This project for a previous client sought to digitize and streamline new patient form collection while adhering to HIPAA privacy requirements.
For simplicity of collection, my team looked to build in Laravel. This allowed easy management of records, users, and for the securing different routes.
Coupled with AWS Key Management Service, we could encrypt user data before it even made it into our database, ensuring security and privacy.
Growing Requirements
Some time into building the app, the client notified us that they needed to incorporate a way for the patient to sign both a Financial Policy disclosure and a HIPAA notice.
This request had different implications both in the front and the back end:
- in the front, we needed multiple steps/screens for the user to indicate their progress
- also in the front, we had to use a JS canvas-based signature pad to allow digital signatures
- in the back, we now needed a middleware to check for existing submissions for a patient so they could finish pending ones or prevent submission of duplicates
- also in the back, we needed to store the signatures produced by
signature_pad
to be queried in the admin area
Summary
The finished product is a robust application that fulfills the client's requirements. They're able to discretionally allow access to patient records per user, update, and delete records as necessary.
Since all the data is encrypted, and to meet HIPPA requirements, the app automatically deletes records that are over 30 days old.
The practice of Feldman, Slevin, Hurwitz & Choe uses the new app almost daily, and it supplements paper collection of medical forms done in-person in the practice.