Patient Tracker System
2023 Fall Team Project_ EliteKoders
IlMinChoTeam Member: Ilmin Cho, Kunal Kumar, Matthew Lyons, Esha Sangramsinh Ghorpade
Presentation Video:
Overview: The Patient Tracker project is designed to revolutionize patient data management in healthcare facilities. Its primary goal is to create a digital platform for efficient handling of medical records, treatment histories, prescriptions, and appointments. This centralization aims to improve patient care quality and operational efficiency in healthcare settings. By digitizing records, the project seeks to streamline administrative processes, ensure robust data security, and make comprehensive patient information easily accessible to healthcare professionals.
Healthcare providers and administrative staff benefit from simplified management of patient records and streamlined administrative tasks such as scheduling and billing. Patients, on the other hand, enjoy enhanced healthcare services, better communication, and convenient access to their medical records. Transitioning to this digital system addresses the challenges of manual paperwork, including potential delays and errors, by providing real-time access to updated data. This facilitates faster decision-making, coordinated care among providers, and compliance with privacy regulations like HIPAA. Ultimately, the Patient Tracker project aims to foster a more efficient, secure, and patient-centric healthcare environment.
Features:
1. User Authentication: Secure login/logout mechanism ensuring enhanced security.
2. Profile Management: Tailored profiles for both doctors and patients.
3. Prescription Management: Functionality for doctors to modify and update prescriptions.
4. Customizable Dashboard: Separate landing page for patients and doctors showing its profile, appointments, etc.
5. Data Visualization: Insightful graphical representations of patient data. Example - Patients can add health reports (in pdf, jpg) which can be shared with doctors.
Functional Requirements (Use cases)
1. As a doctor, I want to view the list of patients scheduled for the day so that I can prepare for the consultations.
2. As a doctor, I want to view a patient's medical records before the consultation so that I can provide the best care possible.
3. As a doctor, I want to upload prescriptions electronically on the server so that the patients can check it.
4. As a doctor, I want to create and modify treatment plans for my patients so that they have a structured approach to their recovery.
5. As a doctor, I want to set my available hours and days so that patients can book appointments when I'm available.
6. As a doctor, I accept appointments requested by patients and meet with them to conduct consultations.
7. As a patient, I want to book an appointment with my doctor so that I can discuss my health concerns
8. As a patient, I want to cancel my appointment if I am unable to attend so that the slot can be used by someone else.
9. As a patient, I want to view and download my prescriptions so that I can acquire the necessary medications.
10. As a patient, I want to update my health status and information so that my doctor can check.
11. As a user, I want to sign up to the website as a doctor or patient.
12. As a user, I want to log in to the website as a doctor or as a patient.
Detailed user story document: https://docs.google.com/document/d/1vrmnM1z2uqO-OHWNotnq2yvDB7C41wfAYM4kzMxOkrw/edit?usp=sharing
Non-Functional Requirements
- Security: The system should ensure robust data encryption, guaranteeing the secure transmission and storage of patient data. Regular vulnerability assessments and penetration tests should be conducted to safeguard against potential threats. We have used user authentication to ensure security.
- Understandability: The interface should be intuitive and user-friendly, allowing users, even those with minimal technical proficiency, to easily navigate and understand the system's features. We have committed the changes with proper comments, we have documented the readme files with proper instructions to ensure understandability.
- Performance: The system should exhibit quick response times, ensuring users can retrieve and input data efficiently. Optimal server performance and minimal downtime are imperative to guarantee smooth operations. We will work on caching and sharding whichever applicable to boost performance.
- Scalability: As user numbers grow, the system should be able to handle an increasing amount of data and user requests without compromising performance or security. We will work on more generic design to make the system more scalable.
- Maintainability: Updates, bug fixes, and system improvements should be feasible without significant downtime, ensuring continuity of service for users. We will work on testing and buggy free code to support maintainability.
Application
Architecture Diagram
Technology Stack with Justification
A. Python: It is renowned for its simplicity and readability, which reduces the cost of program maintenance. It supports modules and packages, which encourages program modularity and code reuse.
Advantages: Python has a vast ecosystem of libraries and frameworks that can be leveraged for various functionalities. It's also versatile and can be used for web development, data analysis, machine learning, automation, and more. This makes it a suitable choice for diverse project requirements.
B. Flask: We chose Flask for backend development due to its lightweight nature and flexibility in developing web applications. Flask provides the essentials to get a web application up and running without imposing a specific structure, which means more freedom in design and architecture. We are using RESTful APIs like GET and POST in Flask for client-server communication.
Advantages: Flask is unobtrusive and gives developers more control over how they structure their application and which components they want to use. It's also easy to set up and can be extended with a wide variety of plugins.
C. Sqlite3: It is an embedded database, meaning it's serverless, zero-configuration, and transactional. For projects that don't require a full-fledged database system, Sqlite3 is a lightweight option.
Advantages: Sqlite3 is self-contained, meaning there are no external dependencies. It's best suited for smaller applications, development, and testing, and can handle low to moderate traffic web applications. The footprint is minimal, and the setup is straightforward.
D. Anaconda: It is a distribution of Python and R for scientific computing and data science. We chose it to manage libraries and dependencies within our project and to maintain a consistent environment.
Advantages: Anaconda simplifies package management and deployment. Its environment manager, Conda, allows for easy creation, sharing, and replication of environments, ensuring consistency across development, testing, and production stages.
E. HTML: It is the standard markup language for creating web pages. It's essential for any web application to structure and present content.
Advantages: Being the backbone of web content, HTML is universally understood by web browsers. It allows for the creation of structured documents and is integral to web application development.
F. CSS: It is used to describe how HTML elements should be displayed on screen. It's vital for styling and designing the look and feel of the web application.
Advantages: CSS separates content from presentation, allowing for flexibility in design without altering the underlying HTML. With CSS, developers can create responsive designs, ensuring the web application looks good on all devices.
G. Jinja: It is a Python template engine commonly used in web development. It enables dynamic content generation by replacing placeholders with actual values during rendering.
Advantages: Template inheritance for code reusability, expression evaluation, filters and macros for enhanced functionality, and seamless integration with Python in frameworks like Flask. Jinja facilitates the creation of flexible and maintainable web applications.
H. Pytest: It is a widely-used testing framework for Python.
Advantages: Its fixture system allows efficient setup and teardown of resources, and parameterized testing facilitates running the same test with different inputs. Pytest's powerful assertions, built-in test discovery, and seamless integration with other testing tools make it a versatile choice
Data Model
Implementation
We have followed the client-server design pattern methodology for this project. The client-server design pattern is a common architecture for networked applications. It involves clients, which request services, and servers, which provide those services. Clients initiate requests, and servers respond to those requests, allowing for efficient resource sharing, scalability, centralized control, and enhanced security. This model is widely used in various applications, such as web and email servers, to facilitate communication and data exchange over networks.
Version Control and Collaboration
We employed Git for version control in our project, adopting a feature-branch workflow to enable independent development of each feature. This approach facilitated organized coding and pull requests for code reviews before merging into the main branch, ensuring code quality and seamless integration. Our team maintained clear communication, minimizing conflicts during merges. When conflicts did arise, we promptly collaborated to resolve them, leveraging Git's version control capabilities. This disciplined process contributed to an efficient and streamlined development workflow.
Coding Standards and Practices
Our team prioritized code quality by following the PEP 8 style guide for Python and implementing best practices. We emphasized consistent naming conventions, indentation, and modular code organization. Documentation played a crucial role, with descriptive comments at various levels to enhance code understanding. Effective version control practices, including detailed commit messages and regular code reviews, contributed to a maintainable and collaborative codebase. Overall, our approach aimed at fostering readability, maintainability, and a positive development environment. We created different folders for different functionalities to support modularity. All the frontend html files are stored under Template folder, the main flask application, database and testing module are outside of all folders, all the tables of database like Patients, Doctors, Appointments, etc. are under models, uploaded reports are saved under files folders. Furthermore, we have added docstrings and comments for Understandability of the code. Also, we have also restructured our README file by adding explanations of all the use cases, installation guidelines, collaborators details & presentation video.
Data Security
- Description of the potential threats and vulnerabilities - Potential threats may include unauthorized access to patient data, either through external cyberattacks or internal security breaches. Vulnerabilities could arise from weaknesses in the application's authentication system, insufficient data encryption, or inadequate security measures in the database storage and transmission of data.
- Measures taken to prevent unauthorized data access - To mitigate the risks of unauthorized data access, we used a user authorization mechanism for a secure login which will enable only one user to login and it can’t access other patients details. Moreover, we have used encrypted passwords to map user passwords to a hashed password. Hence, anyone with an encrypted password can’t access the system. Therefore, if there is a security threat to the database and patient sensitive information is leaked, then one cannot login into the system until we have encoded the original password which was never stored.
HIPAA Compliance (in case of Patient Tracker)
- Explanation of the Health Insurance Portability and Accountability Act (HIPAA) and its relevance to the project - HIPAA is a federal law in the United States that sets the standards for protecting sensitive patient data. It aims to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI). Compliance with HIPAA is crucial to safeguard patient privacy and prevent unauthorized disclosure of sensitive medical information. With respect to this project, the patient's medical history or current medications should not be leaked to any other patients or to another doctor who is not relevant for given symptoms.
- Steps and protocols followed to ensure the system's compliance with HIPAA - To ensure compliance with HIPAA, we have implemented data encryption practices, establish stringent access controls, and enforce thorough audit trails to monitor data access and usage. Additionally, we are following policies (as explained before) for securely managing and disposing of patient records, as outlined in the HIPAA guidelines.
Testing
|
Test |
Purpose |
Coverage |
|
test_registration |
Validates the registration process for both patients and doctors. |
Patient and Doctor registration, handling invalid inputs. |
|
test_login |
Verifies the login process for both patients and doctors. |
Authentication module, handling valid and invalid credentials. |
|
test_logout |
Checks the ability to log out a user. |
Session management and logout functionality. |
|
test_landing_page |
Validates the content and structure of the landing page. |
Landing page rendering and content verification. |
|
test_dashboard |
Ensures the correct rendering of patient and doctor dashboards. |
Dashboard rendering and user-specific content. |
|
test_doctor_reviews_patient_info |
Verifies the doctor's ability to review patient information. |
Patient information retrieval and display. |
|
test_set_availability |
Checks the doctor's ability to set availability for appointments. |
Doctor availability management. |
|
test_edit_health_records |
Validates the patient's ability to edit health records. |
Patient health record editing and database interaction. |
|
test_view_patient_reports |
Tests the doctor's ability to view patient reports. |
Patient report retrieval and display. |
|
test_get_available_times_for_date |
Check the availability of a doctor for a specific date. |
Doctor availability for appointment scheduling. |
|
test_create_appointment |
Validates the creation of a new appointment. |
Appointment scheduling and database interaction. |
|
test_cancel_appointment |
Ensures the correct cancellation of a patient's appointment. |
Appointment cancellation and database interaction. |
|
test_get_prescription |
Validates the patient's ability to retrieve prescriptions. |
Prescription retrieval and display. |
|
test_get_patient_reports |
Checks the patient's ability to retrieve medical reports. |
Patient report retrieval and display. |
|
test_share_reports_with_doctors |
Tests the patient's ability to share reports with doctors. |
Report sharing and database interaction. |
|
test_get_id |
Checks the retrieval of the maximum ID for report files. |
Report file ID retrieval. |
|
test_create_report |
Validates the creation of a new medical report. |
Report creation and database
interaction. |
|
test_getdoclist |
Checks the retrieval of a list of doctors based on search criteria. |
Doctor list retrieval and search functionality. |
|
test_getallappointments |
Validates the retrieval of all appointments for a doctor. |
Doctor appointment list retrieval. |
|
test_editpatient |
Checks the doctor's ability to
edit patient details. |
Patient details editing and database interaction. |
|
test_pendingrequest |
Validates the handling of pending appointment requests. |
Appointment request handling by doctors. |
|
test_doctor_availability |
Checks the setting and
retrieval of doctor availability. |
Doctor availability management. |
|
test_register_route and
test_register_post |
Validates the rendering and submission of the registration form. |
Registration route functionality. |
|
test_book_appointment_route |
Tests the rendering of the book appointment route. |
Book appointment route rendering. |
|
test_book_doctor_route |
Validates the booking of an appointment with a doctor. |
Appointment booking functionality. |
|
test_patient_prescription_route |
Tests the rendering of the patient prescription route. |
Prescription route rendering. |
|
test_cancel_appointment_route |
Validates the rendering of the cancel appointment route. |
Cancel appointment route rendering. |
|
test_edit_appointment_route and test_edit_appointment_post |
Tests the rendering and submission of the edit appointment form. |
Edit appointment route functionality. |
|
test_pending_request |
Validates the handling of pending appointment requests. |
Pending appointment request handling. |
|
test_edit_patient |
Checks the doctor's ability to edit patient details. |
Patient details editing and database interaction. |
|
test_upload_reports_route and
test_delete_report_route |
Tests the rendering and
deletion of medical reports. |
Report upload and deletion functionality. |
|
test_serve_report |
Test the function which fetches report from local and send back using
rendering |
Report fetch and display functionality |
|
test_doctor_info |
To check if the data stored for the Doctor is correct. |
Fetches doctor profile data functionality |
|
test_get_doctor_availability_route |
Validates the rendering of the doctor availability route. |
Doctor availability route rendering. |
|
test_deleteData |
Cleans up the test data created during testing. |
Data deletion and cleanup. |
This comprehensive unit test suite ensures that critical aspects of the Patient Tracker System are thoroughly tested, contributing to the overall reliability and functionality of the system. Our test cases cover the integration testing as different units or components interact and work together. From the image shared above we can see how unit tests, integration tests and systems show their respective coverage and passed status. The achieved test coverage of 94% reflects a robust testing approach.
● Performance: To evaluate our system’s performance, we tested the response speed of some of our crucial API endpoints using Postman. We tested our login, book appointment, and doctor search endpoints, which all had incredibly fast response times of 11ms, 11ms, and 5ms respectively.
● Scalability: To evaluate our system’s scalability, we filled our database with dummy accounts (approximately 1,000 doctors and 10,000 patients), and re-performed our performance tests while running Locust to simulate approximately 100 concurrent users. Our login, doctor search, and book appointment endpoints executed in 123ms, 17ms, and 6ms, which were acceptable results.
● Maintainability: We have fulfilled maintainability by creating a well-organized and crafted code base. Despite programming in Python, we created an OOP design by designating classes for our data tables (patients, doctors, appointments, etc.) which allows for modular design. API endpoints are sectioned off relative to their function, with comments on the more nuanced functions. This allows for the system to be debugged and diagnosed easily as well as add new features quickly.
Challenges and Limitations
Integration Challenges: While we successfully addressed many challenges, integrating the new features into the existing system presented some difficulties. The need for substantial modifications to the codebase, as well as potential conflicts with the current functionalities, posed integration challenges. Ensuring a seamless transition without disrupting existing operations required careful planning and execution.
Time Constraints: Time constraints were a significant limitation throughout the project. Although we successfully delivered a functional system, certain features or optimizations might not have been fully realized due to the restricted time frame. This limitation might have implications for the scalability and robustness of the system under more extensive usage.
User Surveys for Understandability: Although attempts were made to evaluate the understandability of the software, the absence of user surveys is a limitation. Conducting comprehensive user surveys would have provided more in-depth insights into user experiences and potential barriers to understanding the system.
Performance Metrics under Real-world Load: While performance tests under simulated load conditions were conducted, the real-world performance of the system under varying loads remains an open question. Actual usage patterns might differ from simulated scenarios, and further analysis under real-world conditions could reveal additional performance considerations
Future Development Plans
Enhanced Performance Monitoring: To address potential performance bottlenecks and ensure optimal response times under varying loads, we plan to implement enhanced performance monitoring. Real-time monitoring tools can help identify and address issues promptly, ensuring a consistently high level of service.
User Feedback Mechanism: Incorporating a systematic user feedback mechanism, such as user surveys and feedback forms, will be a priority. This will provide valuable insights into user experiences, allowing for continuous improvements in usability and understandability.
AI-driven Personalization: Considering the project's nature as a patient tracker system, integrating AI-driven features for personalized patient care could be a future development. Machine learning algorithms could assist doctors in predicting patient needs and tailoring treatment plans accordingly. ML algorithms can predict patient health trends, and optimize appointment scheduling dynamically. Data visualization tools could offer insights into health trends, and continuous learning from new data will ensure the system evolves with changing healthcare dynamics.
Integration with Health Information Systems: To further enhance the project's scope and utility, integration with larger health information systems or electronic health record (EHR) systems could be explored. This could facilitate seamless data sharing and collaboration across different healthcare platforms.
Ethical and Societal Implications
The Patient Tracker system, while aiming to enhance healthcare efficiency and patient care, presents ethical considerations related to data privacy and security. Safeguarding patient information is paramount, necessitating stringent adherence to ethical standards and regulatory requirements like HIPAA. During development, the team addressed concerns regarding the potential misuse or unauthorized access to sensitive medical records by encrypting passwords of the users, sharing only relevant information to patients or doctors like patients doesn’t share all the reports, patients or doctors can select what they want to view in their profile, each user’s data are in separate table in database providing isolation etc. Ensuring transparency in data handling practices and obtaining informed consent from patients are essential ethical considerations. Additionally, the system is designed to minimize the risk of errors or inaccuracies in patient records, as such discrepancies could have serious consequences for patient care. Striking a balance between technological advancements and ethical responsibility is crucial to building trust among healthcare professionals and patients. Overall, the ethical implications revolve around protecting patient confidentiality, maintaining data integrity, and fostering a system that prioritizes the well-being and trust of all stakeholders in the healthcare ecosystem.
