CancerDocs

Development in Accordance with HIPAA Security Rules Within a Medical Project

Description

Year
2016
Industry
Region
USA
Status
Profitable, gains functionality
Hire vue js developers Java development  Azure Cloud Migration  Hire PHP Developer TestCafe Framework .NET Laravel ASP.NET Yii2 Angular React Front-End Node.js

Client

Cancerdocs is a HIPAA compliant platform that provides to its users private online-based medical consultations on the cancer-related topics

End users

Healthcare professionals and patients

Project overview

Cancerdocs is a HIPAA compliant platform that provides to its users private online-based medical consultations on cancer-related topics to its users. The platform serves as a bridge between authorized healthcare professionals, and patients that are in need of medical consultation. As a service, which deals with electronic private medical information, CancerDocs has to provide its users the confidentiality of all input data. In other words, it should comply with HIPAA Security Rules. Thus HIPAA compliance means that the system corresponds to a set of established security standards that are protecting sensitive patients’ information.

Challenge

Medicine is a highly regulated industry in terms of streamlining informational security compliance for any resourcing, including web applications. Being a health care provider that deals with protected health information (PHI), CancerDocs has to ensure that the required technical, networking and security measures are followed. The main challenge for our team within this project consisted of developing a software in correspondence with HIPAA Security Rules, which tell what has to be covered, what information has to be protected, and what safeguards must be in place to ensure appropriate protection of electronically protected health information.

We focused on the task to ensure all requirements were fulfilled. Besides that, the system has to be user-friendly and convenient for communications between doctors and patients.

Medicine is a highly regulated industry in terms of streamlining informational security.

Solution

Abtible Container Platform

which is designed to deploy docker container into a secure, isolated, HIPAA-ready environment. Each PHI-ready stack runs in its own AWS Virtual Private Cloud

Docker tool

which allows building an environment on a remote server and helps to develop easier, deploys and runs applications by using containers

Before we started working on the project, we’ve made an in-depth study of the HIPAA Rules, which consist of a few milestones, such as access control, audit controls, integrity, person or entity authentication, environmental and transmission security. While using the service, all patients’ data are created, received, used, proceeded, maintained and saved by a covered entity. All this process was technically covered and implemented to ensure confidentiality, integrity, and security by means of:

  • Abtible Container Platform, which is designed to deploy docker container into a secure, isolated, HIPAA-ready environment. Each PHI-ready stack runs in its own AWS Virtual Private Cloud. Databases and internal services run in a private subnet, inaccessible from the Internet. This tool helps to cover integrity controls and ensure that all measures put in place for confirming that ePHI have not been altered or destroyed. The data is hosted in the way to be protected against unauthorized public access of ePHI. This also concerns all methods of transmitting data.
  • Docker tool, which allows building an environment on a remote server and helps to develop easier, deploys and runs applications by using containers. Developers do not have an access to the databases. An access control allows only the authorized users to access electronic protected health data.

As an outcome, we have received a ConcerDocs system, with following key features:

  • Private consultations;
  • Real-time chats with doctors and nurses;
  • Payment system integration with Authorize.Net and PayPal;
  • Fully automated deployment process;
  • Environment based on Docker containers;
  • Database encryption;
  • Full HIPAA compliance.

Results

As the result we have received a HIPAA complient environment for providing needed security for a health-care provider’s service.