Itransition delivered a suite of a mobile app and a web portal that enables enhanced care for sexual assault victims in underserved and rural communities in the US through telehealth.
Our customer is a US research center focused on developing socially beneficial solutions. One of their projects was to create a digital platform that would improve care for sexual assault victims in underserved and rural communities.
The idea behind the platform was to connect nurses at partner hospitals with the research center’s expert nurses through a mobile telehealth app to help the former follow best practices of processing sexual assault cases and carrying out forensic examination. Such an app would require high video resolution during patient examination and data exchange in strict compliance with the HIPAA due to the sensitive nature of patient information.
Itransition became the research center’s chosen partner to carry out the project due to our proven experience in mobile and telehealth app development.
To get a better understanding of the requirements for the future solution, Itransition’s team led discovery sessions with the customer. We studied instructions and educational materials for nurses, examples of medical cases, and the research center’s visual style guide. During kick-off discussions, we defined processes and user roles, and came to the decision to create a two-part solution, one part being an iOS application for remote patient examination, the other a web-based admin portal.
Itransition developed an iOS app that securely connects nurses from the customer’s partner hospitals in rural areas (on-site nurses) with the customer’s expert nurses (TeleNurses) via Zoom, the customer’s preferred solution we integrated with the app through Zoom API.
The mobile app follows the following logic:
The customer wanted to provide TeleNurses with a maximum visibility into the examination process. Therefore, we made it possible to pair the mobile app with a lens-equipped device, a colposcope, that generates high-resolution videos and photos of a patient’s examined body parts. When in the colposcope mode, as the lens turns by 180 degrees, images turn the same way simultaneously.
In addition to the mobile app, our team developed a web portal for managing video conferences, users, and patient cases.
The highlights of the portal:
All cases can be filtered by different parameters, such as case type, status, assigned users, etc. The system also sends automatic notifications to users (e.g., when a new case is assigned to a TeleNurse or a case is shared with a user).
For better control and patient safety, the customer wanted to have visibility into all actions performed with patients’ cases. Our team added the Audit page to the system, which stores information about the changes made to all cases (e.g., a new case is added, case details are edited, etc.) along with the users who made these changes. The system automatically creates a record when any change occurs. There is also the possibility to view the entire history of changes made to a specific case.
For audit and statistics purposes, the customer also required exporting multiple cases as zip files. For security reasons, we enabled this functionality in a way that no files are stored in the system but are buffer-stream processed from/to Amazon S3, being archived dynamically.
The customer had already been using AWS as a hosting provider, so the new solution was to be hosted in AWS as well. We used a range of AWS resources:
Other technologies used on the project, among others, included:
Our solution meets all HIPAA compliance standards of handling sensitive patient information. The system doesn’t store patients’ personal details in the app or the web portal, only the IDs of medical cards. To add a layer of security during video conferences, we used Zoom’s private channel and end-to-end encryption.
Itransition’s specialists implemented a wide range of solutions that ensure the solution’s security and data protection:
Issue | Secure uploading and downloading of media files |
Fix | We used pre-signed URLs for both uploading and downloading. For example, when an on-site nurse sends a patient's photo to a TeleNurse, the link to this photo is available only for five seconds. |
Issue | Data separation |
Fix | All videos, images, and documents are stored in different S3 buckets to enable assigning different data administrators for each file type in S3. |
Issue | Data anonymization |
Fix | Our team used synthetic IDs for all the objects stored in S3 (buckets, documents, etc.), which makes it impossible to match an object to a patient by storage location. |
Issue | Secure communication |
Fix | To safeguard sensitive data and secure communication between the solution and the user’s browsers and mobile apps, we used Secure Sockets Layer (SSL). |
Issue | Data encryption |
Fix |
Our team enabled Full Disc Encryption for the Amazon RDS instance, which guarantees that all data at store and backups are encrypted. We also encrypted application server disks to protect from the backup and virtualization reuse leakage. |
Issue | Traffic protection |
Fix | We enabled Transport Layer Security (TLS) for all traffic going to and from the database instance so it wouldn't be possible to intercept and analyze it. |
Issue | Network protection |
Fix | We applied SSH hardening, which allowed us to additionally secure SSH connections to the production environment. |
Issue | User authentication and identity protection |
Fix |
Our team implemented multi-factor authentication, which added a layer of protection to the sign-in process. We implemented SSO authentication to have a single source of identity information and manage user accounts in a single place. |
Issue | Data protection |
Fix | We implemented data archiving in the streaming mode so no binary artifacts reside on application server disks. |
Issue | System monitoring |
Fix |
Our team implemented centralized logging to investigate any incidents and follow the sequence of events happening in the system. We also established performance monitoring to easily detect anomalies in the system's behavior and analyze daily usage patterns to detect service denial downgrades early. |
Issue | Data loss prevention |
Fix | Our specialists developed the solution in a way that no records get deleted from the database but are only marked as deleted and disappear from the user interface, which protects data from accidental or purposeful records erasure. |
In under six months, Itransition’s team released a suite of a mobile app and a web-based admin portal to enable remote patient monitoring and telehealth for sexual assault victims in rural and underserved areas in the US.
The solution enables nurses from rural areas to receive 24/7 expert assistance on proper evidence collection while ensuring a safe environment for patients. At the same time, the web portal helps manage users and patient cases created during the examination.
With high-resolution image and video quality, 3x faster case creation compared to legacy processes, and fully HIPAA-compliant patient data management, the solution is now being distributed by our customer, the research center, to their partner hospitals together with iOS devices to run the application.