White Paper for Adoption of Patient Portal (SaaS)

Contents

• Executive Summary
  • Key Benefits
  • Implementation
• Introduction
• Benefits of Implementation
  • Patient Empowerment
  • Admin Automation
  • Appointment Management
  • Process Optimisation
• Overview of Patient Portal
  • Typical Topology
• Implementation Strategy
  • Prerequisites
  • Simplified Implementation Example
  • Testing and Validation
• Security and Compliance
  • Data Protection and Encryption
  • Secure and Resilient Hosting Environment
  • Data Access and Querying
  • Compliance and Auditing
  • Conclusion
• Training and Support
• Contact Information

Executive Summary

The Patient Portal allows patients to securely access their hospital information, enabling them to book appointments, make payments, and manage their care online. This white paper outlines how the Patient Portal supports patient engagement and hospital processes, offering insights into its role in improving healthcare delivery through an intuitive interface. It also provides technical information on how the Patient Portal is implemented.

Key Benefits

The Patient Portal provides:

• Patient Empowerment: Allow patients to update their details, schedule appointments, complete forms, and pay invoices online.
• Admin Automation: Streamline repetitive tasks like sending letters and updating records.
• Appointment Management: Minimise missed appointments with automated calendar invites and SMS reminders.
• Process Optimisation: Utilise Compucare's automated rules in conjunction with the Patient Portal to streamline processes further.

For more information on these benefits, watch the video below.

Implementation

The Patient Portal is hosted on Microsoft Azure and as such, can connect directly with Compucare databases that are also hosted on Azure. It uses the Hybrid Connection Manager to securely connect to on-premises Compucare databases without exposing sensitive data to the Internet.

Introduction

Hospitals using Compucare already enjoy streamlined processes, improved efficiency and reduced staff workload. However, delays can occur when awaiting patient actions.

The Patient Portal enables patients to take a proactive role in their care, booking appointments, completing forms and making payments without needing to be present in the hospital.

Consider the following example: A patient needs to complete a form before they attend their upcoming appointment. Typically, the form would be either posted or emailed to the patient who would need to fill it in and then send it back to the hospital. Depending on whether the form is posted or emailed, it can take several days for the hospital to receive the completed form and manually update the patient's information on Compucare.

With the Patient Portal, the hospital can create a form result and immediately make it available to the patient from within Compucare. The Patient Portal would notify the patient that they have a form to complete. The patient would then log in to the Patient Portal and complete the form. Once submitted, the patient's form result is updated on Compucare in real-time.

Benefits of Implementation

This section provides more information on the benefits of using the Patient Portal.

Patient Empowerment

With the Patient Portal, patients can perform the following actions from any device, at any time:

• Update personal details - Patients can view and amend their patient data such as address details or next of kin.
• Schedule appointments - Patients can view availability and book or request appointments online.
• Complete digital forms - Patients can fill in and submit forms.
• Make payments - Patients can generate statements, view transactions and pay outstanding balances.
• View and download correspondence - Patients can view and download their letters and communications from the hospital.

Admin Automation

Hospital admin staff can automate repetitive tasks like sending letters and updating patient data. The Patient Portal can automatically send reminders to patients when they have an upcoming appointment or update patient records from electronic registration forms.

Appointment Management

The Patient Portal makes it easier for patients to confirm their attendance at appointments, or request a cancellation or reschedule if they can no longer attend. After making an online booking, patients have the option to add an event to their calendar in addition to receiving reminders. These steps can reduce the number of DNA appointments.

Process Optimisation

Automated rules can be triggered when a patient makes a specific action on the Patient Portal. For example, a rule can be set up to add a patient to a waiting list when they request an appointment or create a new registration form when a patient makes a new non-follow-up appointment.

Overview of Patient Portal

The Patient Portal exists within the Streets Heaver Azure Hosting Environment. If a Compucare database is hosted on-premises, it will use an Azure Hybrid Connection to connect to the Patient Portal. If the database is hosted in Azure, no hybrid connection is required. Instead, the Azure App Service connects to the Azure SQL Server using a private endpoint.

Typical Topology

The diagram below shows how the Patient Portal connects to an on-premises Compucare database.

The diagram below shows how the Patient Portal connects to an Azure-hosted Compucare database.

Implementation Strategy

This section details the requirements that must be met before the Patient Portal can be implemented and an example of a typical implementation process.

Prerequisites

Before the Patient Portal is implemented, the following prerequisites must be met:

• You must have Compucare 8
• Depending on the features you wish to utilise, you must have the following Compucare 8 modules configured:
  • Patient Ledger - required for viewing transactions
    
  • Billing and Invoicing - required for viewing and paying invoices
  • Inpatients and Daycases - required for viewing inpatient and daycase bookings
  • Outpatients - required for creating outpatient bookings
  • Compucare SMS Interface - required for sending emails and text messages
  • Compucare Debit/Credit Card Interface with PXP AnyPay - required for taking card payments
  • Forms - required for completing forms
• If you have an on-premises installation of Compucare, you must install Hybrid Connection Manager and be able to provide an SQL user and password with access to your Compucare database

See Patient Portal Prerequisites and Customisations for more information.

Simplified Implementation Example

This is an example of the process required to implement the Patient Portal. This would be achieved with the help of your Streets Heaver Project Manager:

1. Decide on branding, images and URL for your Patient Portal.
2. Review any configuration changes in Compucare, for example, whether Site logo images and procedure aliases need to be updated.
3. Decide what you'd like to allow patients to see in the Patient Portal.
4. Depending on the modules you have purchased, there are options to enable Online Bookings, show Correspondence, Forms and Transactions; plus the ability for patients to accept or cancel bookings and pay deposits and invoices.
5. Decide how you'll invite patients to sign up to the Patient Portal.
6. Complete user acceptance tests in your test environment and agree a go-live strategy.
7. Go live.

Testing and Validation

The following testing and quality assurance checks are performed on the Patient Portal:

• Unit Testing: Each component of the Patient Portal is tested to ensure it works correctly.
• Integration Testing The Patient Portal is tested after new components are integrated to verify that combined components function together.
• User Acceptance Testing (UAT): Testing is performed with end-users to confirm the system meets their needs.
• Security Testing: Regular penetration testing and security audits are performed to assess the Patient Portal's security and identify any vulnerabilities. See the Security and Compliance section below for more information.
• Final Validation: A final check is performed to confirm all tests are successful and the Patient Portal is ready for deployment.

Security and Compliance

This section provides details on the security and compliance of the Patient Portal.

Data Protection and Encryption

• Encryption at Rest: The application's data stored in Azure is encrypted at rest.
• Azure AD B2C Authentication: Access to most of the application is restricted to authenticated users who log in via B2C.
  • There are some guest workflows that allow for limited unauthenticated access to specific features of the Patient Portal. These workflows are disabled by default and can be configured within Compucare.
  • Multi-factor authentication (MFA) can be set up on a per-client basis.
• Azure Front Door: All web applications are fronted by Azure Front Door which serves as a secure entry point for web traffic, offering several security benefits.
• Azure API Management: All web application APIs are managed through Azure API Management allowing for varying rate limiting of endpoints based on sensitivity.

Secure and Resilient Hosting Environment

• Static Web Apps: Each client has a separate static web application for the front end.
• Geo-Replicated App Service Plans: Patient Portal benefits from redundancy and failover capabilities. Utilising UK South and UK West regions with replicated architecture gives load balancing and resilience.

Data Access and Querying

The application queries Compucare databases, either Azure SQL databases or on-premises SQL databases via Azure Hybrid Connections.

• Azure SQL Databases: Queries to Azure SQL Compucare databases use secure connection protocols TLS 1.2 to ensure that data in transit is encrypted.
  On-premises SQL databases via Azure Hybrid Connections: The application's interaction with on-premises SQL databases is facilitated through Azure Hybrid Connections. These allow the application to access on-premises resources without exposing the internal network to the public internet.

Compliance and Auditing

• Data Storage and Handling: All data including but not limited to patient data (e.g. forms, bookings, notifications and transactions) and clinical availability is stored and accessed through Compucare 8.
• Logging and Monitoring: The application's activities are logged and monitored in Compucare 8. This allows auditing capabilities for changes made by the application. Additional logging is done using Application Insights to identify and respond to potential security incidents.
• Regular Security Audits: The application undergoes annual external CREST-approved PEN testing and regular vulnerability audits to assess its security posture and identify vulnerabilities. Any findings are promptly addressed to maintain a robust security posture. Internal and external reports are available upon request. Additional PEN testing is performed for new features, scoped to the changes made for the feature.

Conclusion

The security and compliance measures implemented in the application demonstrate a commitment to safeguarding data, ensuring authorised access, and meeting regulatory requirements. By utilising industry-standard Azure services such as Static Web Apps, Geo-Replicated App Service Plans, and AzureSQL with encryption at rest, the application establishes a strong foundation for a secure environment.

Training and Support

To help new users familiarise themselves with the Patient Portal, Streets Heaver provides personalised training via remote sessions which is usually included in the project costs of the system setup.

Further guidance can also be found through quarterly release webinars and detailed product "lunchtime webinars" available via the Streets Heaver YouTube channel.

Additionally, the Streets Heaver Knowledge Base is regularly updated with tutorials and how-to guides. Visit the Patient Portal section of the Knowledge Base (login required) for the latest updates and support materials.

Contact Information

Please contact the Streets Heaver Commercials team at [email protected].