A stable and well engineered platform with improved security and enhanced usability features resulted in swift growth in client’s market share A start up ISV in Healthcare domain had developed a platform where patients and doctors could connect and collaborate for improved patient well-being The platform was hosting sensitive demographics and patient related data and thus platform’s compliance with HIPAA guidelines was high priority. A Secured HIPAA Compliant Web Based Portal Harbinger systems analyzed the platform and carried out the following changes for HIPAA compliance: Improved event logging by writing user action in external file, resulting in quick troubleshooting of production issues Implemented a strong password policy using CAPTCHA mechanism and validating last 6 passwords along with encryption of password information in logs, to protect the system from malicious password break attacks Restricted maximum login attempts using CAPTCHA mechanism to prevent server from being flooded with requests Restricted one invite code to be used by one user only to allow authenticated users to sign up and avoid misuse of the system Designed and implemented a dedicated landing page for reporting the issues. This helped simplify production support process and saved manual efforts. Enhanced admin dashboard to display invite status, and implemented sub features like send reminders and auto reminders Added field level validations at client and server side www.harbinger-systems.com © Harbinger Systems [email protected] Calibri, 20, Bold The Platform needed to comply with the following HIPAA standards- Audit control, access control and standards for security awareness and training Reporting and handling of end user issues were being done manually Enable admin/doctor to monitor and track user invites and activities Web application lacked field level validations Web Application Development Situation Harbinger Solution Challenges Tools & Technologies Increased user confidence with HIPAA certification, lead to growth in client user base Futuristic, best-in-class solution that could easily scale with growing market needs Improved turnaround time for production issues resulted in enhanced user satisfaction Dashboard display for notifications lead to improved user experience Introduction of field level validations improved usability of the application Benefits Mongo DB 2.x Python 2.7.5

A Secured HIPAA Compliant Web Based Portal

Download PDF Report

Upload
harbinger-systems
View
147
Download
0

Embed Size (px)

DESCRIPTION

A stable and well engineered platform with improved security and enhanced usability features resulted in swift growth in client’s market share

Citation preview

Page 1: A Secured HIPAA Compliant Web Based Portal

A stable and well engineered platform with improved security and enhanced usability features resulted in swift growth in client’s market share

A start up ISV in Healthcare domain haddeveloped a platform where patients anddoctors could connect and collaborate forimproved patient well-being

The platform was hosting sensitivedemographics and patient related data andthus platform’s compliance with HIPAAguidelines was high priority.

A Secured HIPAA Compliant Web Based Portal

Harbinger systems analyzed the platform and carried outthe following changes for HIPAA compliance:

Improved event logging by writing user action inexternal file, resulting in quick troubleshooting ofproduction issues

Implemented a strong password policy usingCAPTCHA mechanism and validating last 6 passwordsalong with encryption of password information inlogs, to protect the system from malicious passwordbreak attacks

Restricted maximum login attempts using CAPTCHAmechanism to prevent server from being floodedwith requests

Restricted one invite code to be used by one useronly to allow authenticated users to sign up andavoid misuse of the system

Designed and implemented a dedicated landing page forreporting the issues. This helped simplify productionsupport process and saved manual efforts.

Enhanced admin dashboard to display invite status, andimplemented sub features like send reminders and autoreminders

Added field level validations at client and server side

www.harbinger-systems.com © Harbinger Systems [email protected]

Calibri, 20, Bold

The Platform needed to comply with thefollowing HIPAA standards- Audit control,access control and standards for securityawareness and training

Reporting and handling of end user issueswere being done manually

Enable admin/doctor to monitor and trackuser invites and activities

Web application lacked field level validations

Web Application Development