Mobile App Development for Electronic Medical Record

Developing a Mobile App for Electronic Medical Record

EMR on mobile — not just "show visit history." This is personal medical data, highest protection class under most laws, strict access requirements, yet UX where doctor opens needed record in 10 seconds in office. Architectural contradiction: data must be quickly accessible yet maximally protected.

Regulatory Framework — Architecture Foundation

Russia. Ministry Health Order #947н (EMR structure), Federal Law #323 "On Healthcare Basis," Federal Law #152 on personal data. Data — special category, processing only with explicit consent. Server — Russian territory only.

Europe. GDPR (special categories article 9), national implementations (DSGVO in Germany). Right to access, right to erasure.

USA. HIPAA: Protected Health Information (PHI), Business Associate Agreement with each contractor, audit log for each patient data access.

Jurisdiction choice determines: where host, what encryption/logging mandatory, Firebase Analytics usable, what notifications show user.

Access Architecture: Roles and Separation

Minimum two completely different users:

Patient. Sees own data: anamnesis, diagnoses, test results, prescriptions, allergies. Can show QR for emergency access (no auth — critical data only: blood type, allergies, chronic conditions). Manages processing consents per clinic.

Doctor / Staff. Sees patient data only within active visit. Access to records from other clinic — only with patient consent. Each view — audit log (WHO accessed WHAT at WHEN).

Audit log — not optional with HIPAA, mandatory requirement. Entry structure: userId, resourceType, resourceId, action (view/edit/export), timestamp, ipAddress, deviceId. Store minimum 6 years (HIPAA) or 3 years (Russia by #152).

Encryption and Storage

EMR data never stored open. Doctor offline caching scenario:

iOS: Core Data with encryption via NSPersistentStoreDescription + NSFileProtectionCompleteUnlessOpen. Encryption key in Secure Enclave with biometric protection.

Android: Room + EncryptedSharedPreferences + SQLCipher. Key in Android KeyStore with setUserAuthenticationRequired(true).

Data transmission: TLS 1.3 mandatory, TLS 1.2 with limits acceptable. Certificate pinning. Between organizations — HL7 FHIR R4 as interoperability standard.

FHIR R4 — Standard Not to Ignore

If EMR needs integration with other MIS, HL7 FHIR R4 — de-facto standard. Resources: Patient, Observation, Condition, MedicationRequest, DiagnosticReport, Encounter.

On mobile — REST API to FHIR server (HAPI FHIR, Azure Health Data Services, Google Cloud Healthcare API). iOS: no official FHIR SDK, use Alamofire + custom Codable models. Android: Google's android-fhir SDK (official, supports offline sync via FHIR Structured Data Capture).

Example observation request:

GET /fhir/Observation?patient=Patient/123&category=vital-signs&_sort=-date&_count=20

Medical Data in UI

Some things medical-specific:

Reference ranges. Result "Glucose: 7.2 mmol/L" shown with context: normal 3.9–6.1, last 6.8, trend rising. Charts/MPAndroidChart for trend graphs.

Drug interactions. If showing prescriptions, need DDI check (drug-drug interactions) — via DrugBank or RxNorm API. Separate scope.

Emergency QR. Offline-accessible QR without auth, containing critical data only in Smart Health Cards or FHIR Patient Summary standard. Generated and cached at last online session.

Special Test Scenarios

Doctor lost phone: patient data on device must be destroyed via remote wipe (MDM) or inaccessible without biometry after N minutes.

Patient died: what happens to trusted person access? Not technical — legal, but affects architecture.

Process

Full MVP — 2–3 months. App with full FHIR integration, doctor and patient support, HIPAA-compliant audit log — closer to three. Custom pricing after detailed requirements analysis.