A crm/erp system that improves doctor–patient interactions at a healthcare center
Nikola Ninković, an IT consultant, was looking for a healthcare software development partner to help build a website and mobile applications for a relatively small healthcare center, Nova Vita, where he was working on a contract.
Nikola asked us to implement an electronic document flow for the center and build a new customer relationship management/enterprise resource planning (CRM/ERP) system. This new system would allow the center’s staff to manage their schedules as well as patient appointments, create patient accounts, and communicate with patients.
The intersection of medicine and information technology is inevitable. To prepare for this future, the European Commission adopted its eHealth Action Plan 2012–2020, which aims to redesign healthcare delivery. One component of the eHealth plan is an electronic record system that makes health-related data easy to retrieve. By creating a personal account in an eHealth system, patients can conveniently and securely store data about doctor’s visits, prescriptions, scheduled appointments, and more.
We built this product from the ground up. To understand the healthcare center’s workflow, we analyzed all possible interactions among staff at the center, doctors and patients, and the document flow to make sure we reconstructed all connections in the digital space.
Our UX/UI team designed a unique interface for both patients and staff. We created more than 300 screens to fulfil all our user stories.
We developed a convenient system for managing visits that lets patients view their appointment history, set reminders, and chat with the doctor in charge.
We built an informative service that’s compliant with Data Protection Directive 1995/46/EC and e-Privacy Directive 2002/58/EC, making sure that healthcare data is encrypted at all stages.
For a project such as Nova Vita, performance and security are critical. Therefore, we used only trusted and secure technologies.
We created two big modules: Django and Node.js. Django is responsible for the main part of the site and app communication, authentication, user management, and file handling. The Node.js module is responsible for chats and notifications.
We used Amazon encrypted storage and secure, signed URLs for files. The service is based on Amazon S3 file storage, which is configured to store encrypted files. Even if stolen, these encrypted files can’t be read. They can only be accessed via a secure connection with a signed URL that has a limited access time.
The server architecture was designed to make the system fast, secure, stable, and scalable. We held a brainstorming session to define the best components for this project that would allow us to build the system according to all requirements.
A Django server provides the REST API for the website. It also manages files, user information, schedules, and appointments.
The frontend was made using SPA (Single-page application) technology. A React application handles client-side navigation and UI rendering. React brings us speedy interfaces and the development agility.
A Node.js server handles the WebSocket protocol and is responsible for chat and on-site notifications.
Redis ensures caching and communications between Django, Node, and Celery.
Celery performs all kinds of periodic activities: synchronizes with services such as Google Calendar, sends out reminders to users and doctors, communicates with the labs API, and more.
Whenever a user needs to be notified about something, Django puts a message in the Redis queue. Each message is processed with Node.js and statuses are updated in the main PostgreSQL database.
We implemented two-factor authentication with one-time passwords as the second factor. Users can’t register themselves, so the only way to get a password is to come to the clinic in person, provide personal information and documents, and have an administrator create an account.
For the first step of the login process, the user enters their login and the password they were given by the center. The password is temporary and must be changed by a user right after SMS code confirmation. When a user enters the right code they got in SMS, they can change the initial password.
All sensitive data in the database is encrypted so only certain individuals have access to it. All uploaded files are encrypted, stored, and transferred only to authorized users via a secure channel. A secure connection via HTTPS over TLS is used for all connections between the app and servers to ensure the privacy and integrity of transmitted data.
We used Twilio for SMS messages, Firebase for push notifications, and Amazon SES for emails. Notifications are stored in Amazon RDS based on PostgreSQL. We integrated Google Calendar to make it easier for users to see medical appointments alongside their other events. We also integrated Mailchimp for automated marketing emails.
Patients can schedule an appointment with a doctor online which saves time for both doctors and patients as well as reduces lines at the center. Patients can view doctors’ schedules that are managed in the internal workload planning system, taking into account shifts, vacations and so on.
A two-factor authentication system (with one-time passwords) grants access to encrypted data and differing levels of permission to staff. These differing levels of access and two-factor authorization are of great importance since patient information falls under the jurisdiction of the law, and doctors are held liable for any data breaches.
Patients can download electronic medical forms. Access to EMR eliminates all needless paperwork and lets patients download the necessary records such as X-rays, MRI scans and more whenever they require them. Also, lab test results are conveniently stored within the service and are easily retrieved.
With the help of online chat, patients can get in touch with their doctors at any time and receive immediate help or feedback without being physically present at the center. Patients can book chatting time in advance to avoid confusion.
All notifications sent to patients’ devices are guaranteed to be delivered. With the help of flexible settings, users can enable notifications they need, reminding them about such events as doctor visits, follow up appointments, lab test appointments and more.
SteelKiwi's project management team has a good command of English, which I appreciated as an international client. SteelKiwi also had good pricing, but this isn't something unique to them. I appreciated the quality of code provided by SteelKiwi. I was also impressed by how smooth the process of working with SteelKiwi's project manager and sales team was.