Health care companies have pressing and unique customer relationship management needs. Moreover, they need to have all their systems conform to regulatory guidelines. All the US based healthcare companies need to meet standards set by Health Insurance Portability and Accountability Act (HIPAA). The act was passed to ensure that (i) confidential information remain protected (ii) reduce frauds and abuse in health care industries (iii) Set up benchmarks for IT systems to handle advanced functionalities like electronic billing (iv) protect health insurance coverage for American families in the event of unemployment.
In this article we will see how you can make your SuiteCRM instance meet these requirements. It is meant for companies evaluating or in the process of implementing SuiteCRM for their organization.
Defining Roles within SuiteCRM
One of the crucial aspects of the solution is to define which user will have access to certain information. This is usually as per functions that the user is required to perform. For instance, let us say that we have the following information within SuiteCRM to handle the patient information.
| Serial No | Modules | Details Contained |
| 1 | Patient | Name, address, contact details, SSN (last 4) |
| 2 | Appointment | Visit Date, Time, Subject, Notes, Status (Held/Scheduled) |
| 3 | Medical Records | Information containing health conditions |
| 4 | Billing information | Information containing invoice, amounts, payment status and due dates |
| 5 | Lab reports | Documents attached to the patient records containing lab test results. |
Let us say that we have the following user roles – Lab Technician, Doctors, Reception and Billing department accessing the information within CRM. Following is a probable access definition which can be done within SuiteCRM.
| SNo | Role | Patient | Medical Records | Appointments | Billing | Lab Reports |
| 1 | Doctors | Read, Write | Read, Write | Read | Read | Read, Write |
| 2 | Reception | Read, Write | No Access | Read, Write | Read | No Access |
| 3 | Lab Technician | Read | No Access | No Access | No Access | Read, Write |
| 4 | Billing Dept. | Read | No Access | Read | Read, Write | No Access |
You can access role definitions within SuiteCRM by going to admin->Role Management.
Field level control
Control on field level information is needed to protect sensitive information. For example, the fields available to a billing clerk may be different from how the doctor view it. Confidential information like last 4 of SSN may be hidden for user roles which do not require the information. Though this is not available out of the box, SuiteCRM can be customized to adhere to this requirement. Using this customization, you can control which fields can be viewed and changed by certain user roles.
Different Record views for different roles
It might be noted that the way of presenting the same record may be different for different roles. For example, the way patient information is presented to billing clerk may be different from how the doctors view it. It may be so possible that certain records need not be viewed at all by certain user segments. For example, any patient without having any outstanding bills in the recent past need not be presented to billing department.
Portal integration
SuiteCRM can be integrated with self-service portals so that customers can login and view relevant information like their lab reports and medical history. They may also be able to update their contact information if needed.
Payment Card integration
By integrating SuiteCRM with popular payment card gateways like Authorize.NET, it can help the patients pay their bills electronically in a secure manner. This can also improve the efficiency of the solution and help reduce the volume of calls to the billing department. Saving the card for future billing also helps reduce the time lag between invoice and payment.
Password Management and secured hosting
By having a custom scheduler you can force users to set their password at regular intervals. You can set the complexity of passwords to have mix of alphanumeric, special characters as well as build in certain minimum length requirement. Also make sure that you host your CRM instance behind firewalls.
Maintaining documentation and disaster recovery
You must maintain the updated documentation of your SuiteCRM application. This must include technical design, role definition and change version. It is also be good idea to periodically back up instance as well as database. Having a disaster recovery plan ensures business continuity in case of any unforeseen situation.
Training and Audit
Ensuring that users are trained on HIPAA compliance aspects as well as building in an annual audit process to check compliance, can keep the organization on track. Documenting these aspects is a must.
About us and what we do
We are a full service SuiteCRM development company and work on all related technologies like PHP, mySQL, JavaScipt, responsive portal integration and mobile APP development. Given our past experience in CRM consulting and reusable solutions, we are uniquely positioned to make your SuiteCRM implementation a success story. Reach out to us now for a free no obligation assessment.
