Analysis POC 2017


The aim of this document is to provide a high-level analysis of the eSaude-EMR-POC software in terms of development frameworks and standards, best practices, consideration of POC Requirements, Mozambique’s current regulations related to Individual based systems (SEPS), Law of Electronic transactions, Protection of personal electronic data, Law nº 19/2014: Protection of the person, the worker and the jobseeker living with HIV and AIDS, and use of the US Department’s HHS-EPLC framework to check for any existing gaps. The following link was provided for the high level analysis [] In order to produce a more complete high level analysis document it would be important to work together with the development team to review all findings and correct any possible inaccurate conclusions made in this document.


This document is a record of the result of an analysis of the eSaude-EMR-POC and related software in terms of requirements, legislation, the development frameworks used, development standards, and best practices followed.
– Any application testing performed during this assessment was done so using a tablet and/or laptop device. This is not the final device that would be used in field.
– The analysis does not cover user requirements alignment and capacity to respond to the Mozambique needs and context.
– It was not possible to determine the acceptance of the end users or obtain evidence of any end user testing.
– It was not possible to test the functionality of statistical data reporting and statistical data exporting since these are not implemented.
– It was not possible to test whether the systems restricts login only to the facility’s users.
– Alerts requirements were not tested.
– The Software Load scalability test was not done.

eSaude EMR POC Analysis

Reference documents 1. Mozambican Government’s HIS rules based on individuals (SESP Doc.pdf). 2. Law of Electronic transactions Protection of personal electronic data. 3. Current Law used in Mozambique – Lei nº 19/2014, Protection of the person, the worker and the jobseeker living with HIV and AIDS. 4. eSaude POC Requirements (eSaude [POC] Requirements.docx).
Legislation Verification

Details on Requirements listed in SESP document not yet been implemented
1. The data must be stored locally in full with the appropriate backup systems. A repository of data must be present in the Province Level and in the Central Authority to ensure its safety.
2. It is necessary that all information that identifies the patient is encrypted, when you perform the backup, be sent to other levels or to be made available after authorization.
3. The system must have a control device that manages the download of information or data to pen drive, CD and even printing. Only authorized users should perform this type of actions.
4. The system must generate and transfer data and indicators defined by the National Health System.
5. The SESP should be able to produce the summaries / reports with format, timing and content required for the Information System for Health.
6. Individual systems should provide indicators for management, including measuring the quality of services provided according to the list of indicators (Annex 7)
7. The confidential information stored on the hard disk must be encrypted, according to the encryption protocols incorporated in the system
8. The system should issue alert reports when: (Not seen at the super user level)

● Multiple failed login attempts
● There is access to the system during off-hours or unusual computers
● There is a 10% increase in average volume of transactions
● There are configuration updates or system failures

9. Individual-based electronic systems should provide alerts when: a) identifying abnormal test results, b) identifying out-of-normal vital signs, c) identifying a probable allergic reaction and / or drug interaction, complications, absenteeism, non-response to therapy; d) list of patients requiring specific treatment / process in a given period; E) list of patients who had expired exam date

10. The databases should be stored only in Mozambique. Copies may only be withdrawn from the Country with the authorization of the Minister of Health, including the period of institutional capacity building (Recommendation not confirmed)

11. Individual-based systems should export data to SIS management applications, according to the layout and format defined by the Department of Health Information (DIS).

12. In computer systems, the application must have quality control of the data specified by each program, according to some methods: