Quality Assessment and Redesign of a Custom EHR for Improved Functionality and PHI Security

About Our Client

The Client is a US chiropractic care provider with a few locations.

Challenge

The Client experienced small glitches in their legacy custom EHR application and turned to ScienceSoft for consulting services to find the cause of the glitches and get advice on their optimal resolution from a business point of view.

Solution

Taking into account all the Client’s concerns about their application, ScienceSoft’s team decided to start its quality assessment with code review (to define the cause of existing problems) and business consulting (to find the optimal way to address them in regard to business value).

Stage one

Code review

ScienceSoft’s team performed an expert review of application code, including verification of its compliance with PSR standards. In the course of the review, PHP developers revealed that the code of the legacy EHR application implemented 15 years ago was ill-structured, overwhelmed with software workaround and had many redundant lines. But the main deliverable of code review activities was that the small glitches turned out to be serious vulnerabilities and could even lead to PHI disclosure.

Business consulting

After that, the team proceeded with a set of activities to estimate the application from a business point of view – how to handle its current issues most beneficially, how the application can help the business, what value it can add, how competitive it can be, etc.

As a result, the Client received a detailed report on all actions performed and their findings. The main outcome of the report was that the legacy custom application required a full redesign to become truly safe and useful.

All things considered, ScienceSoft was commissioned to conduct a comprehensive software redesign on the basis of the existing EHR application that would be secure and efficient for patients and the provider. Also, having received our recommendations to implement the solution redesign, the Client got an idea of selling the solution as SaaS to generate additional profit, so the new software design had to provide competitive features that could satisfy the needs of other businesses.

Stage two

Software design

ScienceSoft’s team of a BA, a UI designer and a PHP software architect conducted a number of activities at this stage:

According to the Client’s needs and expectations, the BA drew up a complete feature list supported by mockups and a detailed feature description. In addition, the specialist prepared an extensive feature tour that showed how the system would function as a whole and how the screens would work.

The application was supposed to have 3 panels with different functionality. They included a doctor panel, a patient panel, and a control panel.

A doctor panel:

• View the history of visits for one patient.
• View details of the visit history for a certain period.
• Update a patient’s health condition (e.g., a new pinched nerve has been identified).
• Add recommendations for a patient.
• Add info on the procedures performed during a visit.
• Print a doctor’s note.
• View a doctor’s summary on a visit.
• Add notifications (e.g., about an upcoming visit).

Considering the specific nature of the Client’s business, ScienceSoft’s specialists enriched the EHR application with custom features for patients. A patient panel provides restricted access and allows the user to:

• Check in / out (enter general data, such as age, gender, etc., add specific info for an appointment, e.g., current complaints/concerns).
• Log in via mobile phone number (for repeat patients).
• Review and sign the HIPAA release form.
• Review and sign the informed consent form.

Control panel (for admins):

• Check the current workload at any location.
• View the schedule of any location.
• Add a new appointment at any location.
• Add a new patient.
• Search by patient.
• Track the gross revenue.
• Track the membership statistics.
• View the marketing statistics.
• View the statistics depending on a service type (chiropractic consultation, chiropractic manipulations, massage therapy, etc.).
• Export patient records into Excel format.
• Upload a patient’s photo to their profile.
• View the transaction info.
• Print a doctor's receipt.

After all needed functionality was identified, ScienceSoft’s team proceeded with further redesign activities:

• Proposed the application architecture.
• Described the recommended technology stack with the detailed reasoning for every framework and language mentioned.
• Delivered the detailed and accurate documentation of security, reliability, backup policy, and maintenance requirements.
• Prepared the prototypes of major screens with an updated design.
• Calculated the estimated budget and timeline of the application development.

Results

As a result of QA activities, small glitches were identified as serious vulnerabilities in the application system, so timely quality assessment prevented the Client from unknowingly disclosing PHI. The optimal way to handle them was defined as the complete redevelopment of the existing solution. ScienceSoft prepared a comprehensive requirements description to deliver a new, effective app in line with current security requirements, as well as ensure an impeccable patient experience with more hassle-free and low-stress services. Having received the detailed reports, the Client was able to estimate important business points, such as the overall cost of the new app, possible profit margins from selling it as SaaS, etc. The thorough requirements would also simplify the start of the application development and would become a reliable and easy-to-follow initial guide for the future development team.

Methodologies

Business process modeling, scope modeling, information modeling, UX prototyping, gap analysis, root cause analysis, process flow diagrams.

Tools

PHP CodeSniffer, PHP Mess Detector.