About
About
Chia-Yu Chiang · 江家寓
Cross-domain background
I started at Ming Chuan University in the Department of Computer & Communication Engineering, majoring in networking, systems architecture, and security fundamentals. In my sophomore year I actively transferred to Biomedical Engineering, because I wanted to apply engineering to a domain that improves human lives.
During my two extra-year stretch I devoted nearly all my time to these two projects ── from architecture design and database authorization model to cloud deployment and CI/CD automation, all done solo.
Work history
- After-school program admin tool (part-time / internal use)
Designed a student-roster query and daily-management web app (Vite + Firebase) for the after-school program where I worked. Internal use only, not published.
- Kaizei Personal Finance OS (solo build / cross-domain project)
Electron desktop app + Cloudflare Worker cloud backend. Implemented zero-knowledge encrypted vault, OS keychain integration, double-entry ledger. Read Case Study →
- ClinCalc / ExClinCalc medical information systems (solo build / live, open source)
Senior thesis project, also primary portfolio for graduate school applications. View all projects →
Engineering principles
I believe a good medical information system isn't about flashy tech — it's about making "trustable" choices:
- Privacy first ── raw patient data never leaves the user's device
- Rules over LLMs ── models only fill in gaps that rules don't cover
- Security at the database layer ── application breach should not leak data
My two systems prove the point: a complete clinical decision support tool can be deployed on Cloudflare + Supabase free tier (effectively zero monthly cost), open-sourced, and pass a complete security review.
Research directions
Three research directions surfaced from building these two systems. Each comes with my current preliminary thinking ── not conclusions, just engineering observations before grad school:
1Design principles for safely embedding LLMs in CDSS ── Can the "rules-first, then LLM" strategy generalize?
The "rules-first, then LLM" strategy works well in ClinCalc / ExClinCalc, with the shared characteristic that rules are explicit, boundaries are clear, and judgments can be binarized (e.g., KDIGO staging, 12 critical drug interactions). The LLM only acts as a translator, not a clinical decision-maker.
My current hypothesis: this strategy generalizes to scenarios where rules are explicit and the LLM is a translator, but does not generalize to scenarios where rules are fuzzy and the LLM must decide (e.g., differential diagnosis, symptom synthesis). In the latter, rule coverage is necessarily incomplete and the LLM cannot be given free rein due to hallucination risk ── this remains an unresolved tension.
Open question: Can we design a "graded trust" architecture that lets the LLM operate with controlled freedom where rules don't cover ── e.g., a second LLM as a fact-consistency meta-checker, or RAG using clinical guidelines as a dynamic knowledge base? This is the first direction I want to deepen in graduate school.
2Privacy architecture evaluation methodology for multi-tenant medical systems ── Latency and security evaluation of RLS under realistic load
ExClinCalc's 14 tables / 29 RLS policies run smoothly in the demo environment, but lack quantitative evaluation under realistic load. Literature on RLS performance mostly stops at "it'll be slow" or "just add an index" anecdotes — there's no systematic benchmark.
My current observation: RLS has minimal impact on point queries (e.g., "fetch my patient X"), but performance noticeably degrades on cross-table JOIN + large-row scenarios. I used EXISTS subqueries + STABLE function caching + index reinforcement, but this is engineering experience, not a principled design method.
Open questions: (a) How do you design a reproducible RLS performance testing framework that compares across schema scales? (b) How do you formally verify policy completeness (e.g., mutation testing or SMT solver to prove no row bypasses any policy)? On security, I did multi-role demo-account cross-testing, but that's not a penetration test. Grad-school plan: real clinic deployment + benchmark + formal verification.
3Trade-off framework for edge computing in healthcare ── A reproducible evaluation method for latency / privacy / availability
The Cloudflare Workers + Supabase architecture runs smoothly for both my systems, but the decision "edge over region-locked" was based on intuition, not quantification. Edge computing intuitively benefits the consumer-side ClinCalc (global low latency), but is questionable for the clinical-side ExClinCalc:
- Regulations may require data residency ── global edge nodes may violate GDPR / Taiwan's PDPA
- Healthcare isn't high-frequency trading ── 50ms latency improvement is imperceptible in a clinic; audit consistency / disaster-recovery predictability matter more
- Free-tier limits could become an SLA risk ── what if a real clinic has a traffic spike and gets throttled?
Open question: Can we build a "medical-software deployment architecture decision matrix" that quantifies regulation / privacy / latency / cost / availability / disaster recovery into comparable dimensions? This direction may straddle medical-informatics management and cloud architecture ── it's the direction I'm least certain about but most want to clarify.
Reading List
Papers selected against the three research directions above, plus domain foundations. This list is what I've read or am reading, with 1-2 lines on why each matters to me ── not a showcase list, but my own learning map.
Theme 1 ── Safely embedding LLMs in CDSS
- Large language models encode clinical knowledge
The Med-PaLM source paper. Establishes that LLMs reach physician-level performance on medical multiple-choice. Reading it tells you the upper bound of LLM medical capability — and why you still cannot use it to make clinical decisions directly.
- Med-HALT: Medical Domain Hallucination Test for Large Language Models
Splits "medical hallucination" into reasoning and memory, quantifying failure modes of GPT/LLaMA-class models. The motivating paper for my "rules-first, then LLM" strategy.
- Evaluation and mitigation of the limitations of large language models in clinical decision-making
2,400 real cases show that LLMs collapse on actual clinical decision-making (not just exam questions): they don't gather evidence proactively, don't follow guidelines, can't read lab values. Strong support for my "LLMs never make clinical decisions" stance.
Theme 2 ── CDSS classics & failure modes
- Improving clinical practice using clinical decision support systems: a systematic review of trials to identify features critical to success
Twenty years on, still the must-read on CDSS. Synthesizes four conditions for CDSS to actually change clinical behavior (auto-trigger, advice-not-assessment, at point of decision, computerized). My design checklist.
- Effects of workload, work complexity, and repeated alerts on alert fatigue in a clinical decision support system
Quantifies "alert fatigue" — the more interrupted physicians are by alerts, the higher the override rate. Justifies my decision to design 12 critical drug interactions (not thousands).
Theme 3 ── Multi-tenant medical data privacy
- The future of digital health with federated learning
Federated learning offers a systematic solution to the medical-data silo and privacy problem. My RLS solves multi-role isolation within one system; this paper handles cross-institution collaboration ── two complementary paths.
Theme 4 ── Domain foundations
- High-performance medicine: the convergence of human and artificial intelligence
The big-picture must-read on AI in medicine. Topol covers five vertical domains where AI applies in healthcare and the corresponding regulatory / ethical challenges. Helps you understand why I insist on open-source, explainable CDSS.
- KDIGO 2024 Clinical Practice Guideline for the Evaluation and Management of Chronic Kidney Disease
The source document for ClinCalc's rule engine. Dual-axis staging (GFR + Albuminuria) + CKD-EPI 2021 formula (race-coefficient removed) is what I implemented directly into
referenceRanges.ts.
URLs verified 2026-05. If links break or papers get revised, please email me.
Continually adding to this — paper recommendations are welcome.
What's next
I'm applying for graduate school in AY 116, focusing on clinical decision support systems and safe LLM integration. In the meantime I'll keep refining these two systems, writing case studies, and building industry experience.
Public materials
Thesis, slides, and poster — all open for download:
Complete write-up of ClinCalc / ExClinCalc — system design, evaluation methods, and literature review.
30-minute oral presentation: system demos, screenshots, and design-decision rationale.
Single-page visual summary: both systems + security architecture + CDSS design highlights.
Tech stack
Frontend
- Next.js 16 (App Router)
- React 19
- TypeScript
- Tailwind CSS v4
Backend
- Supabase (PostgreSQL + Auth)
- PostgreSQL Row Level Security
- Cloudflare Workers
- OpenNext for Cloudflare
Multimodal integration
- Google Gemini 1.5 Flash
- Multimodal OCR / translation
- "Rules-first, then LLM" strategy
DevOps & security
- GitHub Actions CI/CD
- TOTP MFA + 5-attempt lockout
- Audit logs + Secret Scanning
- Dependabot + Push Protection
Contact
📧 yuyulsc881209@icloud.com
🌐 github.com/RO883C
Welcome to research collaboration, advisory meetings, or technical questions. I usually reply within 24 hours. See the contact page for more, or my résumé.