Health care companies have pressing and unique customer relationship management needs. Moreover, they need to have all their systems conform to regulatory guidelines. All the US based healthcare companies need to meet standards set by Health Insurance Portability and Accountability Act (HIPAA). The act was passed to ensure that (i) confidential information remain protected (ii) reduce frauds and abuse in health care industries (iii) Set up benchmarks for IT systems to handle advanced functionalities like electronic billing (iv) protect health insurance coverage for American families in the event of unemployment.

In this article we will see how you can make your SuiteCRM instance meet these requirements. It is meant for companies evaluating or in the process of implementing SuiteCRM for their organization.

Banner SugarCRM Services link landing page

Defining Roles within SuiteCRM

One of the crucial aspects of the solution is to define which user will have access to certain information. This is usually as per functions that the user is required to perform. For instance, let us say that we have the following information within SuiteCRM to handle the patient information.

Serial NoModulesDetails Contained
1PatientName, address, contact details, SSN (last 4)
2AppointmentVisit Date, Time, Subject, Notes, Status (Held/Scheduled)
3Medical RecordsInformation containing health conditions
4Billing informationInformation containing invoice, amounts, payment status and due dates
5Lab reportsDocuments attached to the patient records containing lab test results.

Let us say that we have the following user roles – Lab Technician, Doctors, Reception and Billing department accessing the information within CRM. Following is a probable access definition which can be done within SuiteCRM.

SNoRolePatientMedical RecordsAppointmentsBillingLab Reports
1DoctorsRead, WriteRead, WriteReadReadRead, Write
2ReceptionRead, WriteNo AccessRead, WriteReadNo Access
3Lab TechnicianReadNo AccessNo AccessNo AccessRead, Write
4Billing Dept.ReadNo AccessReadRead, WriteNo Access

You can access role definitions within SuiteCRM by going to admin->Role Management.

Role management within SuiteCRM

Field level control

Control on field level information is needed to protect sensitive information. For example, the fields available to a billing clerk may be different from how the doctor view it. Confidential information like last 4 of SSN may be hidden for user roles which do not require the information. Though this is not available out of the box, SuiteCRM can be customized to adhere to this requirement. Using this customization, you can control which fields can be viewed and changed by certain user roles.

Different Record views for different roles

It might be noted that the way of presenting the same record may be different for different roles. For example, the way patient information is presented to billing clerk may be different from how the doctors view it. It may be so possible that certain records need not be viewed at all by certain user segments. For example, any patient without having any outstanding bills in the recent past need not be presented to billing department.

Portal integration

SuiteCRM can be integrated with self-service portals so that customers can login and view relevant information like their lab reports and medical history. They may also be able to update their contact information if needed.

Payment Card integration

By integrating SuiteCRM with popular payment card gateways like Authorize.NET, it can help the patients pay their bills electronically in a secure manner. This can also improve the efficiency of the solution and help reduce the volume of calls to the billing department. Saving the card for future billing also helps reduce the time lag between invoice and payment.


Password Management and secured hosting

By having a custom scheduler you can force users to set their password at regular intervals. You can set the complexity of passwords to have mix of alphanumeric, special characters as well as build in certain minimum length requirement. Also make sure that you host your CRM instance behind firewalls.


Maintaining documentation and disaster recovery

You must maintain the updated documentation of your SuiteCRM application. This must include technical design, role definition and change version. It is also be good idea to periodically back up instance as well as database. Having a disaster recovery plan ensures business continuity in case of any unforeseen situation.


Training and Audit

Ensuring that users are trained on HIPAA compliance aspects as well as building in an annual audit process to check compliance, can keep the organization on track. Documenting these aspects is a must.

About us and what we do

We are a full service SuiteCRM development company and work on all related technologies like PHP, mySQL, JavaScipt, responsive portal integration and mobile APP development. Given our past experience in CRM consulting and reusable solutions, we are uniquely positioned to make your SuiteCRM implementation a success story. Reach out to us now for a free no obligation assessment.

Contact us for a free assessment