In my country, there is a high number of fraudulent doctor's sick letter as they are manually written on paper. I'm designing a web application to combat this issue and have the whole process electronic.
My current thinking is that when the doctor issues the sick letter on the application, the app generates a unique identifier like a UUID but a human-friendly readable unique identifier which is stored in the database table alongside the sick letter's metadata(leave_start_date,leave_end_date etc) then email the generated letter to the patient which he/she will submit to his employer.
The employer will verify the legitimacy of the sick letter by providing the leave_start_date,leave_end_date and the unique identifier and query the database, if the query finds a record, the application will confirm that it's a valid sick letter.
My questions are as follows:
- Are there any issues you can think with this design?
- Performance concerns?
- Security concerns?
- Data privacy concerns?
I will be using Spring Boot(REST API), Postgresql and Keycloak as my stack. Will have a Javascript front end and mobile client.
