Problem: Build a system for secure storage, access, audit and archival of health insurance-related documents
Storage: The system implemented a workflow that started with the upload of a scanned insurance claim document. This document would contain the doctor’s summary, the procedure details, the bill, the requisition for funds and so on. The document would be stored in our application as a full PDF as well as individual pages. All storage is done in an encrypted form in the database so that anyone with access to the database on the operating system can not gain access to the files.
Page Tagging: Each page in the document is then classified based on the type of page it is. This helps in building role-based access control in the system so that someone with a specific access control level only gets access to specific pages.
Access Control: The system provides for extensive access control system owing to the criticality of the information stored within the document and to also to protect the privacy of the patient. This application records all access to the document (who access which page, at what time and from where) and enables a logged in user to only view pages which a user has access to.
Auditing: It is possible for an auditor to login to the system to inspect the quality of data entry done apart from other parameters. Based on the access level of the auditor (internal auditor v/s external auditor), they will again get granular access to various aspects of the document.
Application Access: We buit a custom web browser to limit what an application user could do with application. This custom browser was locked in to show just the application and nothing else. The application, in turn, was configured to just allow access from the custom browser. Building and using the custom browser enabled us to ensure that users could not look at the URL of the application, could not inspect the source code of the rendered HTML page, could not print the page or save it to disk or right-click and save an image or a document. This ensured that data could not be compromised or stolen by someone with a malicious intent.
JSW Steel acquired some technology related to steel manufacturing from JFE Japan. The system was built to facilitate this technology transfer and to provide engineers and other users with a secure and convenient way of accessing the related documentation.
The system was modelled around the concept of a web-based file browser. Users could upload individual files, entire folders or even zip files containing a folder’s content to the server. Hierarchical and inherited access control rules ensured that a logged in user could only access a limited set of folders or documents.
Once again, a custom application-specific, cross-platform browser was designed to limit how a user could access the application.