Frequently Asked Questions (FAQ)
Find answers to common questions about SecureHealth, organized by your role and interests. Whether you're a developer, healthcare provider, IT administrator, or decision maker, we've got you covered.
For Developersβ
Technical Implementationβ
Q: What version of MongoDB do I need for Queryable Encryption? A: SecureHealth requires MongoDB 8.2 Enterprise Edition with Queryable Encryption support. This includes the latest performance improvements and enhanced key management capabilities.
Q: Can I use MongoDB Community Edition? A: No, Queryable Encryption is only available in MongoDB Enterprise Edition. However, you can use MongoDB Atlas (which includes Enterprise features) for development and production.
Q: What PHP version is required? A: SecureHealth requires PHP 8.2 or higher. We recommend PHP 8.3 for the best performance and latest features.
Q: Is Symfony 7.0 required, or can I use an older version? A: While we recommend Symfony 7.0 for the latest features and security updates, the core functionality should work with Symfony 6.4+. However, some advanced features may require Symfony 7.0.
Q: How do I set up encryption keys for development?
A: Use the command-line tool: php bin/console app:generate-encryption-key. For production, ensure keys are stored securely and rotated regularly.
Q: Can I integrate SecureHealth with existing healthcare systems? A: Yes! SecureHealth provides comprehensive APIs and can integrate with HL7 FHIR, EHR systems, and other healthcare applications. See our Integration Examples for details.
Security & Complianceβ
Q: How does the audit logging work? A: Every action is logged with user ID, timestamp, IP address, and data accessed. Logs are encrypted and stored separately from patient data for compliance.
Q: What encryption algorithms are used? A: We use AES-256 encryption with three types:
- Deterministic: For searchable fields (names, emails)
- Range: For date/numeric queries
- Standard: For highly sensitive data (SSN, diagnoses)
Q: How do I ensure HIPAA compliance in my implementation? A: Follow our HIPAA Compliance Guide and implement all required safeguards. The system includes built-in compliance features, but proper configuration is essential.
Q: Can I customize the role-based access control? A: Yes! The system uses Symfony Security Voters, making it easy to add custom roles and permissions. See our RBAC Guide for implementation details.
Development & Testingβ
Q: How do I run the test suite?
A: Use docker-compose exec php bin/phpunit to run all tests, including HIPAA compliance tests and MongoDB Queryable Encryption tests.
Q: Can I develop without Docker? A: While Docker is recommended for consistency, you can develop locally. Ensure you have MongoDB 8.2 Enterprise and all required PHP extensions installed.
Q: How do I debug encryption issues?
A: Use the CLI tool: php bin/console app:test-encryption and check the application logs. The system provides detailed error messages for common encryption problems.
Q: What's the performance impact of Queryable Encryption? A: There's a 10-15% performance overhead for encrypted queries, but this is offset by the security benefits. We provide optimization tips in our Performance Guide.
For Healthcare Providersβ
System Usageβ
Q: How do I log into the system? A: Use your assigned email and password. The system supports role-based access, so you'll only see features appropriate to your role (Doctor, Nurse, Receptionist).
Q: Can I access patient data from my mobile device? A: Yes! The system is mobile-responsive and works on tablets and smartphones. All data remains encrypted and secure on mobile devices.
Q: How do I generate SOAP notes? A: Use the AI Documentation Assistant feature. Enter patient information, chief complaint, and vital signs, and the system will generate a structured SOAP note using AI.
Q: Can I customize the AI-generated notes? A: Yes! AI-generated notes are editable. You can modify any section and the system will track changes for audit purposes.
Q: How do I search for patients? A: You can search by name, patient ID, or email. The system performs encrypted searches, so you can find patients even though their data is encrypted in the database.
Data Securityβ
Q: What patient information can I see? A: Your access depends on your role:
- Doctors: Full access to all patient data including medical history, diagnoses, and SSN
- Nurses: Medical data access but no SSN or insurance details
- Receptionists: Basic information and insurance details but no medical data
Q: How do I know if data is secure? A: All patient data is encrypted at the field level using MongoDB Queryable Encryption. You can verify this by checking the "X-Ray View" in the demo to see encrypted data.
Q: What happens if I accidentally access the wrong patient? A: The system logs all access attempts. If you access incorrect data, it will be recorded in the audit log. Contact your system administrator immediately.
Q: Can I export patient data? A: Yes, but exports are logged and may require additional permissions depending on your role and the data being exported.
Workflow Integrationβ
Q: How does this integrate with our existing EHR? A: SecureHealth can integrate with most EHR systems through APIs. Contact your IT administrator for specific integration details.
Q: Can I schedule appointments through this system? A: Yes! The system includes comprehensive appointment scheduling with role-based access controls.
Q: How do I handle prescription management? A: The system tracks prescriptions and medications. Doctors can create prescriptions, nurses can view them, and the system maintains an audit trail.
Q: What about lab results? A: Lab results are encrypted and stored securely. You can view, add, and track lab results with appropriate permissions.
For IT Administratorsβ
System Administrationβ
Q: How do I install and configure SecureHealth? A: Follow our Installation Guide. The system includes Docker setup for easy deployment and configuration.
Q: What are the system requirements? A: Minimum requirements:
- PHP 8.2+
- MongoDB 8.2 Enterprise
- 4GB RAM
- 20GB storage
- HTTPS certificate for production
Q: How do I manage users and roles?
A: Use the command-line tool: php bin/console app:create-user and php bin/console app:update-user. You can also manage users through the web interface if you have admin access.
Q: How do I backup the system?
A: Use php bin/console app:backup-database to create encrypted backups. Store backups securely and test restoration procedures regularly.
Q: How do I monitor system performance?
A: Use php bin/console app:monitor-performance and check the application logs. The system provides comprehensive monitoring capabilities.
Security Managementβ
Q: How do I rotate encryption keys?
A: Use php bin/console app:rotate-encryption-keys. This process re-encrypts all data with new keys while maintaining system availability.
Q: How do I view audit logs?
A: Use php bin/console app:view-audit-logs or access the web interface. Logs can be exported for compliance reporting.
Q: What security measures should I implement? A: Ensure HTTPS, regular security updates, proper firewall configuration, and regular security audits. See our Security Implementation Guide.
Q: How do I handle security incidents? A: The system provides comprehensive audit trails. Follow your organization's incident response procedures and use the audit logs to investigate.
Compliance & Auditingβ
Q: How do I ensure HIPAA compliance? A: Implement all technical, administrative, and physical safeguards. The system provides built-in compliance features, but proper configuration and policies are essential.
Q: How long should I retain audit logs? A: HIPAA requires 6 years of audit log retention. The system can be configured to automatically archive old logs.
Q: How do I prepare for compliance audits? A: Use the audit log export features and ensure all required documentation is available. The system provides comprehensive reporting capabilities.
Q: What about data breach notification? A: The system logs all access attempts and can help identify potential breaches. Follow your organization's breach notification procedures.
For Decision Makersβ
Business Valueβ
Q: What are the business benefits of SecureHealth? A: Key benefits include:
- HIPAA compliance out of the box
- Reduced risk of data breaches
- Improved patient trust
- Streamlined workflows
- AI-powered documentation
- Comprehensive audit trails
Q: How does this compare to other healthcare systems? A: SecureHealth is unique in its use of MongoDB Queryable Encryption, providing field-level encryption while maintaining search capabilities. Most systems either encrypt everything (making searches difficult) or leave data unencrypted.
Q: What's the ROI of implementing SecureHealth? A: ROI comes from reduced compliance costs, improved efficiency through AI documentation, and reduced risk of costly data breaches. Most organizations see ROI within 12-18 months.
Q: Can this replace our existing EHR? A: SecureHealth can complement or replace existing systems depending on your needs. It's designed to integrate with existing healthcare infrastructure.
Implementation & Costsβ
Q: How long does implementation take? A: Typical implementation takes 3-6 months depending on:
- System complexity
- Integration requirements
- Staff training needs
- Compliance requirements
Q: What are the ongoing costs? A: Costs include:
- MongoDB Atlas (if using cloud)
- Server infrastructure
- Maintenance and updates
- Staff training
- Compliance monitoring
Q: Do we need specialized staff? A: Basic PHP/Symfony knowledge is helpful but not required. The system includes comprehensive documentation and support.
Q: What about vendor lock-in? A: SecureHealth is open source, so you're not locked into a proprietary system. You can modify, extend, or migrate as needed.
Risk Managementβ
Q: What are the security risks? A: Risks are significantly reduced compared to traditional systems:
- Data is encrypted at rest and in transit
- Comprehensive audit logging
- Role-based access controls
- Regular security updates
Q: How do we handle data migration? A: The system includes migration tools and can work with existing healthcare data formats. We provide migration support and documentation.
Q: What about disaster recovery? A: The system includes automated backup capabilities and can be deployed across multiple data centers for high availability.
Q: How do we ensure staff adoption? A: The system is designed for ease of use with role-based interfaces. We provide comprehensive training materials and support.
General Questionsβ
Getting Startedβ
Q: How do I get started with SecureHealth? A: Start with our Quick Start Guide or try the live demo to see the system in action.
Q: Is there a free trial? A: Yes! You can try the live demo or deploy your own instance using our open source code.
Q: Do you provide training? A: We provide comprehensive documentation, video tutorials, and can arrange custom training sessions for organizations.
Q: What support is available? A: Support includes:
- Comprehensive documentation
- GitHub issues and discussions
- Community forums
- Professional support options
Technical Supportβ
Q: How do I report bugs or issues? A: Report issues through GitHub Issues or contact support@securehealth.dev for urgent matters.
Q: How often is the system updated? A: We release regular updates with new features, security patches, and improvements. Major updates are released quarterly.
Q: Can I contribute to the project? A: Yes! SecureHealth is open source. See our Contributing Guide for details on how to contribute.
Q: Is the system actively maintained? A: Yes, SecureHealth is actively developed and maintained with regular updates and security patches.
Still have questions? Check out our Support section or try the live demo to see SecureHealth in action.