The balance of industry special needs in the functional design of hospital information SaaS platform

On the one hand, there is an innovative demand to improve diagnosis and treatment efficiency and optimize patient experience, and on the other hand, there are rigid constraints such as regulatory red lines, medical insurance policies, and privacy protection. This article will deeply explore the implementation path of this balancing act from three dimensions: functional transformation of compliance requirements, scenario implementation of innovation space, and analysis of practical cases, and provide ideas and references for the design of hospital information SaaS platforms.

Compared with traditional HIS (hospital information system), the SaaS model has quickly become a new choice for medical institutions at all levels with the advantages of multi-tenant shared architecture, pay-as-you-go flexible model, rapid iteration of technical features, and near-zero local O&M costs.

However, the particularity of the medical industry is that it is not only a field that relies highly on technological innovation, but also a strictly regulated life safety industry. On the one hand, there are innovative demands to improve diagnosis and treatment efficiency and optimize patient experience, and on the other hand, there are rigid constraints such as regulatory red lines, medical insurance policies, and privacy protection. This article will discuss the implementation path of this balancing technique from the three dimensions of functional transformation of compliance requirements, the implementation of innovation space scenarios, and the analysis of practical cases, combined with specific technical implementation and scenario details.

1. Strong regulatory characteristics of the medical industry

The regulatory system of the medical industry is like a sophisticated network, containing both rigid laws and regulations and dynamically adjusted policy norms, which together constitute the design boundary of the hospital information SaaS platform. Any functional design that deviates from this boundary may cause the system to fail regulatory acceptance at best, or may cause medical disputes or policy risks.

1. Laws and regulations

Medical data is directly related to patients’ life, health and privacy, and relevant laws and regulations have built a strict protection net. The Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law (hereinafter referred to as the three laws) constitute the basic framework of data security – for example, patient medical records are sensitive personal information, and their collection must be clearly informed of the purpose and separate consent must be obtained, AES-256 encryption must be used for transmission, and the minimum necessary principles must be met for storage (such as the time limit of 15 years for outpatient medical records and 30 years for inpatient medical records); If cross-institutional sharing is involved (such as data exchange within regional medical consortia), it is also necessary to pass a security assessment organized by the local health commission, and the scope of data use and the division of responsibilities must be clarified in the sharing agreement.

At the level of medical operation specifications, the “Electronic Medical Record Application Management Specification (Trial)” puts forward refined requirements for core medical behaviors. Among them, the modification trace is the insurmountable bottom line of the electronic medical record module: not only to record the modifier and modification time, but also to completely save the content comparison before and after the modification, and even require that the electronic medical record of the same patient be updated synchronously in different systems, the modification trajectory of each system must be retained. This ultimate pursuit of traceability is fundamentally different from the document management system of ordinary enterprises – for example, the document modification of the enterprise OA system may only need to record who changed it, while the modification record of the electronic medical record needs to answer who changed what in what scenario and why.

2. Medical insurance policy

Medical insurance policy is the economic baton of medical services and is in continuous iteration. In recent years, the reform of DRG (grouping by disease diagnosis)/DIP (payment by disease score) payment method has been promoted nationwide, which has completely changed the operation logic of hospitals – from charging by project to paying by value, which puts forward extremely high requirements for the real-time response ability of hospital information systems.

How can product managers do a good job in B-end digitalization?
All walks of life have taken advantage of the ride-hail of digital transformation and achieved the rapid development of the industry. Since B-end products are products that provide services for enterprises, how should enterprises ride the digital ride?

View details >

Specifically, a province will refine the DRG grouping from 1008 groups to 1289 groups in 2024, adding 32 new rare disease groups, which means that the system needs to complete the grouper algorithm update, disease code mapping and settlement logic adjustment within one month; In the adjustment of the DIP score table in 2025 of a municipality directly under the Central Government, the score of laser treatment for diabetic retinopathy will be raised from 800 points to 1200 points, which will directly affect the hospital’s disease priorities and resource allocation. These adjustments require that the financial management, diagnosis and treatment coding modules of the SaaS platform must have the rapid response ability of policy awareness, rule update, and functional adaptation, otherwise it may lead to the hospital’s medical insurance settlement error rate exceeding 5% and face the risk of fund refusal – a tertiary hospital once caused a monthly refusal amount of 3 million yuan due to DRG grouping errors, which has also become a warning in the industry that attaches importance to the responsiveness of medical insurance policies.

2. Functional transformation of compliance requirements

Compliance is not passive compliance, but rather the transformation of constraints into system capabilities through functional design. In the hospital information SaaS platform, the electronic medical record and financial management module is the core carrier for the implementation of compliance requirements, and its design quality directly determines the compliance cost and operational efficiency of the hospital.

1. Electronic medical record module

Electronic medical records are digital evidence of medical behavior, and their standardization directly affects medical quality and dispute resolution. Based on the “Electronic Medical Record Application Management Specification”, the functional design needs to focus on solving three problems: who can change (authority boundary), how to change (operation specification), and how to trace the change (trajectory retention).

1) Permission management

The system needs to set up three-dimensional permissions according to the medical staff’s professional qualifications, job roles, and diagnosis and treatment scenarios, which not only avoids overstepping their authority, but also ensures the continuity of diagnosis and treatment in emergencies. The specific design is as follows:

• Qualification dimension: Interns can only create medical records to be reviewed, and the content must be electronically signed by the attending physician or above. Doctors need to be additionally bound to the scope of the training department and can only create medical records in authorized departments.
• Position dimension: Residents can modify the medical records created by themselves within 24 hours, but the modification of core fields such as main diagnostic and surgical methods must be authorized by the department director (the authorization records are synchronized in the system log); The head nurse can only modify the nursing record module and cannot touch the content related to medical diagnosis.
• Scenario dimension: In the emergency scenario, the doctor on duty is allowed to record first and then sign (for example, only key vital signs and disposal measures need to be entered when rescue), but the system will automatically mark the emergency supplementary label and limit the time limit for resignation (such as within 6 hours, if the time is over, a written explanation needs to be submitted for approval by the medical department); In the consultation scenario, invited experts can add consultation opinions to the hospital system, but cannot modify the record content of the original department doctor.

2) Modify the marks

The modification record of ordinary documents may only contain the modifier + time, but the electronic medical record needs to realize full element traceability to ensure that any modification can be restored to the specific scene. Specifically, it includes:

• Content level: Adopt a version tree structure, automatically save the original version after each modification (version naming rules are modifier by-modification time-modification type, such as Zhang XX-20250610-14:30-diagnosis supplement), and support word-by-word comparison between the current version and any historical version (similar to the red mode of paper plagiarism checking, new content marked in green, deleted content marked in red, modified content marked in yellow);
• Operational level: record the login device (IP address, device number, distinguish between fixed terminals in the hospital and mobile ward round equipment), operation duration (time from opening to saving, used to judge whether there is a suspicion of rapid tampering), and even related to the diagnosis and treatment scenario at that time (such as automatically marking the modification of surgical records 2 hours after surgery through the operation end time field in the HIS system);
• Special Scenario Handling: If the entire paragraph is deleted due to an input error, the system will not only retain the text before deletion, but also force the entry of the deletion reason (need to be selected from the preset options, such as duplicate recording terminology errors conflicting with check results, etc., custom input is not allowed). If the same field is modified more than 3 times in a row, the system will automatically trigger an abnormal modification warning and push a prompt to the department’s quality controller.

3) Identity verification

For key operations such as electronic signatures, two-factor authentication needs to be used to design a layered scheme based on the actual management needs of the hospital:

• Basic layer: suitable for daily outpatient medical record signature, using password + mobile phone verification code (the verification code is sent by the hospital SMS gateway and bound to the doctor’s work number);
• Advanced level: suitable for core documents such as surgical records and discharge summaries, supporting USBKey (digital certificates are issued by the National Health Commission and updated quarterly) or fingerprint recognition (linked with the professional qualification database of the hospital HR system to ensure the unity of people and certificates, and fingerprint permissions are frozen in real time if the doctor resigns);
• Emergency layer: In special scenarios such as night duty, if the authorized doctor is not in the hospital, the remote authorization function of the department director can be enabled (send a temporary authorization code through the mobile terminal of the platform, valid for 15 minutes, and can only be used to modify the current patient’s medical record, and one authorization corresponds to one operation).

2. Financial management module

The dynamic adjustment of medical insurance policies requires the financial management module to have the ability to configure rules, trace settlement, and early warning of errors, especially in the context of DRG/DIP reform, it is necessary to realize the transformation from post-accounting to pre-guidance, so as to help hospitals improve the efficiency of medical insurance fund use under the premise of compliance.

1) Medical insurance code database

Coding is the language of medical insurance settlement, and the accuracy of the coding library directly determines the settlement success rate. The specific design includes:

• Real-time synchronization: Connect to the coding database of the National Health Insurance Administration (such as ICD-10 disease code, CPT surgery code), and complete the iteration of the system code library within 24 hours after the policy update (using incremental update + full verification mechanism to avoid code loss caused by network delay).
• Intelligent mapping: The customized project of the department within the hospital (such as the special nursing package of a department containing 3 basic nursing operations) needs to establish a many-to-one mapping relationship with the medical insurance code, and the system will automatically prompt the item to correspond to 3 medical insurance reportable items, and it is recommended to give priority to sub-item A (reimbursement ratio of 80%), sub-item C (reimbursement ratio of 60%) may increase the patient’s out-of-pocket cost;
• Code verification: When the doctor issues a doctor’s order, if the entered disease code does not match the surgical code (e.g., acute appendicitis corresponds to cholecystectomy), the system will prompt a pop-up window prompting the coding logic conflict, which may affect the DRG grouping, and show the correct coding combination example (e.g., acute appendicitis corresponds to appendectomy).

2) Diagnosis and treatment behavior verification

Based on the DRG grouper or DIP score table of each province and city, the system needs to embed rule verification in the whole process of diagnosis and treatment to avoid unnecessary costs or grouping deviations. The specific scenarios are as follows:

• Outpatient stage: If the patient complains of chest pain, if the doctor prescribes a head CT scan, the system will indicate that the correlation between the symptom and the examination items is low (historical data matching degree <15%), which may increase non-essential costs (when the DRG is grouped as ‘chest pain to be checked’, head CT is not included in the scope of payment), and it is recommended to give priority to ‘electrocardiogram + myocardial enzyme profile’ (matching degree >80%);
• Hospitalization stage: For patients with pneumonia, if high-grade antibiotics (such as carbapenems) are used for 3 consecutive days, the system will automatically determine whether the patient’s blood routine indicators (white blood cell count, C-reactive protein) meet the antimicrobial use guidelines.
• Discharge stage: Automatically perform group compliance checks before settlement, such as whether the main diagnosis is the core diagnostic complication code of the DRG group is complete (e.g., whether diabetic patients include complications such as ‘diabetic nephropathy’), whether the length of hospitalization exceeds the baseline duration of the DRG group (e.g., the baseline is 7 days, and if it is currently 9 days, it will prompt ‘may affect the payment coefficient’), etc., to avoid grouping bias caused by code omissions.

3) Settlement and reporting

The compliance of the settlement process directly affects the return of medical insurance funds, and the system needs to simplify operations and ensure accurate data. The specific design includes:

• Automatic settlement: According to the patient’s medical insurance type (employee/resident/off-site) and medical treatment type (outpatient/inpatient), the corresponding reimbursement ratio is automatically applied to generate a detailed statement of medical insurance payment + personal self-payment (supports XML format export required by the Medical Insurance Bureau, and includes checkscode to prevent tampering);
• Difference analysis: Compared with the same period last month/previous year, the risk items of medical insurance refusal to pay are automatically marked (for example, the average cost of a certain disease increases by 15% year-on-year, exceeding the medical insurance early warning line by 10%, and the system will link to display the change in the composition of the cost: the proportion of examination fees has increased from 20% to 35%);
• Policy adaptation: When a province includes day surgery in DRG payment, the system can launch a special report for day surgery within 1 week, count indicators such as the average number of days of hospitalization (taking ≤ 24 hours) of disease coverage, and support the comparison with the cost structure of traditional inpatient surgery (for example, the daily bed fee for day surgery is reduced by 60%, but the proportion of preoperative examination fee is increased by 15%).

3. Innovation space under the compliance framework

Compliance is the bottom line, and innovation is the key to value enhancement. Without breaking through the red line of regulations, the hospital information SaaS platform can achieve innovative breakthroughs in triage efficiency, medical quality, clinical decision-making and other scenarios through AI, big data and other technologies, so that the technology can truly serve the core goal of patient-centeredness.

1. AI intelligent triage

Traditional triage relies on the subjective judgment of nurses, and is prone to the problem of wrong numbers and repeated queues (statistics from a tertiary hospital show that the wrong number rate of traditional triage is about 12%, resulting in patients waiting an average of 40 minutes longer). The core of AI intelligent triage is to use technology to assist decision-making, rather than replacing doctors’ judgments, and its functional design needs to take into account accuracy and compliance.

1) Symptom analysis

When patients enter symptoms through the platform applet, the system needs to deal with three types of common problems, and use NLP technology to transform fragmented expressions into standardized symptoms:

• Vague expression: If you are exhausted, the system will ask progressively (is it fatigue or pain?). Which part specifically? How long do symptoms last? ) gradually focused, and finally positioned to general fatigue (3 days) + muscle soreness;
• Dialect/colloquial: Support identifying colloquial expressions such as headache (corresponding to severe headache) and difficulty breathing (corresponding to dyspnea) (training data contains 300,000 dialect-standard terminology corresponding samples, covering major dialect areas across the country);
• Comorbid symptoms: When the patient describes cough + fever + chest pain at the same time, the system will rank them according to weight (chest pain is prioritized over cough because it may involve cardiac or pulmonary emergencies), and the degree of urgency is preliminarily judged based on the duration of symptoms (e.g., fever for 3 days + chest pain for 1 hour) (mark medium to high urgency, priority is recommended for emergency or cardiology).

2) Triage recommendation

The system’s recommendation logic should not only consider the matching degree of symptoms-departments, but also combine real-time medical resources to avoid departments with full referral numbers or long waiting lists. Specifically, it includes:

• Disease matching: By training 100,000+ standardized medical record data, calculate the probability of association between symptoms and diseases (such as abdominal pain + jaundice pointing to hepatobiliary surgery 85%, gastroenterology 12% probability), and show the matching degree of typical symptoms (such as 78% matching your symptoms with ‘cholecystitis’);
• Resource scheduling: display the actual number of patients in each department (for example, the current waiting list of 23 people in the gastroenterology department, expected to wait for 47 minutes), the doctor’s visit status (such as Dr. Zhang is good at gastritis, there are 5 number sources left today, and the next visit time is 10:30);
• Special groups: For the elderly, pregnant women, people with disabilities and other groups over 70 years old, the green channel of obstetrics and gynecology of the priority channel of geriatrics is automatically recommended, and the priority channel needs to be presented with relevant documents, and the system has reserved a 15-minute buffer time for you.

3) Human-machine collaboration

To avoid the limitations of AI triage (such as low symptom recognition accuracy for rare diseases), the system design needs to clarify the role of auxiliary positioning to ensure that doctors have the final decision-making power:

• Reception connection: When the doctor receives the consultation, the system automatically displays the patient’s self-reported symptoms + AI triage suggestions, and the doctor can correct the triage results through the confirmation/adjustment button (for example, if the AI recommends respiratory medicine, the doctor judges that it is allergic asthma, it can be adjusted to the allergy department, and the reason for the adjustment needs to be briefly recorded);
• Model optimization: Establish a feedback mechanism for triage accuracy, and the doctor’s adjustment record will be marked as sample data to optimize the AI model (for example, 3 consecutive abdominal pain is mistakenly judged as gastroenterology, but actually urology, the system will strengthen the characteristic weight of abdominal pain with frequency/urgency, and update the model parameters within 1 week).

2. Big data-driven medical quality improvement

The diagnosis and treatment data (such as medical records, examination results, and medication records) accumulated by the hospital information SaaS platform is a gold mine for improving medical quality. Through big data analysis, closed-loop management of quality index monitoring, risk prediction, and clinical decision support can be realized, and quality improvement can be changed from passive rectification to active prevention.

1) Quality index monitoring

Based on the core indicators of national medical quality (such as the incidence of surgical complications and average hospital stay), the system can customize the department-hospital level monitoring board, so that the quality data can be seen and traced:

• Real-time monitoring: The large screen in the operating room dynamically displays the pass rate of surgical aseptic operation on the day (counted through the confirmation field of the disinfection step in the surgical record, and marked as unqualified if not checked), and the sterilization compliance rate of the instrument package (linked with the disinfection supply center system, and the sterilization instruction is unqualified and immediately alarmed);
• Threshold warning: When the intensity of antibiotic use in a department exceeds 30DDDs for 7 consecutive days (the industry benchmark is 25DDDs), the system automatically sends an early warning text message to the department director and pushes the prescription details that exceed the standard in the past 3 days (marking specific issues such as the absence of drug susceptibility test basis for off-label drugs);
• Trend analysis: Quarterly quality reports were generated, and the misdiagnosis rate in the imaging department decreased by 23% (from 2% to 4.0%) after AI-assisted diagnosis, and the average hospital stay was shortened from 8.5 days to 6.8 days after the implementation of DRG payment.

2) Risk prediction

For risks such as postoperative complications and worsening of chronic diseases, the system can use machine learning to build predictive models and give intervention suggestions before risks occur:

• Postoperative risk: Based on 12 characteristics such as patient age, underlying disease, and duration of surgery, the risk of deep vein thrombosis after hip arthroplasty was predicted (model accuracy of 82%), and anticoagulant drugs were automatically suggested for high-risk patients to be recommended to use anticoagulants 2 hours before surgery and barometric therapy was started 6 hours after surgery.
• Chronic disease management: For diabetic patients, combined with blood sugar fluctuations (average blood glucose and standard deviation in the past 30 days), medication adherence (prescription implementation rate), and complication history, predict the risk of glycated hemoglobin exceeding the standard within 3 months, and push dietary adjustments (such as reducing refined carbohydrate intake) + medication reminders (such as insulin injection at 8 p.m. every Wednesday) to the patient’s mobile terminal (patients can independently choose SMS applet push and other receiving methods).

3) Clinical decision support

Based on evidence-based medical evidence and historical hospital data, provide doctors with personalized advice to reduce unreasonable diagnosis and treatment behaviors:

• Drug recommendation: If the patient has a history of penicillin allergy and prescribes antibiotics, the system will automatically exclude penicillin drugs, give priority to cephalosporins (negative skin test), and mark the drug resistance rate of the hospital in the past six months of 8%, which is lower than 15% of similar drugs;
• Examination path: For patients with suspected lung cancer, the system recommends a stepped examination path of low-dose CT→ biopsy → genetic testing according to the guidelines, and suggests that skipping CT and doing PET-CT directly may increase the non-essential cost by 3,000 yuan, and the medical insurance reimbursement ratio is reduced by 20%;
• Referral tip: When receiving patients with complex arrhythmias in community hospitals, the system will compare the referral rate of similar cases in the hospital with 75% in the past year, and recommend referral to the cardiology department of a higher-level hospital within 24 hours, and automatically generate a summary of the referral medical record (including key examination results and medication history, which meets the referral standards of the regional medical consortium).

4. The compliance-innovation landing path of the HIS platform of a tertiary hospital

The HIS platform designed by a leading medical informatization company for a tertiary hospital in East China has achieved a 40% reduction in compliance costs (from 2 million yuan to 1.2 million yuan per year), a 30% increase in outpatient efficiency (the average waiting time has been reduced from 67 minutes to 47 minutes), and a 15% optimization of medical quality indicators (the incidence of surgical complications has been reduced from 4.2% to 3.6%) through three years of iteration.

1. Electronic medical record module

In order to meet the requirements of modification traces, the platform adopts blockchain + version control technology: after each modification, key information (modified person, time, content hash value) is synchronously written to the hospital’s private chain (nodes include medical department, information department, and quality control office to ensure that multi-party certificates cannot be tampered with); At the same time, in order to reduce the operational burden of doctors, two innovative functions are designed:

• Voice entry: supports recording while consulting, and the voice is converted into a structured medical record in real time (such as the body temperature of 5°C is automatically filled in the vital sign field, and the cough with yellow phlegm is automatically classified into the symptom description), with an accuracy rate of more than 95% (the recognition accuracy of medical terms is 98%), and the doctor only needs to fine-tune it in the later stage, and the writing time is shortened by 60%;
• Template library classification: Provide editable templates according to common diseases (such as colds) – specialized diseases (such as coronary heart disease) – intractable diseases (the template has been reviewed by the medical department and comply with the medical record writing specifications), and doctors only need to modify the personalized content (such as the history of the complaint), for example, the acute appendicitis template has included fixed modules such as auxiliary examination of typical symptoms and signs, and doctors only need to supplement information such as the onset time and specific signs and locations.

2. Financial management module

In the face of frequent adjustments of DRG/DIP, the platform has built a closed loop of policy response to minimize the impact of policy adjustments on hospitals:

• Establish a medical insurance policy knowledge base: a full-time team (including medical insurance experts, clinicians, and technicians) will interpret the new policy within 72 hours (for example, in 2024, the scope of DRG payment in a province will be expanded to appropriate technologies for traditional Chinese medicine), and update the system rule engine (the rules are presented in a visual flow chart to facilitate the understanding and verification of hospital medical insurance office staff);
• Develop simulated settlement tools: Doctors can rehearse the DRG grouping results when issuing medical orders (such as choosing A diagnosis + B surgery, the expected grouping is G003, the medical insurance pays 8,000 yuan, and the out-of-pocket ratio is 15%) to avoid the risk of revenue loss caused by high coding and low coding (after the launch, the hospital’s DRG grouping error rate was reduced from 8% to 2%).

3. Innovative features

The implementation of innovative functions needs to go through the process of clinical verification and iterative optimization to avoid the disconnection between technology and reality:

• Intelligent triage system: In the early stage of the launch, due to the low accuracy of dialect recognition (only 70%), the error rate did not decrease but increased, and later by collecting 30,000 dialect consultation records of the hospital to supplement the training data, the accuracy rate increased to 92% after 3 months, and finally the registration error rate was reduced from 12% to 3%;
• Quality improvement module: For the infection rate index of surgical incision, the system traces back to the main cause of the operating room temperature (>25°C) in summer (80% of the infected cases occur during the period when the temperature exceeds the standard), and promotes the hospital to install an intelligent temperature control system (set 22-24°C to automatically adjust), and finally reduces the infection rate from 2% to 3.6%.

5. Conclusion

The essence of the design of the hospital information SaaS platform is to find a dynamic balance between compliance rigidity and innovation flexibility: compliance is not the shackle of innovation, but a safety net to avoid risks (the case of a hospital being fined 500,000 yuan for non-compliance with electronic medical records confirms the bottom-line value of compliance); Innovation is not the opposite of compliance, but an accelerator to improve compliance efficiency (voice entry reduces doctors’ compliance recording time by 60%).

To achieve this balance, product managers need to have three core competencies: first, the ability to translate the modification traces in the “Electronic Medical Record Specification” into the specific functions of the permission matrix + version tree (such as clarifying which modifications require authorization from the director); the second is the scene disassembly ability, which can identify the functional chain of code matching→ cost estimation→ and risk warning from the DRG payment reform (such as correctly dismantling the grouping into executable indicators such as diagnosis-surgical code matching cost in the interval within the group); The third is the ability to integrate technology, which can enable AI and big data to exert their value without touching the privacy red line (such as using federated learning technology to jointly train triage models without sharing data from multiple hospitals).

As medical digitalization enters the deep waters, the balance between compliance and innovation will be upgraded from functional design to ecological construction – the future hospital information SaaS platform should not only meet the compliance and efficiency needs of hospitals, but also connect with external systems such as regional medical clouds (to achieve mutual recognition of examination results), medical insurance electronic vouchers (to support scanning code settlement), and Internet hospitals (to open up online and offline medical records), so as to achieve the symbiosis of security and value in a larger network. This is not only a challenge, but also the key to building the core competitiveness of medical informatization enterprises – whoever can master this balance first will be able to take the lead in the wave of medical digitalization.