HMS Implementation Questionnaire
Purpose: This questionnaire captures all decisions and specifications needed before implementation begins.
Status: Complete - 18 key decisions confirmed
Quick Decision Summary
| # | Decision | Choice |
|---|
| 1 | VIP System | Tiered (Points-based: Silver/Gold/Platinum) |
| 2 | Queue Priority for VIP | No |
| 3 | Discount Stacking | Not allowed |
| 4 | Patient Self-Registration | No - Staff registers |
| 5 | Two-Factor Auth | Required (Email OTP) |
| 6 | SMS Notifications | No - Email only |
| 7 | Support Impersonation | Yes (with audit) |
| 8 | HIPAA Compliance | No |
| 9 | Payment Gateway | Stripe + ABA Payway + Manual |
| 10 | Queue Structure | Per Doctor |
| 11 | Session Timeout | 8 hours |
| 12 | Hospital Onboarding | Auto-approve |
| 13 | Partial Payments | Yes (unlimited) |
| 14 | Data Encryption at Rest | No |
| 15 | Advance Booking Limit | Configurable by hospital |
| 16 | Cancellation Policy | Free cancellation anytime |
| 17 | Custom Roles (Hospital) | No - Console Admin creates templates |
| 18 | Identity Provider | Keycloak (OAuth2/OIDC) |
1. Business Model & Pricing
Subscription Tiers
| Question | Answer |
|---|
| How many subscription tiers? | 3 tiers (Starter, Pro, Enterprise) |
| What features differ per tier? | Number of Clinics, Patients, and Staff |
Tier Limits
| Tier | Max Clinics | Max Patients | Max Staff |
|---|
| Starter | Limited | Limited | Limited |
| Pro | Higher | Higher | Higher |
| Enterprise | Unlimited | Unlimited | Unlimited |
2. VIP & Discount System
VIP Tier Configuration (Points-Based)
Model: Patients earn points from spending → Auto-upgrade when threshold reached
| Tier | Points Required | Default Discount |
|---|
| Silver | > 1,000 points | 5% |
| Gold | > 5,000 points | 10% |
| Platinum | > 10,000 points | 15% |
Key Rules:
- VIP tiers provide discounts only, no queue priority
- Points Earning: 1 point per $1 spent (configurable by hospital)
- VIP discount cannot stack with promotional discounts
- Hospital Admin can customize discount % and point thresholds
3. Queue Management
Queue Configuration
| Question | Answer |
|---|
| Separate queues per department? | No |
| Separate queues per doctor? | Yes |
| VIP patients get priority? | No - Same queue as everyone |
| Default queue order | First-come-first-served |
4. Appointment System
Booking Rules
| Question | Answer |
|---|
| Advance booking limit? | Configurable by hospital |
| Free cancellation window? | Anytime - Free cancellation always |
| Cancellation fee? | None |
| No-show penalty? | None |
5. Payment & Billing
Payment Methods
| Question | Answer |
|---|
| Accepted payment methods | Cash, Card, Bank Transfer |
| Payment gateway providers | Stripe (International), ABA Payway (Cambodia) |
| Support partial payments? | Yes - No limit on number of partial payments |
| Manual payments | Cash, Bank Transfer |
6. User Management & Authentication
Authentication
| Question | Answer |
|---|
| Identity Provider | Keycloak (OAuth2/OpenID Connect) |
| Password requirements | Managed by Keycloak |
| Session timeout | 8 hours of inactivity |
| Two-factor authentication | Required for all staff |
| 2FA methods | Email (OTP code) |
| Multi-tenant isolation | One Keycloak realm per hospital |
Staff Roles
| Question | Answer |
|---|
| Default roles | Owner, Admin, Doctor, Nurse, Receptionist, Cashier |
| Custom roles allowed? | No - But Console Admin can create role templates |
Patient Registration
| Question | Answer |
|---|
| Patient self-registration? | No - Staff must register patients |
| Family membership | Automatically created on registration |
7. Notifications & Communications
Notification Channels
| Channel | Enabled |
|---|
| SMS | No |
| Email | Yes |
| Push notifications | No (future) |
Notification Events
| Event | Email |
|---|
| Appointment confirmed | Yes |
| Appointment reminder | Yes |
| Payment received | Yes |
| Queue called | No |
| Prescription ready | No |
8. Data & Compliance
Compliance Requirements
| Requirement | Answer |
|---|
| HIPAA compliance needed? | No |
| Data encryption at rest? | No |
| Data encryption in transit? | Yes (TLS required) |
Hospital Onboarding
| Question | Answer |
|---|
| Approval workflow needed? | No - Auto-approve, hospital can start immediately |
Support Features
| Question | Answer |
|---|
| Support impersonation allowed? | Yes - With full audit trail |
| Impersonation session duration | 1 hour maximum |
Confirmed Business Rules
VIP & Discounts
- VIP tiers are based on accumulated spending points, not paid membership
- VIP discounts do NOT provide queue priority
- Only one discount can apply per transaction (VIP OR promotional)
- Hospital admins can customize point thresholds and discount percentages
Queue Management
- Queues are organized per doctor, not per department
- All patients (VIP and non-VIP) wait in the same queue
- First-come-first-served is the default order
Appointments
- Advance booking limits configurable by hospital
- Free cancellation at any time
- No-show patients are not penalized
Payments
- Partial payments allowed with no limit
- Points awarded after payment completion
Authentication (Keycloak)
- Keycloak is used as the identity provider
- Each hospital has its own isolated Keycloak realm
- 2FA via email OTP required for all staff
- Sessions expire after 8 hours
- Staff cannot self-register
- Console support can impersonate hospital users
Patient Registration
- Patients cannot self-register
- Family membership auto-created on registration
Roles & Permissions
- Hospitals cannot create custom roles
- Console admins create role templates
- Existing hospitals keep their roles when templates change
Console Operations
- Hospital onboarding is automatic
- Support impersonation with full audit trail
- Impersonation sessions expire after 1 hour
Notifications
- Email only (no SMS initially)
Compliance
- HIPAA compliance not required
- Data encryption at rest not required
- HTTPS (TLS) for all transmission