Design Document

Tech Stack

Backend API - Django Frontend - React Typescript Database - Postgres - RDS with read replica Hosting Backend - EKS with amazon ACM cert Hosting Frontend - EC2 - Nginx with Cloudflare origin cert and proxy Version control - Github Communication - Slack Ci/CD - Circle Ci

Production

Care is deployed in production at different states in India. The production instance for Kerala/Ernakulam is deployed at

Staging

Testing

API Documentation

ER Diagram

Data Visualization

Task Manager and Issue Tracker

Status Monitor

New Relic APM

Repository

Related Applications

• Telemedicine (WIP)

Features

Facility Management

Realtime Capacity Analysis

Patient Management

Sample Management

Patient Record Management

Inventory Management

Central Dashboard for GOV

Central Dashbaord for all facilities

• Number of beds avilable

• Number of patients admitted

• Nubmer of COVID postive patients

• Number of people under observation

• Number of cases reported today

• Number of COVID postive reported today

District wise stats

• Number of beds avilable

• Number of patients admitted

• Nubmer of COVID postive patients

• Number of people under observation

• Number of cases reported today

• Number of COVID postive reported today

Capture daily triage details from each hospital

This will allow all facilities in the care system to operate their own telemedicine unit seamlessly.

Requirments

1. staff profile with limited data access should be able to log calls

2. doctor linked to the facility should be able to see the pending calls and associated patent record

3. The doctor should be able to add consultation

4. The doctor should be able to schedule a reminder for follow-up.

5. pending calls, upcoming followups and missed followups should be listed on an index page

6. The docotor should be able to add a prescription for the patient which can be shared with the patient via SMS.

7. The pharmacy unit of the facility should be able to mark the status of each prescription given to the patient.

8. Doctor could be a tele-caller for multiple facilities.

9. A facility admin should be able to assign calls to a doctor

Changes required in Care

• [Evaluate and add chnages required]

After Merge

• Migrate data from telemed to care

• Unique Patient Registration

• Capture basic medical data

• Capture consulation details

• Capture daily rounds

Tables

• Number of beds

• Number of ICU beds

• Number of Paitens

• Number COVID positive Patients

• Stock (Inventory along with count)

• number of facilities

• facility stats

• totoal number of patients admited

• total number of patients positive

• Number of ICU beds free

• show where the ICU beds are avilable

• Number of people under observation

Facility stats

• Number of beds

• Number of ICU beds

• Number of Paitens

• Number COVID positive Patients

• Stock (Inventory along with count)

Generate ICMR form the user data

Patient Consulation details Daily Rounds for each consultation Option to tranfer a medical records from one hospital to another.

PatientRegistration

 id AutoField
 created_by ForeignKey (id)
 district ForeignKey (id)
 facility ForeignKey (id)
 local_body ForeignKey (id)
 meta_info OneToOneField (id)
 nearest_facility ForeignKey (id)
 state ForeignKey (id)
 aadhar_no CharField
 address EncryptedTextField
 age PositiveIntegerField
 blood_group CharField
 contact_with_confirmed_carrier BooleanField
 contact_with_suspected_carrier BooleanField
 countries_travelled JSONField
 countries_travelled_old TextField
 created_date DateTimeField
 date_of_birth DateField
 date_of_receipt_of_information DateTimeField
 date_of_return DateTimeField
 deleted BooleanField
 disease_status IntegerField
 estimated_contact_date DateTimeField
 external_id UUIDField
 gender IntegerField
 has_SARI BooleanField
 is_active BooleanField
 is_medical_worker BooleanField
 modified_date DateTimeField
 name EncryptedCharField
 nationality CharField
 number_of_aged_dependents IntegerField
 number_of_chronic_diseased_dependents IntegerField
 ongoing_medication TextField
 passport_no CharField
 past_travel BooleanField
 patient_search_id EncryptedIntegerField
 phone_number EncryptedCharField
 present_health TextField
 source IntegerField
 year_of_birth IntegerField 

 id: AutoField
 district: ForeignKey (id)
 local_body: ForeignKey (id)
 skill: ForeignKey (id)
 state: ForeignKey (id)
 age: IntegerField
 date_joined: DateTimeField
 deleted: BooleanField
 email: EmailField
 first_name: CharField
 gender: IntegerField
 is_active: BooleanField
 is_staff: BooleanField
 is_superuser: BooleanField
 last_login: DateTimeField
 last_name: CharField
 password: CharField
 phone_number: CharField
 user_type: IntegerField
 username: CharField
 verified: BooleanField 

Roles

 id AutoField
 facility ForeignKey (id)
 item ForeignKey (id)
 created_date DateTimeField
 deleted BooleanField
 external_id UUIDField
 modified_date DateTimeField
 quantitiy IntegerField 

minimum_stock will vary for each inventory item. It should be captured so that, we could trigger alerts

For the network security of the application we have enforced the following standards.

1. Web Application Firewall (WAF) Configured at Domain level to prevent access to coronasafe.network from countries like US, China, Hongkong, Pakistan , Russian Federation Etc

2. Open Web Application Security Project (OWASP) core rule set based WAF rules implemented to provide protection against common attack categories, including Structured Query Language (SQL) Injection and Cross-Site Scripting.

3. Customised WAF rules created to prevent common attacks and Bot Access

4. Autonomous system number (ASN) based lockdown in WAF against common threat matrix.

5. Sanity Check Based Block and Rate Limiting Enabled

6. Network level Port Blocking allowing only port 80 and 443 from internet in the entire network

7. IP blacklist and lockdown based on Threat Score ( Score Greater than 8 is blocked) based on IP reputation.

8. Customised Content Security policy (CSP) Header implemented to prevent common Clickjacking and other attacks .

9. HTTP Strict Transport Security (HSTS) preloaded domain wide to enforce Hypertext Transfer Protocol Secure (HTTPS) only traffic with a Max Age of 1 year

10. Origin to domain, domain to domain, and domain to User traffic encrypted via Transport Layer Security 1.2 (tls1.2) and above

11. Content Security Policy (CSP) and Certificate Transparency CT violations monitoring done to update threat matrix

12. The Domain Name System Security Extensions (DNSSEC) enabled to prevent domain takeovers .(DNSSEC protects against forged domain name system (DNS) answers. DNSSEC protected zones are cryptographically signed to ensure the DNS records received are identical to the DNS records published by the domain owner.)

13. Speed up of page load speed by the Implementation of Brotli Compression

14. HTTP/2 and HTTP/3(Quick User Datagram Protocol Internet Connections) enabled for faster network speeds

15. Automatic Branch based Continuous integration (CI) and continuous delivery (CD) to prevent unauthorised access.

16. New pods are created before old pods with old code is terminated.

17. Database backups (Snapshots) are created daily at scheduled intervals and stored with Key Management Service (KMS) keys securely inside Cloud Infrastructure without external Access.

18. All server nodes and Volumes and database Instances are Encrypted with KMS based Cryptographic Keys.

19. Database Connectivity allowed only using internal Private Network and allowed for the backend host only.

20. Virtual Private Network(VPN) + Jump Host( Bastion Host) Based Server Maintenance (Cluster Management Shell ) to enhance security.

Reverse Proxying all network traffic to mask origin IP to enhance security. Apart from the above rules, additional measures could be added to enforce maximum security of data

1. CERT Certification

Care has been Security Audited & Assessed as per CERT-IN Guideline & OWASP Standard. The Site & Web Application is fit and safe for hosting under continuous monitoring and observation by Authorized Authorities. The Application/Site has fulfilled the criteria as per CERT-IN Security norms.

The full certification details can be found here:

2. Vulnerability Assessment Report by Lucideus

2. Security Assessment Report by Mozilla Observatory

3. SSL Security Test by ImmuniWeb

Details to be Added