Web Database Contract, How much to build something like this. A estimate is fine.
To Create a Database for Customer Input (Secure Web Based)
1. Project Goal
2. Setup and Structure – Brief Scope Of Work
3. Development Costs
4. Maintenance
1. Project Goal Customer requires secure, web-based, data management portal for the collection of client information across various programs.
Website Project Highlights:
1. Web based for universal access via standard web browser
2. Compatible with desktop and mobile OS (Windows, iPad, iPhone, Android)
3. Layered security
a. Secure login and session time-outs (auto-logout)
b. SSL in-transit encryption of all web pages
c. Select database fields private-key encryption
d. Separate user logins with login tracking
e. Multi-level user access rights
4. VPS hosting with HIPPA compliant provider
2. Structure – Brief Scope Of Work The purpose of the website is to facilitate management of client information into a central and secure data management portal.
Hosting
Developer will create a Virtual Private Server with a HIPPA compliant hosting provider. The VPS server will house the web server, database server, firewall, and other necessary hosting software. At project completion Developer will hand off the responsibilities of hosting to Customer IT department.
Developer will be responsible:
1. All access to secure information will take place over https (secure http) using a valid SSL certificate.
2. Any database systems will block connections via firewall rules except from your website server.
3. Select database information will be encrypted with a private key.
4. Security scans will be done by the provider to identify possible and emerging security flaws in the web applications and scripts.
Customer will be responsible:
1. Providing a valid DNS name for the hosting (https://secure.customer.org or similar).
2. Provide a name, contact, and responsible party for the SSL certificate signing.
3. Maintaining the VPS server after Customer releases the program to Customer.
Database Structure Setup
Developer will create all the necessary databases, tables, and encryption routines
Developer will be responsible:
1. Setup all master database tables and login tables
2. Create all user and rights management tables
3. Create all data collection tables (approximately 28 programs as stated by customer)
4. Create all tracking and auditing tables
5. Import existing customer data into the appropriate data collection tables from CSV, TXT, or compatible Excel spreadsheet. Data must be provided in a usable, manageable data format.
CUSTOMER will be responsible
1. Providing the table structure for each of the 28 programs (collected data)
2. Providing existing client data in usable data format to import.
3. Generate a private key for database encryption (32 unique characters)
Website Programming
Developer will create all the necessary website pages required for this project. Pages include and are not limited to html, cfml, cfm, ajax, jQuery, and other support pages. Developer will also develop all security scripts and database scripts necessary to complete the project.
Website Data
It is assumed there are 28 program areas as described by Customer. Customer will be required to provide a complete breakdown of all the fields (data collection) necessary in each of the 28 programs. A preliminary breakdown of the data collected is below, however, it is not considered complete. Developer understands that fields may be omitted and/or added for each of the 28 programs
MIS#, Client name (first, last), case manager (first, last), admit date, coor services plan exp date, coor ser due date, cin#, mcl issue date, ins, bic/ssn, dob, pfi due date, client phone, sfpr, diagnosis, goals, address (address, city, state, zip)
Website User Levels and Rights
The website data entry and management will be separated into 28 “programs” with varying degrees of add/edit/view rights dependent upon user level. Only 3 sample program setups are shown below. (PHI = Personal Health Information)
ADMINISTRATORPROGRAM MANAGERProgram 1KEYER(Data Entry)STAFFSTAFFSTAFFPROGR
Administrator – Top level user. Assigned global rights over all users in all programs
Program Manager – Sub level user. Has right only within the assigned program.
Keyer – Data entry user. Ability to add/edit/delete data within a program
Staff – Ability to view data assigned to them with a program. PHI level assignment restricts as to what data is viewable on their screen.
Viewer – Temporary “view only” account. Can view data from any staff account within a program. No edit ability. Limited.
*General Note - Data is never deleted but rather ‘archived’. Data deleted will be removed from screens but is archived as necessary for later retrieval.
ADMINISTRATOR
The administrator is the top tier level.
1. Add/Edit/Delete Add/Edit/Delete PROGRAM MANAGERS
2. Add/Edit/Delete KEYERS
3. Add/edit/delete STAFF
4. Enter/edit/delete client data for any program
5. View data for any program
PROGRAM MANAGER
The program manager is a sub-level administrator. They have the similar functions of an administrator but are only limited to items within their program group.
1. Add/Edit/Delete KEYERS
2. Add/edit/delete STAFF
3. Enter/edit/delete client data within selected program
4. View data within selected program
KEYER
The keyer is a data entry account. Keyers have the ability to enter and edit information but they cannot edit or create users.
1. Add/Edit/Delete client information
2. Add/Edit/Delete KEYERS
3. Add/edit/delete STAFF
4. Enter/edit/delete client data for assigned program
5. View data for assigned program
STAFF
The staff account is a ‘view only’ account. It can only view client data assigned to that account. The data displayed on the screen is described by the 4 levels of PHI (provided by Customer).
1. View data for assigned program
VIEWER
The viewer account is a ‘view-only’ account. It is similar to the staff account as it can only view data information; however, it is NOT limited by the PHI and can view all data in the assigned program.
1. Project Goal
2. Setup and Structure – Brief Scope Of Work
3. Development Costs
4. Maintenance
1. Project Goal Customer requires secure, web-based, data management portal for the collection of client information across various programs.
Website Project Highlights:
1. Web based for universal access via standard web browser
2. Compatible with desktop and mobile OS (Windows, iPad, iPhone, Android)
3. Layered security
a. Secure login and session time-outs (auto-logout)
b. SSL in-transit encryption of all web pages
c. Select database fields private-key encryption
d. Separate user logins with login tracking
e. Multi-level user access rights
4. VPS hosting with HIPPA compliant provider
2. Structure – Brief Scope Of Work The purpose of the website is to facilitate management of client information into a central and secure data management portal.
Hosting
Developer will create a Virtual Private Server with a HIPPA compliant hosting provider. The VPS server will house the web server, database server, firewall, and other necessary hosting software. At project completion Developer will hand off the responsibilities of hosting to Customer IT department.
Developer will be responsible:
1. All access to secure information will take place over https (secure http) using a valid SSL certificate.
2. Any database systems will block connections via firewall rules except from your website server.
3. Select database information will be encrypted with a private key.
4. Security scans will be done by the provider to identify possible and emerging security flaws in the web applications and scripts.
Customer will be responsible:
1. Providing a valid DNS name for the hosting (https://secure.customer.org or similar).
2. Provide a name, contact, and responsible party for the SSL certificate signing.
3. Maintaining the VPS server after Customer releases the program to Customer.
Database Structure Setup
Developer will create all the necessary databases, tables, and encryption routines
Developer will be responsible:
1. Setup all master database tables and login tables
2. Create all user and rights management tables
3. Create all data collection tables (approximately 28 programs as stated by customer)
4. Create all tracking and auditing tables
5. Import existing customer data into the appropriate data collection tables from CSV, TXT, or compatible Excel spreadsheet. Data must be provided in a usable, manageable data format.
CUSTOMER will be responsible
1. Providing the table structure for each of the 28 programs (collected data)
2. Providing existing client data in usable data format to import.
3. Generate a private key for database encryption (32 unique characters)
Website Programming
Developer will create all the necessary website pages required for this project. Pages include and are not limited to html, cfml, cfm, ajax, jQuery, and other support pages. Developer will also develop all security scripts and database scripts necessary to complete the project.
Website Data
It is assumed there are 28 program areas as described by Customer. Customer will be required to provide a complete breakdown of all the fields (data collection) necessary in each of the 28 programs. A preliminary breakdown of the data collected is below, however, it is not considered complete. Developer understands that fields may be omitted and/or added for each of the 28 programs
MIS#, Client name (first, last), case manager (first, last), admit date, coor services plan exp date, coor ser due date, cin#, mcl issue date, ins, bic/ssn, dob, pfi due date, client phone, sfpr, diagnosis, goals, address (address, city, state, zip)
Website User Levels and Rights
The website data entry and management will be separated into 28 “programs” with varying degrees of add/edit/view rights dependent upon user level. Only 3 sample program setups are shown below. (PHI = Personal Health Information)
ADMINISTRATORPROGRAM MANAGERProgram 1KEYER(Data Entry)STAFFSTAFFSTAFFPROGR
Administrator – Top level user. Assigned global rights over all users in all programs
Program Manager – Sub level user. Has right only within the assigned program.
Keyer – Data entry user. Ability to add/edit/delete data within a program
Staff – Ability to view data assigned to them with a program. PHI level assignment restricts as to what data is viewable on their screen.
Viewer – Temporary “view only” account. Can view data from any staff account within a program. No edit ability. Limited.
*General Note - Data is never deleted but rather ‘archived’. Data deleted will be removed from screens but is archived as necessary for later retrieval.
ADMINISTRATOR
The administrator is the top tier level.
1. Add/Edit/Delete Add/Edit/Delete PROGRAM MANAGERS
2. Add/Edit/Delete KEYERS
3. Add/edit/delete STAFF
4. Enter/edit/delete client data for any program
5. View data for any program
PROGRAM MANAGER
The program manager is a sub-level administrator. They have the similar functions of an administrator but are only limited to items within their program group.
1. Add/Edit/Delete KEYERS
2. Add/edit/delete STAFF
3. Enter/edit/delete client data within selected program
4. View data within selected program
KEYER
The keyer is a data entry account. Keyers have the ability to enter and edit information but they cannot edit or create users.
1. Add/Edit/Delete client information
2. Add/Edit/Delete KEYERS
3. Add/edit/delete STAFF
4. Enter/edit/delete client data for assigned program
5. View data for assigned program
STAFF
The staff account is a ‘view only’ account. It can only view client data assigned to that account. The data displayed on the screen is described by the 4 levels of PHI (provided by Customer).
1. View data for assigned program
VIEWER
The viewer account is a ‘view-only’ account. It is similar to the staff account as it can only view data information; however, it is NOT limited by the PHI and can view all data in the assigned program.
These requirements are a good start, but not enough - at least for me - to produce an estimate. If a client handed this to me, I'd need to do additional discovery before I'd provide an estimate.
It doesn't look like a huge project. I'd say more than US$5K, and less than US$50K - just based on what is in front of me. That includes additional requirement gathering, specifications, coding, and testing.
I don't think it would take a lot more to be able to produce a reasonable estimate, but hard to say without actually talking to the client.
Hope that helps.
Check out my EE profile: https://www.experts-exchange.com/members/Gary_The_IT_Pro.html
It doesn't look like a huge project. I'd say more than US$5K, and less than US$50K - just based on what is in front of me. That includes additional requirement gathering, specifications, coding, and testing.
I don't think it would take a lot more to be able to produce a reasonable estimate, but hard to say without actually talking to the client.
Hope that helps.
Check out my EE profile: https://www.experts-exchange.com/members/Gary_The_IT_Pro.html
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER