en flag +1 214 306 68 37
Quality Assessment and Redesign of a Custom EHR for Improved Functionality and PHI Security

Quality Assessment and Redesign of a Custom EHR for Improved Functionality and PHI Security



The Customer is a US chiropractic care provider with a few locations.


The Customer experienced small glitches in their legacy custom EHR application and turned to ScienceSoft for consulting services to find the cause of glitches and get advice on their optimal resolution from a business point of view.


Taking into account all Customer’s concerns about their application, ScienceSoft’s team decided to start its quality assessment with code review (to define the cause of existing problems) and business consulting (to find the optimal way to address them with regard to business value).

Stage one

Code review

ScienceSoft’s team performed an expert review of application code, including verification of its compliance with PSR standards. In the course of the review, PHP developers revealed that the code of the legacy EHR application implemented 15 years ago was ill-structured, overwhelmed with software workaround and had many redundant lines. But the main deliverable of code review activities was that the small glitches turned out to be serious vulnerabilities and could lead as far as causing PHI disclosure.

Business consulting

After that, the team proceeded with a set of activities to estimate the application from a business point of view – how to handle its current issues most beneficially, how the application can help the business, what value can add, how competitive can be, etc.

As a result, the Customer received a detailed report on all actions performed and their findings. The main outcome of the report was that the legacy custom application required full redesign to become truly safe and useful.

All things considered, ScienceSoft was commissioned to conduct comprehensive software redesign on the base of the existing EHR application that would be secure and efficient for patients and the health provider. Also, having received our recommendations to implement the solution redesign, the Customer got an idea of selling the solution as SaaS to generate additional profit, so new software design had to provide competitive features that could satisfy the needs of other businesses.

Stage two

Software design

ScienceSoft’s team of a BA, a UI designer and a PHP software architect conducted the number of activities at this stage:

According to the Customer’s needs and expectations, the BA made up a full feature list supported by mockups and detailed feature description. In addition, the specialist prepared an extensive feature tour that showed how the system would function as a whole and how the screens would follow.

The application was supposed to have 3 panels with different functionality. They included a doctor panel, a patient panel, and a control panel.

A doctor panel:

  • View the history of visits for one patient.
  • View details of the visit history for a certain period.
  • Update a patient’s health condition (e.g., a new pinched nerve has been identified).
  • Add recommendations for a patient.
  • Add info on the procedures performed during a visit.
  • Print a doctor’s note.
  • View a doctor’s summary on a visit.
  • Add notifications (e.g., about an upcoming visit).

Considering the specific nature of the Customer’s business, ScienceSoft’s specialists enriched the EHR application with custom features for the patient. A patient panel provides restricted access and allows the user to:

  • Check in / out (enter general data, such as age, gender, etc., add specific info for an appointment, e.g., current complaints / concerns).
  • Log in via mobile phone number (for repeat patients).
  • Review and sign the HIPAA release form.
  • Review and sign the informed consent form.

Control panel (for admins):

  • Check the current workload at any location.
  • View the schedule of any location.
  • Add a new appointment at any location.
  • Add a new patient.
  • Search by patient.
  • Track the gross revenue.
  • Track the membership statistics.
  • View the marketing statistics.
  • View the statistics depending on a service type (chiropractic consultation, chiropractic manipulations, massage therapy, etc.).
  • Export patient records into Excel format.
  • Upload a patient’s photo to their profile.
  • View the transaction info.
  • Print a doctor receipt.

After all needed functionality was identified, ScienceSoft’s team proceeded with further redesign activities:

  • Proposed the application architecture.
  • Described the recommended technology stack with the detailed reasoning for every framework and language mentioned.
  • Delivered the detailed and accurate documentation of security, reliability, backup policy, and maintenance requirements.
  • Prepared the prototypes of major screens with updated design.
  • Calculated the estimated budget and timeline of the application development.


In a result of QA activities small glitches were identified as serious vulnerabilities in the application system, so timely quality assessment prevented the Customer from unknowingly disclosing of PHI. The optimal way to handle them was defined as the complete redevelopment of the existing solution. ScienceSoft prepared comprehensive requirements description to deliver a new effective app in line with the current security requirements as well as ensure an impeccable patient experience with more hassle-free and low-stress services. Having received the detailed reports, the Customer was able to estimate important business points, such as overall cost of the new app, possible profit margins from selling it as SaaS, etc. The thorough requirements would also simplify the start of the application development and would become a reliable and easy-to-follow initial guide for the future development team.

redesign of custom ehr application 3 screens


Business process modeling, scope modeling, information modeling, UX prototyping, gap analysis, root cause analysis, process flow diagrams.


PHP CodeSniffer, PHP Mess Detector.

Have a question to our team or need help with your project?

Our team is ready to provide client references, estimate your project, or answer any other question related to your IT initiative.

Upload file

Drag and drop or to upload your file(s)


Max file size 10MB, up to 5 files and 20MB total

Supported formats:

doc, docx, xls, xlsx, ppt, pptx, pps, ppsx, odp, jpeg, jpg, png, psd, webp, svg, mp3, mp4, webm, odt, ods, pdf, rtf, txt, csv, log