Design best practices and considerations for Patient Service Center
These design best practices and considerations for configuring and extending Patient Service Center support the five pillars of Well-Architected for Microsoft Cloud for Healthcare.
Configuration
- Ensure user/group mapping for the prerequisite licenses are done before deploying the solutions to Microsoft Power Platform.
- The user who deploys and configures the Dynamics 365 Customer Service and Omnichannel for Customer Service solutions must be Global Admin, Power Platform Admin, Dynamics 365 System Admin or have sufficient permissions directly on the target Power Platform environment. See more about Omnichannel for Customer Service prerequisites.
- You must provision Omnichannel for Customer Service for chat before you can deploy Microsoft Cloud for Healthcare.
- Administration configurations for Patient Service Center are done in the Dynamics 365 Customer Service admin application.
- Allow patients to interact with the Azure Health Bot using the Dynamics 365 chat widget with Dynamics 365 Omnichannel integration and embed the widget in the Patient access portal.
- Connect patients from the Azure Health Bot to a patient service representative in Patient Service Center by configuring Azure bots to escalate and end conversations.
Reliability
- Test features in a non-production environment.
- Maintain a development, test, and production environment.
- Design an on-premises data gateway for reliability by including high-available data gateway for on-premise data.
- For your Azure components consider the Design review checklist for Reliability from Azure Well-Architected Framework.
Security and compliance
- For a complete Patient service center scenario, the persona(s) doing the setup and configuration requires permissions across Microsoft Entra ID, Azure (landing zone subscription), Power Platform, and Microsoft Teams.
- Ensure the right permissions are assigned before installing and enabling the Patient service center solution. If there's clear separation of concerns within the organization to carry out these tasks across Power Platform, Azure, and Microsoft Teams, ensure the required personas are involved and engaged.
- Users accessing Patient Service Center, such as the service center representatives, need to be added to the security group in the Power Platform environments.
- Create dedicated Microsoft Entra Groups to maintain access to the Healthcare applications such as Patient service center and map it towards the built-in Healthcare user roles in the Power Platform environments. Learn about groups and access rights in Microsoft Entra ID.
- Create a Microsoft Entra group with users who should have access to the Azure Health Bot Service.
- Use Entra ID Privileged Identity Management to ensure no standing access to the Azure Health Bot service.
- To register the Azure Health Bot resource provider, the user must at least be a Contributor for role-based access control (RBAC) on the landing zone subscription(s). Learn more with an overview of role-based access control in Microsoft Entra ID
- Healthcare Bot and Omnichannel integration requires a Microsoft Entra Application with read permissions to several Microsoft Graph APIs. Learn more with an overview of Microsoft Graph permissions.
- For Omnichannel configuration and management, users, groups, and applications (e.g., chat bots) should be mapped directly to the built-in Omnichannel security roles in the environment, such as administrator, agent, or supervisor.
- For Patient access integration, ensure Power Page authentication is configured to your chosen identity provider.
- For Patient access integration, restrict Power Page access by IP address to limit portal access.
- Azure Health Bot is a multi-tenant service in Azure, where the infrastructure and runtime is managed by Microsoft and is HIPAA compliant alongside other certifications.
- All communication (inbound and outbound) with the Health Bot service happens over HTTPS, ensuring data in transit is also always encrypted.
- Azure Health Bot stores customer data in Azure storage and Azure Cosmos DB and is always encrypted at rest, where the encryption keys are managed by Microsoft. See more information at Azure AI Health Bot Overview.
Cost optimization
- Use another data store such as Azure Data Lake and move only needed data to Dataverse. That can decrease the cost in case of high volumes of data. It is recommended to store data in Dataverse for small organizations or those that have significant amounts of data in Dataverse for other applications already. Learn more about Azure Data Lake at Introduction to Azure Data Lake Storage Gen2.