Patient Portal & Mobile App Master Data & Configuration
Home / Portals & Mobile Apps / Patient Portal & Mobile App / Master Data

Patient Portal & Mobile App Master Data & Configuration

Master Data Inventory

ID Data Set Source Approx. Records Owner Update Frequency Approver
MD-PPT-001 Portal Content (Help Pages, FAQs) Facility marketing/communications ~50 Portal Administrator Quarterly review; ad‑hoc updates Head of Patient Experience / Marketing
MD-PPT-002 Provider Profiles Provider credentials + marketing content ~200 Medical Staff Office + Portal Administrator On provider change; monthly review Medical Director
MD-PPT-003 Form Templates Clinical/administrative departments ~30 Portal Administrator As needed; annual review Relevant Dept Head + Clinical Informatics
MD-PPT-004 Notification Templates Facility communications ~40 Portal Administrator As needed; quarterly review Communications Lead / Compliance (for PDPL text)
MD-PPT-005 Result Release Rules Medical records policy ~10 Medical Director / HIM Annual review; as policy changes Medical Executive Committee
MD-PPT-006 Supported Languages Facility policy 2–4 Portal Administrator On language policy change CIO / Patient Experience Lead
MD-PPT-007 Telehealth Platforms & Config IT / Vendor 1–5 IT / Telehealth Program Manager On vendor/config change CIO
MD-PPT-008 Payment Methods & Gateways Finance + IT 5–15 Revenue Cycle Manager On contract change CFO
MD-PPT-009 Appointment Types & Visit Reasons (Portal) Scheduling policies 20–50 Scheduling Manager Quarterly Ambulatory Medical Director
MD-PPT-010 Proxy Relationship Types & Access Levels Legal / Compliance 5–15 Compliance Officer Annual Legal Counsel
MD-PPT-011 Portal Feature Toggles & Access Policies Internal policy 20–40 Portal Administrator As needed CIO / Clinical Governance
MD-PPT-012 UAE PDPL Consent Texts & Privacy Notices Legal / Compliance 5–10 Data Protection Officer On PDPL/policy change DPO + Legal
MD-PPT-013 NABIDH/Malaffi Sharing Preferences Codes DHA/DOH guidance 5–10 Integration Team On HIE policy change CIO / DPO

Note: Core shared entities (patients, providers, facilities, payers, etc.) are defined in their owning modules and referenced here via foreign keys; they are not redefined as master data in this file.

Setup Sequence

Data sets must be configured in the following dependency order before enabling the patient portal and mobile apps.

flowchart TD A["Step 1: MD-PPT-006 Supported Languages"] --> B["Step 2: MD-PPT-001 Portal Content"] A --> C["Step 3: MD-PPT-012 PDPL Consent Texts & Privacy Notices"] A --> D["Step 4: MD-PPT-004 Notification Templates"] E["Step 5: MD-PPT-007 Telehealth Platforms & Config"] --> H["Step 9: MD-PPT-011 Feature Toggles & Access Policies"] F["Step 6: MD-PPT-008 Payment Methods & Gateways"] --> H G["Step 7: MD-PPT-009 Appointment Types & Visit Reasons"] --> H I["Step 8: MD-PPT-010 Proxy Relationship Types & Access Levels"] --> H J["Step 10: MD-PPT-005 Result Release Rules"] --> H K["Step 11: MD-PPT-013 NABIDH/Malaffi Sharing Preferences Codes"] --> H L["Step 12: MD-PPT-002 Provider Profiles"] --> H M["Step 13: MD-PPT-003 Form Templates"] --> H H --> N["Step 14: Portal Go-Live"]

Load / Configuration Order (narrative):

  1. Supported Languages (MD-PPT-006) – define available UI languages (EN/AR minimum) and RTL behavior.
  2. Portal Content (MD-PPT-001) – help, FAQs, onboarding guides in all supported languages.
  3. PDPL Consent Texts & Privacy Notices (MD-PPT-012) – bilingual consent and privacy content, including NABIDH/Malaffi references where applicable.
  4. Notification Templates (MD-PPT-004) – email/SMS/push templates, localized, referencing PDPL consent where needed.
  5. Telehealth Platforms & Config (MD-PPT-007) – WebRTC vendor, TURN/STUN servers, allowed browsers/apps.
  6. Payment Methods & Gateways (MD-PPT-008) – payment gateway endpoints, supported methods, currencies.
  7. Appointment Types & Visit Reasons (MD-PPT-009) – which appointment types are bookable via portal.
  8. Proxy Relationship Types & Access Levels (MD-PPT-010) – parent/guardian, caregiver, etc., with access scopes.
  9. Portal Feature Toggles & Access Policies (MD-PPT-011) – enable/disable modules (telehealth, payments, messaging) per facility.
  10. Result Release Rules (MD-PPT-005) – delays and exclusions for lab/radiology/notes.
  11. NABIDH/Malaffi Sharing Preferences Codes (MD-PPT-013) – patient-facing options for HIE sharing.
  12. Provider Profiles (MD-PPT-002) – enriched provider data for search and booking.
  13. Form Templates (MD-PPT-003) – digital forms and consents mapped to workflows.
  14. Go-Live – open registration and activation workflows.

Master Data Specifications

MD-PPT-001: Portal Content (Help Pages, FAQs)

Purpose

Static and semi-static informational content displayed in the portal and mobile apps: FAQs, how-to guides, contact information, telehealth instructions, PDPL rights explanations, etc. Must be bilingual (EN/AR) and easily maintainable without code changes.

Logical Table: portal_content_pages

Schema

Field Type Required Description
content_id VARCHAR(50) YES Unique identifier (e.g., HELP_TELEHEALTH_SETUP)
slug VARCHAR(100) YES URL-friendly identifier (e.g., telehealth-setup)
title_en VARCHAR(200) YES English title
title_ar VARCHAR(200) YES Arabic title (RTL)
body_en TEXT YES English HTML/markdown content
body_ar TEXT YES Arabic HTML/markdown content
category VARCHAR(50) YES Category (e.g., FAQ, HELP, LEGAL)
is_public BOOLEAN YES Whether accessible without login
sort_order INT NO Display ordering within category
last_reviewed_date DATE NO Last content review date
owner_role VARCHAR(100) YES Responsible role (e.g., Portal Administrator)
is_active BOOLEAN YES Active flag

Sample Data

content_id slug title_en title_ar category is_public sort_order owner_role
HELP_GET_STARTED get-started Getting Started with the Patient Portal البدء في استخدام بوابة المرضى HELP TRUE 1 Portal Administrator
FAQ_RESULTS viewing-results Viewing Your Lab & Radiology Results عرض نتائج المختبر والأشعة FAQ FALSE 2 Portal Administrator
HELP_TELEHEALTH_SETUP telehealth-setup Preparing for a Telehealth Visit الاستعداد لزيارة التطبيب عن بُعد HELP TRUE 3 Telehealth Program Manager
CONTACT_SUPPORT contact-support How to Contact Support كيفية التواصل مع الدعم HELP TRUE 4 Portal Administrator
PDPL_RIGHTS pdpl-rights Your Data Privacy Rights (UAE PDPL) حقوقك في خصوصية البيانات (قانون حماية البيانات الإماراتي) LEGAL TRUE 5 Data Protection Officer

Data Governance

  • Owner: Portal Administrator
  • Approval:
  • Clinical content: relevant Clinical Lead
  • Legal/privacy content: Data Protection Officer (DPO) / Legal
  • General help/FAQ: Head of Patient Experience / Marketing
  • Update Frequency:
  • Routine review every 6–12 months
  • Immediate updates when workflows or regulations change (e.g., PDPL amendments, NABIDH/Malaffi policy changes)
  • Change Process: 1. Content change request submitted via internal ticket. 2. Draft prepared by Portal Administrator / Communications. 3. Review and approval by appropriate approver. 4. Update in CMS / admin UI. 5. Notify support staff and update training materials.

Validation Rules

  • content_id unique, uppercase alphanumeric with underscores.
  • slug unique, lowercase, only [a-z0-9-].
  • Both title_en and title_ar required for all active records.
  • category must be in controlled list: {HELP, FAQ, LEGAL, TECH, BILLING, TELEHEALTH}.
  • is_public = FALSE for any content referencing patient-specific data.
  • last_reviewed_date must be within last 24 months for is_active = TRUE (flag for review otherwise).

MD-PPT-002: Provider Profiles

Purpose

Enriched provider metadata used for patient-facing provider search and appointment booking: specialties, languages, photos, bios, locations. Extends core providers entity from ehr-patient-mgmt.

Logical Table: provider_profiles (1:1 or 1:0..1 with providers)

Schema

Field Type Required Description
provider_id BIGINT YES FK to providers.provider_id
display_name_en VARCHAR(200) YES Provider name as displayed in English
display_name_ar VARCHAR(200) YES Provider name as displayed in Arabic
specialty_en VARCHAR(200) YES Primary specialty (EN)
specialty_ar VARCHAR(200) YES Primary specialty (AR)
languages_spoken VARCHAR(200) YES Comma-separated list (e.g., Arabic,English,Hindi)
bio_en TEXT NO Short biography (EN)
bio_ar TEXT NO Short biography (AR)
photo_url VARCHAR(500) NO URL to provider photo
accepts_new_patients BOOLEAN YES Whether provider accepts new patients
telehealth_enabled BOOLEAN YES Whether provider offers telehealth
primary_facility_id BIGINT YES FK to facilities.facility_id
rating_average DECIMAL(3,2) NO Average patient rating (1.00–5.00)
rating_count INT NO Number of ratings
is_visible_in_portal BOOLEAN YES Whether provider appears in search
sort_priority INT NO Higher = earlier in search results

Sample Data

provider_id display_name_en display_name_ar specialty_en specialty_ar languages_spoken accepts_new_patients telehealth_enabled primary_facility_id is_visible_in_portal
1001 Dr. Ahmed Al-Maktoum د. أحمد المكتوم Family Medicine طب الأسرة Arabic,English TRUE TRUE 10 TRUE
1002 Dr. Fatima Al-Nahyan د. فاطمة النهيان Pediatrics طب الأطفال Arabic,English TRUE FALSE 11 TRUE
1003 Dr. Omar Al-Suwaidi د. عمر السويدي Cardiology أمراض القلب Arabic,English,Hindi FALSE TRUE 10 TRUE
1004 Dr. Sara Al-Hosani د. سارة الحوسني Dermatology الأمراض الجلدية Arabic,English TRUE TRUE 12 TRUE
1005 Dr. Khalid Al-Marri د. خالد المري Orthopedics جراحة العظام Arabic,English,Urdu TRUE FALSE 10 TRUE

Data Governance

  • Owner: Medical Staff Office (core data) + Portal Administrator (presentation fields).
  • Approval:
  • Credentials, specialty: Medical Staff Office.
  • Bio, photo: Provider + Marketing/Communications.
  • Update Frequency:
  • On provider onboarding, role change, or departure.
  • Annual review of all profiles.
  • Change Process: 1. Provider or department submits update request. 2. Medical Staff Office validates specialty, facility, and status. 3. Portal Administrator updates profile via admin UI. 4. For telehealth enablement, Telehealth Program Manager confirms training and licensing.

Validation Rules

  • provider_id must exist and be active in providers.
  • primary_facility_id must exist in facilities and be portal-enabled.
  • display_name_en and display_name_ar required if is_visible_in_portal = TRUE.
  • rating_average between 1.00 and 5.00 if not null; rating_count >= 0.
  • telehealth_enabled = TRUE only if telehealth platform configured (MD-PPT-007) and provider licensed for telehealth per DOH/DHA/MOH rules.

MD-PPT-003: Form Templates

Purpose

Defines reusable digital form templates (pre-registration, medical history, consent forms, billing forms) rendered in the portal/app. Each template is versioned and bilingual, with JSON schema for dynamic rendering and mapping to target modules.

Logical Table: form_templates

Schema

Field Type Required Description
form_template_id VARCHAR(50) YES Unique template ID (e.g., PREREG_ADULT)
name_en VARCHAR(200) YES Form name (EN)
name_ar VARCHAR(200) YES Form name (AR)
category VARCHAR(50) YES e.g., PREREG, CONSENT, CLINICAL, BILLING
version INT YES Version number (1,2,3,…)
is_active BOOLEAN YES Current active version flag
target_module VARCHAR(100) YES Receiving module (e.g., ehr-patient-mgmt, billing-claims)
schema_json JSON YES JSON schema for fields, types, validations
mapping_config_json JSON NO Mapping to backend fields (e.g., FHIR, internal tables)
requires_signature BOOLEAN YES Whether e-signature is required
signature_method VARCHAR(50) NO OTP, drawn, UAE_PASS, if signature required
effective_from DATE NO Start date
effective_to DATE NO End date (for retired forms)

Sample Data

form_template_id name_en name_ar category version is_active target_module requires_signature signature_method
PREREG_ADULT Pre-Registration – Adult استمارة التسجيل المسبق – بالغ PREREG 3 TRUE ehr-patient-mgmt FALSE NULL
MED_HISTORY_BASIC Medical History التاريخ الطبي CLINICAL 2 TRUE ehr-patient-mgmt FALSE NULL
CONSENT_TELEHEALTH Telehealth Consent موافقة التطبيب عن بُعد CONSENT 1 TRUE patient-consent TRUE OTP
CONSENT_DATA_SHARING Consent for Data Sharing with NABIDH/Malaffi موافقة مشاركة البيانات مع نبض/ملفي CONSENT 1 TRUE patient-consent TRUE UAE_PASS
BILLING_FINANCIAL_AGREEMENT Financial Responsibility Agreement اتفاقية المسؤولية المالية BILLING 1 TRUE billing-claims TRUE OTP

Data Governance

  • Owner: Portal Administrator (technical), with each form’s content owned by relevant department (e.g., HIM, Legal, Billing).
  • Approval:
  • Clinical forms: Clinical Governance Committee.
  • Consent forms: Legal + DPO + HIM.
  • Billing forms: Finance / Revenue Cycle.
  • Update Frequency:
  • As policies change; at least annual review for consents and PDPL-related forms.
  • Change Process: 1. Department submits change request with updated wording and requirements. 2. Legal/DPO review for PDPL and DOH/DHA/MOH compliance (especially for data sharing and telehealth). 3. Form template updated and version incremented; previous version set is_active = FALSE with effective_to. 4. Regression testing in UAT to ensure mappings are correct. 5. Communication to front-line staff.

Validation Rules

  • form_template_id unique, uppercase alphanumeric with underscores.
  • Only one is_active = TRUE per (form_template_id logical family, category) at a time.
  • requires_signature = TRUE implies signature_method in {OTP, drawn, UAE_PASS}.
  • effective_from <= effective_to when both present.
  • schema_json must be valid JSON and pass schema validation in admin UI.

MD-PPT-004: Notification Templates

Purpose

Templates for email, SMS, and push notifications sent by the portal (appointment reminders, result availability, message alerts, payment confirmations, PDPL notices). Must support placeholders and bilingual content.

Logical Table: notification_templates

Schema

Field Type Required Description
template_id VARCHAR(50) YES Unique ID (e.g., APPT_REMINDER_SMS)
name_en VARCHAR(200) YES Template name (EN)
name_ar VARCHAR(200) YES Template name (AR)
channel VARCHAR(20) YES EMAIL, SMS, PUSH
subject_en VARCHAR(200) NO Email subject (EN); null for SMS/PUSH if not used
subject_ar VARCHAR(200) NO Email subject (AR)
body_en TEXT YES Body with placeholders (EN)
body_ar TEXT YES Body with placeholders (AR)
is_active BOOLEAN YES Active flag
category VARCHAR(50) YES APPOINTMENT, RESULT, BILLING, MESSAGING, SECURITY, CONSENT
requires_opt_in BOOLEAN YES Whether PDPL opt-in is required for this channel/category
default_opt_in BOOLEAN YES Default opt-in status at registration
last_reviewed_date DATE NO Last review date

Sample Data

template_id name_en name_ar channel category requires_opt_in default_opt_in
APPT_REMINDER_SMS Appointment Reminder (SMS) تذكير بالموعد (رسالة نصية) SMS APPOINTMENT TRUE TRUE
RESULT_AVAILABLE_PUSH New Result Available (Push) توفر نتيجة جديدة (إشعار) PUSH RESULT TRUE TRUE
BILL_PAYMENT_RECEIPT_EMAIL Payment Receipt إيصال الدفع EMAIL BILLING TRUE TRUE
MSG_NEW_INBOX_EMAIL New Secure Message رسالة آمنة جديدة EMAIL MESSAGING TRUE TRUE
SECURITY_LOGIN_ALERT_EMAIL New Login Alert تنبيه تسجيل دخول جديد EMAIL SECURITY FALSE TRUE

Data Governance

  • Owner: Portal Administrator.
  • Approval:
  • Content: Communications Lead.
  • PDPL-related text and opt-in flags: DPO / Compliance.
  • Update Frequency: Quarterly review; ad-hoc for new workflows.
  • Change Process: 1. Request from business owner (e.g., Billing for payment receipts). 2. Draft prepared and validated for placeholders. 3. Legal/Compliance review for PDPL and DOH/DHA/DHCC messaging rules. 4. Update in admin UI; test with sample notifications. 5. Notify support and update SOPs.

Validation Rules

  • template_id unique.
  • channel in {EMAIL, SMS, PUSH}.
  • If requires_opt_in = TRUE, template must be mapped to a preference flag in portal_preferences.
  • Placeholders must follow standard syntax (e.g., {{patient_name}}, {{appointment_datetime}}) and be documented.
  • last_reviewed_date within 12 months for is_active = TRUE (flag for review otherwise).

MD-PPT-005: Result Release Rules

Purpose

Defines when and how lab results, radiology reports, and clinical notes are released to patients via the portal, including delays for sensitive results and compliance with DOH/DHA/MOH policies and UAE PDPL transparency requirements.

Logical Table: result_release_rules

Schema

Field Type Required Description
rule_id VARCHAR(50) YES Unique rule ID (e.g., LAB_DEFAULT_24H)
result_type VARCHAR(50) YES LAB, RADIOLOGY, NOTE, PATHOLOGY
sub_type VARCHAR(100) NO e.g., HIV, ONCOLOGY, PSYCHIATRY, GENETIC
facility_id BIGINT NO FK to facilities; null = default for all
delay_hours INT YES Delay after finalization before release (0 = immediate)
auto_release BOOLEAN YES Whether auto-release is enabled
require_provider_ack BOOLEAN YES Whether provider must acknowledge before release
is_sensitive BOOLEAN YES Whether considered sensitive under policy
notes TEXT NO Policy notes / references
is_active BOOLEAN YES Active flag

Sample Data

rule_id result_type sub_type facility_id delay_hours auto_release require_provider_ack is_sensitive
LAB_DEFAULT_24H LAB NULL NULL 24 TRUE FALSE FALSE
LAB_CRITICAL_NO_AUTO LAB CRITICAL NULL 0 FALSE TRUE TRUE
RAD_DEFAULT_48H RADIOLOGY NULL NULL 48 TRUE FALSE FALSE
PATH_ONCOLOGY_72H PATHOLOGY ONCOLOGY NULL 72 TRUE TRUE TRUE
NOTE_PSYCHIATRY_NO_PORTAL NOTE PSYCHIATRY NULL 0 FALSE FALSE TRUE

Data Governance

  • Owner: Medical Director / HIM.
  • Approval: Medical Executive Committee; Compliance for PDPL transparency.
  • Update Frequency: Annual review; ad-hoc when regulations or institutional policy change.
  • Change Process: 1. Policy change proposed by HIM/Clinical Governance. 2. Impact analysis on patient safety and provider workflow. 3. Approval by Medical Executive Committee. 4. Configuration update and testing in non-production. 5. Communication to clinicians and patients (via portal content).

Validation Rules

  • result_type in {LAB, RADIOLOGY, NOTE, PATHOLOGY}.
  • delay_hours >= 0.
  • If auto_release = FALSE and require_provider_ack = FALSE, result will never appear in portal; such rules must be explicitly approved and documented.
  • For sensitive categories (e.g., HIV, genetic tests), is_sensitive = TRUE and either delay_hours > 0 or auto_release = FALSE.

MD-PPT-006: Supported Languages

Purpose

Defines which languages are available in the portal and mobile apps, and which is the default. Supports bilingual EN/AR at minimum and RTL layout for Arabic.

Logical Table: supported_languages

Schema

Field Type Required Description
language_code VARCHAR(10) YES ISO 639-1 code (e.g., en, ar)
display_name_en VARCHAR(100) YES Language name (EN)
display_name_ar VARCHAR(100) YES Language name (AR)
is_default BOOLEAN YES Default language for new accounts
is_rtl BOOLEAN YES Whether layout is right-to-left
is_active BOOLEAN YES Active flag
sort_order INT NO Display order

Sample Data

language_code display_name_en display_name_ar is_default is_rtl is_active
en English الإنجليزية TRUE FALSE TRUE
ar Arabic العربية FALSE TRUE TRUE
hi Hindi الهندية FALSE FALSE TRUE
ur Urdu الأردية FALSE FALSE TRUE
tl Tagalog التاغالوغ FALSE FALSE TRUE

Data Governance

  • Owner: Portal Administrator.
  • Approval: CIO + Patient Experience Lead.
  • Update Frequency: Rare; when adding/removing languages.
  • Change Process: 1. Business case for new language (patient demographics, DOH/DHA guidance). 2. Approval by leadership. 3. Translation of key content and UI strings. 4. Update supported_languages and deploy translations.

Validation Rules

  • At least one language with is_default = TRUE.
  • Only one is_default = TRUE at any time.
  • is_rtl = TRUE only for languages requiring RTL (e.g., ar).
  • language_code unique and valid ISO code.

MD-PPT-007: Telehealth Platforms & Config

Purpose

Defines telehealth platform configuration used by the portal for video visits (WebRTC, vendor URLs, supported platforms).

Logical Table: telehealth_platforms

Schema

Field Type Required Description
platform_id VARCHAR(50) YES Unique ID (e.g., WEBRTC_DEFAULT)
name VARCHAR(200) YES Platform name
vendor VARCHAR(200) NO Vendor name
base_url VARCHAR(500) YES Base URL for telehealth sessions
supported_clients VARCHAR(200) YES e.g., Web,iOS,Android
is_default BOOLEAN YES Default platform
is_active BOOLEAN YES Active flag
notes TEXT NO Configuration notes (TURN/STUN, encryption, etc.)

Sample Data

platform_id name vendor base_url supported_clients is_default is_active
WEBRTC_DEFAULT WebRTC Telehealth Gates Telehealth https://telehealth.gateshealth.ae Web,iOS,Android TRUE TRUE
VENDOR_BACKUP Vendor Telehealth Backup UAE Telehealth Co. https://video.uaetelehealth.ae Web FALSE TRUE

Data Governance

  • Owner: IT / Telehealth Program Manager.
  • Approval: CIO; Information Security for ADHICS/NESA compliance.
  • Update Frequency: As vendor or configuration changes.
  • Change Process: 1. Technical evaluation and security review. 2. Pilot testing with clinicians. 3. Update configuration and mapping in scheduling/telehealth workflows.

Validation Rules

  • Only one is_default = TRUE.
  • base_url must be HTTPS.
  • supported_clients subset of allowed values {Web, iOS, Android}.

MD-PPT-008: Payment Methods & Gateways

Purpose

Defines which payment methods are available in the portal and how they map to payment gateways and billing system codes.

Logical Table: payment_methods

Schema

Field Type Required Description
payment_method_code VARCHAR(20) YES e.g., VISA, MASTERCARD, APPLEPAY, BANK_TRANSFER
display_name_en VARCHAR(100) YES English display name
display_name_ar VARCHAR(100) YES Arabic display name
gateway_id VARCHAR(50) YES FK to payment_gateways.gateway_id
is_active BOOLEAN YES Active flag
is_default BOOLEAN YES Default method for UI ordering
surcharge_percent DECIMAL(5,2) NO Optional surcharge (if allowed by policy)
notes TEXT NO Notes on usage or restrictions

Logical Table: payment_gateways

Field Type Required Description
gateway_id VARCHAR(50) YES Unique ID (e.g., GATEWAY_NETWORK_INTL)
name VARCHAR(200) YES Gateway name
provider VARCHAR(200) YES Provider (e.g., Network International, Stripe MENA)
api_base_url VARCHAR(500) YES API base URL
currency VARCHAR(10) YES e.g., AED
is_active BOOLEAN YES Active flag
pci_dss_cert_expiry DATE NO PCI DSS certificate expiry date

Sample Data

payment_gateways

gateway_id name provider api_base_url currency is_active
GATEWAY_NETWORK_INTL Network International Gateway Network International https://api.networkintl.ae AED TRUE

payment_methods

payment_method_code display_name_en display_name_ar gateway_id is_active is_default
VISA Visa Card بطاقة فيزا GATEWAY_NETWORK_INTL TRUE TRUE
MASTERCARD Mastercard بطاقة ماستركارد GATEWAY_NETWORK_INTL TRUE FALSE
APPLEPAY Apple Pay أبل باي GATEWAY_NETWORK_INTL TRUE FALSE
BANK_TRANSFER Bank Transfer تحويل بنكي GATEWAY_NETWORK_INTL FALSE FALSE
CASH_COUNTER Cash at Hospital Counter الدفع نقداً في المستشفى NULL TRUE FALSE

Data Governance

  • Owner: Revenue Cycle Manager.
  • Approval: CFO; IT Security for gateway.
  • Update Frequency: On contract or policy changes.
  • Change Process: 1. Finance negotiates payment gateway contracts. 2. IT configures gateway and tests. 3. Portal Administrator updates payment_methods and payment_gateways. 4. Communication to patients if methods added/removed.

Validation Rules

  • currency must be AED for UAE billing.
  • api_base_url must be HTTPS.
  • At least one active online method when Bill View & Online Payment feature is enabled.
  • surcharge_percent must comply with UAE Central Bank rules (often 0).

MD-PPT-009: Appointment Types & Visit Reasons (Portal)

Purpose

Defines which appointment types and visit reasons are available for booking via the portal, and how they map to scheduling system codes.

Logical Table: portal_appointment_types

Schema

Field Type Required Description
portal_appt_type_id VARCHAR(50) YES Unique ID (e.g., NEW_VISIT, FOLLOW_UP, TELEHEALTH)
display_name_en VARCHAR(200) YES English label
display_name_ar VARCHAR(200) YES Arabic label
scheduling_appt_type_code VARCHAR(50) YES Code used in scheduling module
is_telehealth BOOLEAN YES Whether this is a telehealth visit
requires_referral BOOLEAN YES Whether referral is required
is_active BOOLEAN YES Active flag
sort_order INT NO Display order

Logical Table: portal_visit_reasons

Field Type Required Description
visit_reason_id VARCHAR(50) YES Unique ID (e.g., DIABETES_FOLLOWUP)
display_name_en VARCHAR(200) YES English label
display_name_ar VARCHAR(200) YES Arabic label
specialty_en VARCHAR(200) NO Suggested specialty (EN)
specialty_ar VARCHAR(200) NO Suggested specialty (AR)
is_active BOOLEAN YES Active flag

Sample Data

portal_appointment_types

portal_appt_type_id display_name_en display_name_ar scheduling_appt_type_code is_telehealth requires_referral is_active
NEW_VISIT New Visit زيارة جديدة NEW FALSE FALSE TRUE
FOLLOW_UP Follow-up Visit زيارة متابعة FUP FALSE FALSE TRUE
TELEHEALTH Telehealth Visit زيارة تطبيب عن بُعد TH TRUE FALSE TRUE
PROCEDURE Procedure إجراء PROC FALSE TRUE TRUE

portal_visit_reasons

visit_reason_id display_name_en display_name_ar specialty_en specialty_ar is_active
DIABETES_FOLLOWUP Diabetes follow-up متابعة مرض السكري Endocrinology الغدد الصماء TRUE
CHILD_VACCINATION Child vaccination تطعيم الطفل Pediatrics طب الأطفال TRUE
SKIN_RASH Skin rash طفح جلدي Dermatology الأمراض الجلدية TRUE
CHEST_PAIN Chest pain (non-emergency) ألم في الصدر (غير طارئ) Cardiology أمراض القلب TRUE
GENERAL_CHECKUP General check-up فحص عام Family Medicine طب الأسرة TRUE

Data Governance

  • Owner: Scheduling Manager.
  • Approval: Ambulatory Medical Director.
  • Update Frequency: Quarterly or as new services are added.
  • Change Process: 1. Service line requests new appointment type or visit reason. 2. Scheduling and Clinical leads review capacity and triage implications. 3. Update configuration and test booking flows.

Validation Rules

  • scheduling_appt_type_code must exist in scheduling system.
  • is_telehealth = TRUE only if telehealth platform configured and provider telehealth-enabled.
  • Visit reasons flagged as potentially urgent (e.g., chest pain) must display emergency disclaimer in portal content.

MD-PPT-010: Proxy Relationship Types & Access Levels

Purpose

Defines allowed proxy relationships (e.g., parent, guardian, caregiver) and associated access levels to dependent patient records, in line with UAE legal requirements and PDPL.

Logical Table: proxy_relationship_types

Schema

Field Type Required Description
relationship_code VARCHAR(50) YES e.g., PARENT, LEGAL_GUARDIAN, SPOUSE, CAREGIVER
display_name_en VARCHAR(100) YES English label
display_name_ar VARCHAR(100) YES Arabic label
description_en TEXT NO Description (EN)
description_ar TEXT NO Description (AR)
default_access_level VARCHAR(50) YES e.g., FULL, LIMITED, APPOINTMENTS_ONLY
is_minor_only BOOLEAN YES Whether applicable only when dependent <18
requires_documentation BOOLEAN YES Whether legal docs required (e.g., custody)
is_active BOOLEAN YES Active flag

Sample Data

relationship_code display_name_en display_name_ar default_access_level is_minor_only requires_documentation
PARENT Parent والد/والدة FULL TRUE TRUE
LEGAL_GUARDIAN Legal Guardian الوصي القانوني FULL TRUE TRUE
SPOUSE Spouse زوج/زوجة LIMITED FALSE FALSE
CAREGIVER Caregiver مقدم رعاية APPOINTMENTS_ONLY FALSE TRUE
OTHER_RELATIVE Other Relative قريب آخر LIMITED TRUE TRUE

Data Governance

  • Owner: Compliance Officer.
  • Approval: Legal Counsel.
  • Update Frequency: Rare; when legal or policy changes.
  • Change Process: 1. Legal review of UAE federal and emirate-level regulations. 2. Update relationship types and access levels. 3. Update portal content explaining proxy access.

Validation Rules

  • default_access_level in {FULL, LIMITED, APPOINTMENTS_ONLY}.
  • is_minor_only = TRUE only for relationships applicable to minors.
  • requires_documentation = TRUE for any relationship granting FULL access.

MD-PPT-011: Portal Feature Toggles & Access Policies

Purpose

Controls which portal features are enabled per facility or globally (e.g., telehealth, online payments, messaging) and any access constraints.

Logical Table: portal_feature_toggles

Schema

Field Type Required Description
feature_code VARCHAR(50) YES e.g., APPOINTMENTS, MESSAGING, TELEHEALTH, PAYMENTS, RESULTS
facility_id BIGINT NO FK to facilities; null = global default
is_enabled BOOLEAN YES Whether feature is enabled
min_patient_age INT NO Minimum age to use feature (e.g., messaging)
notes TEXT NO Policy notes
last_updated_by BIGINT NO FK to users.user_id
last_updated_at TIMESTAMP NO Timestamp of last change

Sample Data

feature_code facility_id is_enabled min_patient_age
APPOINTMENTS NULL TRUE 0
MESSAGING NULL TRUE 16
TELEHEALTH 10 TRUE 0
TELEHEALTH 11 FALSE NULL
PAYMENTS NULL TRUE 0
RESULTS NULL TRUE 0

Data Governance

  • Owner: Portal Administrator.
  • Approval: CIO + relevant clinical/business owners.
  • Update Frequency: As services roll out or change.
  • Change Process: 1. Request from service line or leadership. 2. Risk and capacity assessment. 3. Configuration update and testing. 4. Communication to patients and staff.

Validation Rules

  • If facility-specific record exists, it overrides global (facility_id = NULL) for that facility.
  • min_patient_age must be >= 0; if null, no age restriction.

Purpose

Stores the exact texts for PDPL consent, privacy notice, and data subject rights information presented to patients during registration and in profile settings.

Logical Table: consent_texts

Schema

Field Type Required Description
consent_code VARCHAR(50) YES e.g., PDPL_GENERAL, MARKETING_OPTIN, HIE_SHARING
title_en VARCHAR(200) YES Title (EN)
title_ar VARCHAR(200) YES Title (AR)
body_en TEXT YES Full text (EN)
body_ar TEXT YES Full text (AR)
version INT YES Version number
is_active BOOLEAN YES Active flag
requires_explicit_opt_in BOOLEAN YES Whether explicit opt-in is required
valid_from DATE YES Effective date
valid_to DATE NO End date

Sample Data

consent_code title_en title_ar version requires_explicit_opt_in
PDPL_GENERAL General Data Processing Consent موافقة عامة على معالجة البيانات 1 TRUE
MARKETING_OPTIN Consent for Marketing Communications موافقة على الاتصالات التسويقية 1 TRUE
HIE_SHARING Consent for Sharing Data with NABIDH/Malaffi موافقة على مشاركة البيانات مع نبض/ملفي 1 TRUE

Data Governance

  • Owner: Data Protection Officer.
  • Approval: Legal Counsel.
  • Update Frequency: On PDPL or policy changes; review at least annually.
  • Change Process: 1. Legal drafts updated text. 2. DPO approves. 3. New version created; old version set valid_to. 4. Portal prompts existing users to re-consent if required.

Validation Rules

  • Only one is_active = TRUE per consent_code.
  • valid_from <= valid_to when valid_to not null.
  • requires_explicit_opt_in = TRUE for any non-essential processing (e.g., marketing).

MD-PPT-013: NABIDH/Malaffi Sharing Preferences Codes

Purpose

Defines patient-facing options for sharing data with emirate HIEs (NABIDH in Dubai, Malaffi in Abu Dhabi), aligned with DOH/DHA policies and PDPL.

Logical Table: hie_sharing_preferences

Schema

Field Type Required Description
preference_code VARCHAR(50) YES e.g., SHARE_ALL, SHARE_LIMITED, OPT_OUT
display_name_en VARCHAR(200) YES English label
display_name_ar VARCHAR(200) YES Arabic label
description_en TEXT NO Description (EN)
description_ar TEXT NO Description (AR)
is_default BOOLEAN YES Default choice (subject to regulator rules)
is_active BOOLEAN YES Active flag

Sample Data

preference_code display_name_en display_name_ar is_default
SHARE_ALL Share my health information with NABIDH/Malaffi مشاركة معلوماتي الصحية مع نبض/ملفي TRUE
SHARE_LIMITED Share only summary information مشاركة المعلومات الملخصة فقط FALSE
OPT_OUT Do not share my information (where allowed by law) عدم مشاركة معلوماتي (حيثما يسمح القانون) FALSE

Data Governance

  • Owner: Integration Team + DPO.
  • Approval: CIO + Legal + Compliance.
  • Update Frequency: When DOH/DHA HIE policies change.
  • Change Process: 1. Review updated NABIDH/Malaffi participation rules. 2. Adjust options and defaults accordingly. 3. Communicate changes to patients and update consent texts.

Validation Rules

  • Exactly one is_default = TRUE.
  • Options must align with regulator requirements; OPT_OUT may be disabled if not permitted for certain data types.

Configuration Parameters

Key system configuration settings for the patient portal & mobile app.

Parameter Type Default Description Governance
max_results_per_search Integer 50 Max search results returned for provider/appointment searches Portal Administrator
session_timeout_minutes Integer 20 Inactivity timeout for portal sessions IT Security (ADHICS/NESA)
max_failed_logins_before_lock Integer 5 Number of failed login attempts before account lock IT Security
password_min_length Integer 10 Minimum password length if not using UAE Pass IT Security
enable_uae_pass_login Boolean TRUE Enable UAE Pass SSO for authentication CIO / DPO
enable_biometric_auth_mobile Boolean TRUE Enable biometric login on mobile apps CIO
default_language_code String en Default UI language for new accounts Portal Administrator
enable_push_notifications Boolean TRUE Enable push notifications for mobile apps Portal Administrator
result_release_default_delay_hours Integer 24 Default delay for non-sensitive lab results Medical Director / HIM
telehealth_precheck_required Boolean TRUE Require device check before joining telehealth session Telehealth Program Manager
payment_min_amount_aed Decimal 1.00 Minimum online payment amount Revenue Cycle Manager
enable_marketing_notifications Boolean FALSE Whether marketing notifications are enabled in portal DPO / Marketing
max_attachment_size_mb Integer 10 Max size for uploaded attachments in messages/forms IT
allowed_attachment_types String pdf,jpg,jpeg,png Allowed file extensions IT Security
mfa_required Boolean TRUE Require multi-factor authentication for login IT Security / DPO

Data Load Procedures

1. Initial Load

Portal Content (MD-PPT-001)

  • Import from CSV/JSON prepared by Communications team.
  • Fields: content_id, slug, title_en, title_ar, body_en, body_ar, category, is_public, sort_order.
  • Validation:
  • Check uniqueness of content_id and slug.
  • Ensure bilingual titles and bodies present.

Provider Profiles (MD-PPT-002)

  • Source: export from providers table + HR/Marketing spreadsheets.
  • Import format: CSV or JSON via admin API.
  • Validation:
  • provider_id exists in providers.
  • primary_facility_id exists in facilities.
  • Required bilingual fields populated.

Form Templates (MD-PPT-003)

  • Source: JSON files per template (schema + mapping).
  • Import via admin UI or API.
  • Validation:
  • JSON schema passes internal validator.
  • target_module matches known module IDs.
  • Signature requirements consistent with consent type.

Notification Templates (MD-PPT-004)

  • Source: CSV/JSON from Communications.
  • Validation:
  • Placeholders match documented list.
  • PDPL-related templates reviewed by DPO.

Result Release Rules (MD-PPT-005)

  • Source: HIM policy document converted to CSV.
  • Validation:
  • No conflicting rules for same result_type/sub_type/facility_id.
  • Sensitive categories flagged correctly.

Supported Languages (MD-PPT-006)

  • Manually configured via admin UI.
  • Ensure at least en and ar active.

Telehealth Platforms (MD-PPT-007)

  • Manually configured by IT.
  • Test connectivity and encryption.

Payment Methods & Gateways (MD-PPT-008)

  • Source: Finance/IT configuration.
  • Test transactions in sandbox environment.

Appointment Types & Visit Reasons (MD-PPT-009)

  • Source: Scheduling system export.
  • Map to portal-specific IDs.

Proxy Relationship Types (MD-PPT-010)

  • Source: Legal/Compliance policy.
  • Manual entry or CSV import.

Feature Toggles (MD-PPT-011)

  • Initial configuration based on go-live scope.
  • Manual via admin UI.

Consent Texts (MD-PPT-012)

  • Source: Legal-approved documents.
  • Import as HTML/markdown text.

HIE Sharing Preferences (MD-PPT-013)

  • Source: DOH/DHA guidance.
  • Manual configuration.

2. Ongoing Synchronization

  • Provider Profiles:
  • Daily sync from HR/credentialing system for status, specialty, facility.

  • Marketing content (bio, photo) updated as needed via admin UI.

  • Form Templates:

  • Versioned updates; old versions retained for audit.

  • Changes triggered by policy updates.

  • Notification Templates:

  • Rare changes; tracked via change management.

  • Result Release Rules:

  • Updated when clinical policies change; require governance approval.

  • Payment Gateways:

  • Monitor pci_dss_cert_expiry; alert before expiry.

  • Consent Texts & HIE Preferences:

  • Updated when PDPL or HIE policies change; may trigger re-consent flows.

3. Import/Export Formats

  • CSV: For bulk administrative data (provider profiles, appointment types, visit reasons).
  • JSON: For complex structures (form templates, mapping configs).
  • API:
  • FHIR R4 for clinical data (not master data itself but used by portal).
  • Internal REST APIs for admin operations (create/update master data).

4. Validation on Import

  • Schema validation (required fields, data types).
  • Referential integrity checks against shared entities (providers, facilities, users).
  • Business rule validation (e.g., only one default language, one default HIE preference).
  • Dry-run mode for bulk imports to show errors without committing.
  • Audit logging of all master data changes (who, when, before/after values) to support PDPL accountability.

This specification provides the master data and configuration foundation for the Patient Portal & Mobile App module. Application tables such as portal_accounts, portal_sessions, portal_messages, etc., are transactional and defined in the data model documentation, not as master data here.

← Previous Patient Portal & Mobile App Integration Specifications Next → Patient Portal & Mobile App KPIs & Reporting
content/portals/patient-portal/06-master-data.md Generated 2026-02-20 22:54