In patient care a lot of data is gathered and digitally stored. Obviously medical history of patients is very sensitive data that should be protected by all means and only made accessible for authorized personnel. At the same time, having easy and direct access to up to date medical data could be very useful for patients and/or their relatives.
We were approached by the management of a hospital to develop a portal, which is available on the internet where relatives of their patients could have a look at daily treatments, medication or personal messages.
It has been very clear that in this project security is not an optional feature that can be implemented on top. Security not only had to be taken into account from the very beginning and had to drive and influence every single UI feature while implementing.
In our presentation we will show how we analyzed the requirements for the application, structured them into different features where each of them consumes data that is proteced with strong encryption but de-crypted on the fly for authorized users.
We will discuss the challenges and pitfalls and how we manged to master them for the final product.
