Source Code
src/pages/projects/stonewell.rs
use leptos::*;
use leptos_meta::{Meta, Title};
use super::super::seo::Seo;
use super::data::ALL_PROJECTS;
#[component]
pub fn Stonewell() -> impl IntoView {
let project = ALL_PROJECTS
.iter()
.find(|p| p.slug == "stonewell-clinic")
.unwrap();
let skills_view = project
.skills
.iter()
.map(|&s| view! { <li>{s}</li> })
.collect::<Vec<_>>();
view! {
<Title text="Stonewell Free Clinic – Peter Pinto"/>
<Meta name="description" content="Co-founding a free gender affirming care clinic with in Charlottesville, VA, backed by a secure self-hosted OpenEMR deployment on community hardware."/>
<Seo title="Stonewell Free Clinic – Peter Pinto" description="Co-founding a free gender affirming care clinic with the in Charlottesville, VA, backed by a secure self-hosted OpenEMR deployment on community hardware." path="/projects/stonewell-clinic"/>
<div class="page">
<span class="eyebrow">"Projects"</span>
<h1>"Stonewell " <em style="font-style:italic; color: var(--accent)">"Free Clinic"</em></h1>
<p class="lead">
"A free gender affirming care clinic co-founded in Charlottesville, VA — staffed entirely by volunteer community
members and health professionals, and backed by a secure self-hosted electronic
medical records system."
</p>
<ul class="skills-list" style="margin-top: 1.5rem;">
{skills_view}
</ul>
<hr class="divider"/>
// ── Background ─────────────────────────────────────────
<section class="project-section">
<span class="eyebrow">"Background"</span>
<h2>"The Clinic"</h2>
<p>
"The "
<a href="https://www.cvilletomorrow.org/a-new-social-space-for-the-lgbtq-community-will-open-this-spring-in-charlottesville/"
target="_blank" rel="noopener noreferrer" class="prose-link">
"Rivanna Area Queer Center"
</a>
" (RAQC) is a volunteer-run LGBTQ+ community center that opened in spring
2025 at 801 W. Main St. in Charlottesville, VA. Alongside the center's
broader community programming, a group of organizers — including myself —
worked to establish a free clinic offering gender affirming care to members
of the local community."
</p>
<p style="margin-top: 1rem;">
"The clinic operates entirely on volunteer labor: community members handle
coordination and logistics while licensed health professionals donate their
time to provide care. The goal is to remove cost as a barrier to affirming
care for anyone who needs it in the Charlottesville area."
</p>
</section>
<hr class="divider"/>
// ── Why Secure ─────────────────────────────────────────
<section class="project-section">
<span class="eyebrow">"Security Posture"</span>
<h2>"A Non-Public Deployment"</h2>
<p>
"From the start, a non-public, air-gapped deployment was not just
preferred — it was necessary. The current federal political environment
has demonstrated active hostility toward gender affirming care, including
executive actions targeting providers and patients alike. Patient records
at a gender affirming care clinic carry a level of sensitivity that demands
a security posture well beyond a typical self-hosted application."
</p>
<p style="margin-top: 1rem;">
"The system is not reachable from the public internet. There is no domain,
no exposed port, no attack surface to enumerate. Access is gated entirely
behind VPN — providers connect through an authenticated tunnel before
the application is reachable at all."
</p>
</section>
<hr class="divider"/>
// ── OpenEMR ────────────────────────────────────────────
<section class="project-section">
<span class="eyebrow">"Electronic Medical Records"</span>
<h2>"OpenEMR"</h2>
<p>
<a href="https://www.open-emr.org" target="_blank" rel="noopener noreferrer" class="prose-link">"OpenEMR"</a>
" is a fully open-source electronic medical records and practice management
platform used by clinics worldwide and certified for HIPAA compliance. It
supports patient scheduling, clinical documentation, prescriptions, and a
full audit trail of record access — everything a small clinic needs without
a recurring SaaS licensing cost."
</p>
<p style="margin-top: 1rem;">
"The deployment runs on community-donated hardware. I researched available
open-source EMR options, evaluated OpenEMR against the clinic's requirements,
and handled the full installation and configuration: database setup, TLS
termination on the internal network, backup procedures, and initial
provisioning of provider accounts. The hardware stays on-premises — patient
data never leaves the building through normal operation."
</p>
</section>
<hr class="divider"/>
// ── OpenVPN ────────────────────────────────────────────
<section class="project-section">
<span class="eyebrow">"Provider Access"</span>
<h2>"OpenVPN"</h2>
<p>
"Health providers are volunteers who aren't always on-site. To let them
review charts, complete documentation, or prepare for appointments without
being physically present, I set up an "
<a href="https://openvpn.net" target="_blank" rel="noopener noreferrer" class="prose-link">"OpenVPN"</a>
" server that gives authenticated providers a private tunnel into the clinic
network. From their perspective it's a single certificate install and a
connection — from a security perspective, the EMR remains completely
invisible to the rest of the internet."
</p>
<p style="margin-top: 1rem;">
"Each provider has their own certificate and key pair. Revoking access for
a departing volunteer is a single command with no shared credentials to
rotate. The setup keeps participation convenient without trading away the
network isolation the deployment depends on."
</p>
</section>
<hr class="divider"/>
// ── Ongoing ────────────────────────────────────────────
<section class="project-section">
<span class="eyebrow">"Ongoing"</span>
<h2>"Tech Support"</h2>
<p>
"Beyond the initial deployment, I serve as the on-call technical resource
for the clinic. That means handling software updates, troubleshooting
access issues for providers, managing certificate renewals, and making sure
backups are running cleanly. For an all-volunteer organization, having a
reliable technical contact means the people providing care can focus on
patients rather than infrastructure."
</p>
</section>
</div>
}
}