1.5 Flash
  • Multimodal OCR / translation
  • "Rules-first, then LLM" strategy

DevOps & security

  • GitHub Actions CI/CD
  • TOTP MFA + 5-attempt lockout
  • Audit logs + Secret Scanning
  • Dependabot + Push Protection

Contact

📧 yuyulsc881209@icloud.com
🌐 github.com/RO883C

Welcome to research collaboration, advisory meetings, or technical questions. I usually reply within 24 hours. See the contact page for more, or my résumé.