Partnering with Onpoint Health Data and Q-Corp we created both an administrative portal and user portal for accessing healthcare All Payer Claims Data (APCD). The portal is used by Insurers, Doctors Offices, Medical Groups and other organizations in Oregon to analyze and asses their performance on medical measures. Over 2017 and 2018, we’ll be rolling this platform out to other state APCD entities.
This is important work for us. Our goal was to create an advanced cloud based analytics platform that met HIPAA and HITECH security and legal requirements while providing users with a modern web environment that meets the high expectations of consumers today - responsive for devices, extremely fast and straightforward to use.
The goals of the user and administrative portal are to:
- Improve health care price transparency
- Assist patients, providers, hospitals, clinics, insurers and medical groups to make informed choices about care
- Enable purchasers to identify value, build expectations into their purchasing strategy, and reward improvements over time
- Promote competition based on quality and cost
Our analytics platform allows for creating charts, exporting PDFs, filtering and customizing the data display to drill down into the individual metrics - all the way to the patient level. We created a cost effective “big data” analysis platform that can deliver complex customized reports for users in real-time. While building this platform we evaluated and worked with AWS Redshift as well as AWS Aurora to meet the latency, throughput and concurrency needs.
One of the core requirements was to create a secure system from the ground up, with auditing and logging at all levels, while also maintaining flexible and hierarchical user access control. We have extensive experience with web security and we built the platform with all of those in mind from the start of the project, at minimum to meet HIPAA and HITECH requirements, but also to exceed them where they are unclear or unspecified. A third party security group performed an extensive penetration test and security review of the portal before release with minimal findings - we met or exceeded all the necessary security requirements.