A remote patient monitoring and mobile telehealth suite
Itransition delivered a suite of a mobile app and a web portal that enables enhanced care for sexual assault victims in underserved and rural communities in the US through telehealth.
Challenge
Our customer is a US research center focused on developing socially beneficial solutions. One of their projects was to create a digital platform that would improve care for sexual assault victims in underserved and rural communities.
The idea behind the platform was to connect nurses at partner hospitals with the research center’s expert nurses through a mobile telehealth app to help the former follow best practices of processing sexual assault cases and carrying out forensic examination. Such an app would require high video resolution during patient examination and data exchange in strict compliance with the HIPAA due to the sensitive nature of patient information.
Itransition became the research center’s chosen partner to carry out the project due to our proven experience in mobile and telehealth app development.
Solution
The discovery phase
To get a better understanding of the requirements for the future solution, Itransition’s team led discovery sessions with the customer. We studied instructions and educational materials for nurses, examples of medical cases, and the research center’s visual style guide. During kick-off discussions, we defined processes and user roles, and came to the decision to create a two-part solution, one part being an iOS application for remote patient examination, the other a web-based admin portal.
The mobile telehealth app
Itransition developed an iOS app that securely connects nurses from the customer’s partner hospitals in rural areas (on-site nurses) with the customer’s expert nurses (TeleNurses) via Zoom, the customer’s preferred solution we integrated with the app through Zoom API.
The mobile app follows the following logic:
- When an assault victim comes in for an examination, an on-site nurse starts a new case in the app by filling in the patient’s details and assigning a TeleNurse from the list of available ones.
- The assigned TeleNurse supports the on-site nurse through the entire examination process, giving expert guidance and ensuring best practices and proper evidence collection through video and photos taken during the patient’s visit.
- When the examination is finished, the video recording, patient data, added photos, and documents are saved as a separate case on the web portal. This case can be further sent to hospitals and courts as collected evidence.
The customer wanted to provide TeleNurses with a maximum visibility into the examination process. Therefore, we made it possible to pair the mobile app with a lens-equipped device, a colposcope, that generates high-resolution videos and photos of a patient’s examined body parts. When in the colposcope mode, as the lens turns by 180 degrees, images turn the same way simultaneously.
The web portal for case and user management
In addition to the mobile app, our team developed a web portal for managing video conferences, users, and patient cases.
The highlights of the portal:
- The portal allows adding new users and granting them access based on their role. Users can access only the cases that belong to their organization, providing they are assigned to them.
- User authentication is simplified through the Azure Active Directory Single Sign-On (SSO). In case a user’s name or surname changes, the system pulls these updates from the Azure Active Directory as soon as the user logs in.
- New organizations can be added to the system via the admin panel without the need to redeploy the system or develop anything extra. The admin doesn’t have to add organizations’ data manually (e.g., SSO, certificate fingerprint, etc.). Instead, the admin can upload a specific file created by SSO providers when setting up SSO for an organization, and all the necessary data is filled in automatically.
- The admin can lock/unlock users in one click or block an organization that no longer requires access.
- It is possible to add custom terms and agreements for each organization.
All cases can be filtered by different parameters, such as case type, status, assigned users, etc. The system also sends automatic notifications to users (e.g., when a new case is assigned to a TeleNurse or a case is shared with a user).
For better control and patient safety, the customer wanted to have visibility into all actions performed with patients’ cases. Our team added the Audit page to the system, which stores information about the changes made to all cases (e.g., a new case is added, case details are edited, etc.) along with the users who made these changes. The system automatically creates a record when any change occurs. There is also the possibility to view the entire history of changes made to a specific case.
For audit and statistics purposes, the customer also required exporting multiple cases as zip files. For security reasons, we enabled this functionality in a way that no files are stored in the system but are buffer-stream processed from/to Amazon S3, being archived dynamically.
Technologies & tools
The customer had already been using AWS as a hosting provider, so the new solution was to be hosted in AWS as well. We used a range of AWS resources:
- In each staging and production environment, the system utilizes several EC2 instances.
- We use Amazon S3 to store all cases, videos, and images, keeping all assets in separate S3 buckets. We leverage the direct upload capability of S3 with the help of pre-signed URLs.
- Amazon SQS is used to make sure that all files are uploaded to S3 successfully, and as a decoupling mechanism for sending emails.
- Amazon RDS is used as a database engine to store the system data (users, cases, metadata, etc.).
- We applied Load Balancer services to handle encryption (TLS termination), HTTP 2.0 support, live detection, etc.
Other technologies used on the project, among others, included:
- New Relic and Splunk to monitor system performance, including dependencies and bottlenecks.
- TeamCity and Terraform for continuous integration and continuous deployment respectively. We also integrated TeamCity with Jira so that our QA engineers could use the latest version of every build.
Security & HIPAA compliance
Our solution meets all HIPAA compliance standards of handling sensitive patient information. The system doesn’t store patients’ personal details in the app or the web portal, only the IDs of medical cards. To add a layer of security during video conferences, we used Zoom’s private channel and end-to-end encryption.
Itransition’s specialists implemented a wide range of solutions that ensure the solution’s security and data protection:
| Issue | Secure uploading and downloading of media files |
| Fix | We used pre-signed URLs for both uploading and downloading. For example, when an on-site nurse sends a patient's photo to a TeleNurse, the link to this photo is available only for five seconds. |
| Issue | Data separation |
| Fix | All videos, images, and documents are stored in different S3 buckets to enable assigning different data administrators for each file type in S3. |
| Issue | Data anonymization |
| Fix | Our team used synthetic IDs for all the objects stored in S3 (buckets, documents, etc.), which makes it impossible to match an object to a patient by storage location. |
| Issue | Secure communication |
| Fix | To safeguard sensitive data and secure communication between the solution and the user’s browsers and mobile apps, we used Secure Sockets Layer (SSL). |
| Issue | Data encryption |
| Fix |
Our team enabled Full Disc Encryption for the Amazon RDS instance, which guarantees that all data at store and backups are encrypted. We also encrypted application server disks to protect from the backup and virtualization reuse leakage. |
| Issue | Traffic protection |
| Fix | We enabled Transport Layer Security (TLS) for all traffic going to and from the database instance so it wouldn't be possible to intercept and analyze it. |
| Issue | Network protection |
| Fix | We applied SSH hardening, which allowed us to additionally secure SSH connections to the production environment. |
| Issue | User authentication and identity protection |
| Fix |
Our team implemented multi-factor authentication, which added a layer of protection to the sign-in process. We implemented SSO authentication to have a single source of identity information and manage user accounts in a single place. |
| Issue | Data protection |
| Fix | We implemented data archiving in the streaming mode so no binary artifacts reside on application server disks. |
| Issue | System monitoring |
| Fix |
Our team implemented centralized logging to investigate any incidents and follow the sequence of events happening in the system. We also established performance monitoring to easily detect anomalies in the system's behavior and analyze daily usage patterns to detect service denial downgrades early. |
| Issue | Data loss prevention |
| Fix | Our specialists developed the solution in a way that no records get deleted from the database but are only marked as deleted and disappear from the user interface, which protects data from accidental or purposeful records erasure. |
Results
In under six months, Itransition’s team released a suite of a mobile app and a web-based admin portal to enable remote patient monitoring and telehealth for sexual assault victims in rural and underserved areas in the US.
The solution enables nurses from rural areas to receive 24/7 expert assistance on proper evidence collection while ensuring a safe environment for patients. At the same time, the web portal helps manage users and patient cases created during the examination.
With high-resolution image and video quality, 3x faster case creation compared to legacy processes, and fully HIPAA-compliant patient data management, the solution is now being distributed by our customer, the research center, to their partner hospitals together with iOS devices to run the application.
