For a healthcare startup, Itransition delivered a GDPR- and HIPAA-compliant telemedicine platform, enabling medical workflow digitalization with the highest level of data security and protection.
The customer is a EU healthcare startup, aiming to create a web application for remote communication between doctors and patients, as well as for professional medical collaboration. Being in fact a virtual outpatient clinic and the first of its kind in the customer’s country, such a platform would allow patients to consult with doctors without visiting medical facilities and waiting in a queue. The solution would also unify patient data and prevent its loss in case a patient visits multiple clinics.
They were looking for a software vendor to bring this idea to fruition and release this platform to the market. Itransition became their partner of choice owing to our extensive background in healthcare app development and cloud engineering.
Itransition delivered a telemedicine platform for direct virtual communication between doctors, patients, and multiple medical teams. The solution represents a virtual clinic where patients can seek medical services at multiple care providers at a time. It supports text and audio messages, file exchange, audio and video calls, as well as stores patients’ medical records.
The platform consists of multiple portals, with each portal set up for a particular medical institution or a group of conditions treated, as well as a single database uniting all of the portals and thus enabling cross-clinic collaboration. The platform’s architecture makes it easy to customize each portal upon a client’s request.
Both doctors and patients can use more than one portal, accessing them via their unique credentials valid for all of the portals. In such a way, patients can visit different clinics linked to particular portals without losing their medical records. Doctors, in their turn, have the possibility to work at multiple clinics at the same time.
The telemedicine platform features online medical cards that unite each patient’s records from multiple clinics in one database so that multiple doctors treating the same patient can collaborate using this single point of truth.
The medical card contains the following information:
The platform supports the following user roles:
It’s possible to switch user roles within the same user account, which means all users can access the platform as both doctors and patients with no need to log out or register additional accounts. The dashboard will show notifications and information per one role only yet pulled from all the associated medical cases and institutions.
Patients can register upon receiving an invite from their doctors or, alternatively, by themselves by filling out their personal and contact data. Once registered, patients can access their prescriptions, medical history, care-related documents, and contact the doctors available on each particular portal. They can also choose a specific medical center, team, or doctor to talk to by sending their personal request or via request sent out by a doctor.
Doctors and secretaries can act as individuals or as part of a team created by their institution’s admin. The doctors or care teams linked to a particular patient can see this patient’s treatment details, while chats between doctors or doctors and patients remain private. Doctors can refer patients to other doctors and exchange information and ideas through teleconferences hosted via the platform.
An internal messaging system enables all communication between doctors, non-doctors, and patients, and supports cross-clinic exchange of information.
The platform also collects, organizes, and structures data contained in files attached to online medical cards or doctors’ chats. While the file is uploading, the platform’s AI recognizes its content and classifies it into images, prescriptions, lab results, and X-rays, tagging the file accordingly or offering the user to classify the file manually in case its type is different. It is also possible to automatically enter data from uploaded PDFs into corresponding sections of the patient’s medical card.
Itransition also developed and implemented an additional portal to digitalize clinical CAR-T therapy practices, including CAR-T forms and CAR-T lists used in cancer treatment. CAR-T forms are similar to general electronic patient cards, but are limited to those parameters that are essential to oncological therapy. CAR-T lists include patients who are approved for this type of therapy.
The portal facilitates collaboration between hub centers (large hematology units performing the therapy) and spoke centers (small hematology units referring patients for this therapy). Under this workflow, a spoke center submits a patient’s referral form to a hub center, which then decides whether the patient is eligible for CAR-T treatment. Going forward, doctors from both hub and spoke centers continue to collaborate to achieve the best follow-up care related to that patient.
The portal is fully geared towards enabling seamless cooperation between hub and spoke center specialists. Both types of institutions can access such features as patients’ medical history, communication logs, file exchange, follow-up care records, online consultations, e-prescriptions, electronic signatures, and reminders. When the referral form is submitted by a spoke center doctor or secretary to a hub center doctor, the latter is additionally notified via SMS or email.
As the platform handles personal health information and other types of sensitive data, ensuring the highest level of information security and compliance with data protection regulations was a top priority. As a result, we rendered the platform fully GDPR-, HIPAA- and FHIR-compliant.
The platform ensures patient data protection through advanced data encryption and authorizes users via digital signatures. The end-to-end encryption covers all the stored and processed data, including electronic health records and all types of communication.
We integrated the platform with Amazon Cognito to handle user registration and authentication be means of tokens, crypto-signatures, random asymmetric and symmetric keys. Asymmetrical keys are used to encrypt all user data, while symmetrical keys are used for password recovery.
Password recovery is also activated through the use of encrypted asymmetric and symmetric keys, with the Cognito system splitting each random symmetric key into several parts.
The following key technologies and libraries were used for the telemedicine app development:
Another set of technologies included the AWS stack for infrastructure hosting and application-critical services:
In seven months, Itransition’s team delivered a web-based telemedicine platform that enables direct communication between doctors and patients across multiple specialized portals.
The introduction of online medical cards has cleared the way towards a unified medical database and patient-centric collaboration between multiple clinics. The solution also helps doctors organize their care activities professionally and transparently while networking and exchanging knowledge with colleagues. Additionally, the implemented CAR-T therapy portal facilitated collaboration between large and small oncology treatment centers, contributing to clinical process improvement.
Right upon its release, the platform was adopted by 18 medical institutions, including 3 hub centers and 15 spoke centers.