A Secured HIPAA Compliant Web Based Portal

A stable and well engineered platform with improved security and enhanced usability features resulted in swift growth in client's market share

a-secured-hipaa-compliant-web-based-portal

Situation

  • A startup ISV in Healthcare domain had developed a platform where patients and doctors could connect and collaborate for improved patient well-being.
  • The platform was hosting sensitive demographics and patient related data and thus platform's compliance with HIPAA guidelines was high priority.

Challenge

  • The Platform needed to comply with the following HIPAA standards- Audit control, access control and standards for security awareness and training
  • Reporting and handling of end user issues were being done manually
  • Enable admin/doctor to monitor and track user invites and activities
  • Web application lacked field level validations

Harbinger Solution

  • Harbinger systems analyzed the platform and carried out the following changes for HIPAA compliance:
  • Improved event logging by writing user action in external file, resulting in quick troubleshooting of production issues
  • Implemented a strong password policy using CAPTCHA mechanism and validating last 6 passwords along with encryption of password information in logs, to protect the system from malicious password break attacks
  • Restricted maximum login attempts using CAPTCHA mechanism to prevent server from being flooded with requests
  • Restricted one invite code to be used by one user only to allow authenticated users to sign up and avoid misuse of the system
  • Designed and implemented a dedicated landing page for reporting the issues. This helped simplify production support process and saved manual efforts.
  • Enhanced admin dashboard to display invite status, and implemented sub features like send reminders and auto reminders
  • MaAdded field level validations at client and server side

Technologies & Tools

  • Mongo DB 2.x s
  • Python 2.7.5

Benefits

  • Increased user confidence with HIPAA certification, lead to growth in client user base.
  • Futuristic, best-in-class solution that could easily scale with growing market needs.
  • Improved turnaround time for production issues resulted in enhanced user satisfaction.
  • Dashboard display for notifications lead to improved user experience.
  • Introduction of field level validations improved usability of the application.