Triggiani Medical Record:

1 / 6
picture
2 / 6
picture
3 / 6
picture
4 / 6
picture
5 / 6
picture
6 / 6
picture

Purpose:

This project was developed primarily to practice the transmission of data between a database and an application using a layered architecture. Comprising of three main components: the user interface, the back-end, and a MySQL database. The application was designed for use in nursing facilities to facilitate patient onboarding and conduct visits, where nurses could record vital signs and store documentation in the database. It featured user-based roles, including Intake (responsible for onboarding patients), Nursing (responsible for conducting visits), and Administration (responsible for creating staff accounts and resetting passwords). Designed with security as a priority, the application aimed to comply with HIPAA regulations by implementing measures such as user-based authentication, encrypting passwords in transit with a custom hashing algorithm, assigning unique role-based accounts to each staff member, and adhering to the principle of least privilege, ensuring that only admins could reset passwords and add staff, Intake could only add patients, and Nursing could only conduct visits.

Technologies

  • Java - programming language
  • JavaFX - Graphics API
  • JDBC - Java Database Connector
  • Java Sockets – low level network connections
  • IntelliJ - IDE
  • JSON - Used for network communication
  • MSQL - database

Features

  • Three Layered Architecture - Frontend/Backend/Database
  • User-based Roles – three different user roles available
  • In-house hashing algorithm for encrypting passwords – Horner’s method for polynomial evaluation
  • User-based authentication – Unique accounts for each person
  • Sessions – every sign on had a universally unique identifier (UUID) to keep track of everyone's session

Challenges:

MySQL Database Schema and JDBC

Description:
As my first project working with a MySQL database, I was challenged with the task of designing a relational database scheme and performing CRUD operations using JDBC. I ended up with four tables in my database which were: users (staff members who use the application), patients (patients who were added by the intake team), charted_visits (the visits performed by the nurses), and sessions (which kept track of a user's activity.)

Solution:
After reading Learning SQL by Alan Beaulieu, I learned the skills needed to create the database tables and perform simple CRUD operations. To learn JDBC, I utilized developer forms and taught myself how to SQL commands to the database and process ResultSet information.

Not Knowing Guidelines and Standards of Data Transmission

Description:
In this project, I encountered a new challenge as I transitioned from being a "Consumer of information" to a Provider that needed to communicate with Consumers. The key issues I faced included selecting an efficient data format for transmitting data, establishing a method to 'listen' for Consumer communications, and implementing a process to validate the incoming information.

Solution:
To address these challenges, I opted for a solution that involved using low-level Java Sockets to listen for Consumer communication, JSON as the data format for sending information, and UUID tokens to track sessions and ensure the validity of the caller. Although this approach met the project's immediate needs, upon reflection, I realized that my design could have been more efficient and robust. In hindsight, I wished I had a deeper understanding of RESTful design principles, HTTP, and frameworks like Spring Boot, which could have significantly enhanced the communication process in my application.

Programming with HIPAA Standards in Mind

Description:
The primary goal of this project was to develop a three-layered architecture, but I also aimed to challenge myself by adhering to HIPAA standards as much as possible. My focus areas for compliance were ensuring unique user accounts, restricting access based on specific user roles, implementing encryption, and tracking sessions to ensure valid activity.

Solution:
To comply with HIPAA standards, the application requires each user to have a unique account for login. Depending on their account, users are assigned one of three roles—admin, intake, or nurse—adhering to the principle of least privilege to restrict access based on specific user roles. For encryption, I developed a homemade hashing algorithm to protect passwords during network transmission and ensured that only hashed passwords are stored in the database. Lastly, I implemented session tracking by caching UUID tokens to verify user identity and automatically log out anyone inactive for over 30 minutes.