Allscripts Integration initial version

yehster wrote on Wednesday, October 12, 2011:

I have been working on client side integration with the free Allscripts ePrescribe and openemr.

I have been testing it with the 4.1 and 4.2 versions of OpenEMR, but it should probably work with 4.0.

It requires running firefox and using the greasemonkey addon
http://www.greasespot.net/

The script is available here.
https://github.com/yehster/oemruserscripts/blob/master/greasemonkey/allscriptsInterface.user.js

https://github.com/yehster/oemruserscripts/raw/master/greasemonkey/allscriptsInterface.user.js

It has two many features right now.
1. Find your current patient selected in OpenEMR in Allscripts.  This assumes that you have already created the patient’s info in Allscripts.
2. Load the demographic information of the current OpenEMR patient into the Allscripts addPatient.aspx form.

After installing greasemonkey and this script, what you should see is a new button in the upper frame of OpenEMR where the patient’s Name and DOB are displayed.  This button is just a link to the Allscripts webpage which opens in a new window.  This button is also only displayed when you have an active patient in OpenEMR. 

What happens is if you search for a patient in OpenEMR, then click this button, in the new Allscripts window, if you haven’t logged in yet, you are prompted to log in.  After you log in, or if you already have an active session, the search boxes will be filled with the current patient’s last name and first name, and the search button gets automatically clicked.  Then, it checks to results to see if there is a matching patient (by first name, last name and DOB).  If so, that record is automatically selected.

That’s what function 1. does for now.

Function 2 adds a button “Load from OpenEMR” on the page “https://eprescribe.allscripts.com/AddPatient.aspx”.
This assumes that you are logged in to OpenEMR and have already selected a patient.
Upon hitting that button, a request for the demographics information is then sent to whatever OpenEMR server you’ve been using most recently.  This information is then used to populate the form in allscripts.  You can then hit Save, or edit the other fields, or do what ever you want at this point.  It just saves you the trouble of typing in the information available in OpenEMR. 

This is early code, so be forewarned that it may be buggy.

-Kevin Yeh

bradymiller wrote on Wednesday, October 12, 2011:

Hi,

This sounds very cool. Thinking that placing this in the openemr repo at contrib/allscripts (or something like that) now with a README there with above instructions (and will get it on the wiki too) to hopefully spur some testing.

-brady

cverk wrote on Thursday, October 13, 2011:

This looks like something very useful and allows use of the free e-prescribing service.  It seems like this basic idea would be applicable to integrating with other web based services.  Could it be used to interface with labs or microsoft healthvault as examples?

mdsupport wrote on Thursday, October 13, 2011:

Greasefire is another extension that uses Greasemonkey.  It suggests and guides users to install scripts listed on userscripts.org.  It also is supposed to prompt for installing updates to the script but never tried that.  If we are able to tie the sourceforge or wiki pages to this script, installation instructions become as easy as

From the list of scripts select xxxx and press the ‘Install’ button at the bottom of the pop-up window.

yehster wrote on Friday, October 14, 2011:

If anyone tries this script out, I’d appreciate feedback.

@brady,
I’ll do a commit to add this to contrib of the main project soon.
@cverk,
Yes, this general approach would work of for integrating to arbitrary websites like Labcorp and/or Quest’s lab portals.  However, it takes significant work to build the interface for a given website.
@mdsupport,
I’m not sure that greasefire really adds significant value as you still have to install greasemonkey to begin with.  Once you have greasemonkey installed, if you browse to any web page that is .user.js it prompts you if you want to install as a greasemonkey scripts.  I will likely put the script up on userscripts.org soon though,

paanii13 wrote on Saturday, October 15, 2011:

Kevin,

Tried your Allscript Integration I am getting the following popup error msg.

Script:C:\xampp\htdocs\openemr\oemruserscripts\greasemonkey\allscriptsInterface.user.js
Line:328
Char: 1
Error: "window’ is undefined
Code: 800A1391
Source: Microsoft JScript runtime error

Any solutions?

yehster wrote on Saturday, October 15, 2011:

@Paanii13,
It looks like you are using Internet Explorer.  IE will not work, and it is not possible to use this with IE.
You MUST use Firefox and install the greasemonkey add on.

Furthermore, there is no need to put this script on your OpenEMR installation as it runs client side. 

cverk wrote on Saturday, October 15, 2011:

I tried it out under windows 7 and firefox.  It kind of works but has some bugs I found.  When you transfer info into allscripts it puts in the date of birth, but when you try to save the patient it says it needs a valid date of birth.  If you reenter the same info it then will take it.  It would also be nice if the script entered the PID as the allscripts patient number.  Next if you then go back to a search for a new patient in openemr, it opens the search in a new frame.  If you select a patient there it opens demographics in a full page and locks up, circles spinning in the alerts box.
  On the good side, the client side interface with the script turned on or off in the browser, makes it really easy to test and play with, without worrying about messing up your openemr installation. You just uncheck the script in the little monkey pulldown and restart firefox and you are back to where you started.
  Ultimately, you would like to then  be able to pull the prescription back into openemr to log it into the prescriptions box without having to reenter it there like I have been.  Someone had posted a way to do that under version 4.0 using php excel and allscripts reports, but it was a bit clunky and kind of got dropped with the 4.1 rollout.

woesau wrote on Monday, October 17, 2011:

You are violating a number of agreements and regulations:
1. Allscripts - Do they allow you to integrate with OpenEMR in this way?

2. HIPAA - You are passing data in a very insecure way.

3. EHR Certification - OpenEMR is certified using NewCropRx. If you change this to Allscripts, you automatically cause the certification to fail.

yehster wrote on Monday, October 17, 2011:

Regarding these issues.

2. HIPAA - The hand off of information between OpenEMR and happens within the browser itself. If this mechanism were considered unsecure, then simply using a browser at all would be insecure to begin with.  There is no new mechanism which transmits PHI across the internet introduced by this mechanism.

3. There is no modification to code which has been certified. All of the changes are purely on the client side. The NewCropRX stuff is all still there.  This is simply an additional module.  Allscripts has separate modular certification for ePrescription.  An EP is allowed to use multiple modules when certifying. Given that without this integration, an EP is allowed to use OpenEMR and use Allscripts seperately without using NewCropRX, this script changes nothing.  It is analogous to adding a bookmark in your browser.

As for 1.
I don’t see any explicit mention in the Allscripts participation agreement of  anything that would be in violation by using this mechanism.  

woesau wrote on Monday, October 17, 2011:

Obviously, you didn’t check with Allscripts, HIPAA, and ICSA to see how this will affect OpenEMR. How much experience do you have in these areas? You are creating a financial and legal liability not just for yourself but also for the community.

yehster wrote on Monday, October 17, 2011:

I have implemented a similar mechanism for integration that was reviewed by the HIPAA compliance officers of a major institution which was deemed to be compliant.  There is no additional clear text transmission of PHI. The only way this creates a privacy risk is if your browser is compromised, and that would be true regardless of if you were using this system or not.

As for Allscripts and ICSA, I acknowledge that your concerns are legitimate.  We want to do this right.  However, before spending too much time discussing the implications with Allscripts and ICSA I believe developing a technical proof of concept to provide a framework for discussion was certainly appropriate.  I was hoping to determiine interest from the community in going this route prior to trying to obtain “permission” (the harder task in my mind.)

Walter, thank you for your concerns. However, given that you seem to have created your sourceforge account today with the explicit purpose of replying to this thread, I am curious to know about  your stake in the OpenEMR community. Can you help in legitimizing this mechanism, which I believe many people would find useful? Or do you believe that there are simply too many issue to overcome? Anyone else care to chime in?

mdsupport wrote on Monday, October 17, 2011:

1. Kevin’s concept is equivalent to Copy+Paste followed by simulated <Enter> action between windows that a user would have knowingly logged in and initiated the action.  Which HIPAA  section is of concern here?

2. Allscripts agreement does not stipulate the source(s) of information or methods of data entry in Terms of Use for their application. 

yehster wrote on Monday, October 17, 2011:

I have fixed the search issues CVerk reported.  Dumb mistake on my part, was using the variable “name” to store the patient’s name which was clobbering the frame’s name.

https://github.com/yehster/oemruserscripts/raw/master/greasemonkey/allscriptsInterface.user.js

Haven’t addressed the DOB needing to be re-entered, but did add pulling the OpenEMR PID into the form.

Anyway, I’m going to put further work on hold until we have addressed the potential concerns Walter raised.

bradymiller wrote on Tuesday, October 18, 2011:

Hi,

I’d like to avoid any delay in development on this project, which will provide a hugely beneficial feature to the community. I have a good understanding of the mechanism of Kevin’s code, and I’m  unclear what the specific concerns are here; does Walter, or anybody else whom has a good understanding of the mechanism Kevin is using, have any specific issues with this methodology? If so, then can deal with them and get this module “official” (to have a free e-prescribing option that fulfills MU is pretty exciting).

I guess answers to the following two questions would be most helpful here:
1. If the Allscripts module existed, can users use it (rather than NewCrop) to get MU??
2. Is there any reason that Allscripts would not allow this mechanism??

thanks,
-brady

cverk wrote on Tuesday, October 18, 2011:

I don’t know if this answers those questions, but I did register for meaningful use using a combination of openemr 4.1 and the basic allscripts free account, and it took my registration without any problems and gave me a registration number. Whether I make it to all the requirements by the end of the year is another question. But the portal thing seems to be the bigger hurdle. I hope the naysayers don’t discourage such an obviously gifted programmer as yehster. I don’t see the script being any less secure than typing info into a password restricted site like you have to do to use allscripts in the first place.

biller2 wrote on Tuesday, October 18, 2011:

I am very excited about this new possibility.  This would be an awesome addition and another alternative as my doctor currently has the free account and has to enter the info in by hand.  I don’t know the answers to Brady’s two questions above, however, my thought would be that Allscripts wouldn’t object as they offer this service for free.  If there is anything I can do to assist in this option please let me know.  Thanks for exploring this option John

bradymiller wrote on Tuesday, October 18, 2011:

Hi,

After further contemplating this and getting no real specific objections from any naysayers, I think we should just proceed with development on this.

The issue regarding HIPAA makes no sense to me at all. From a security standpoint, the only thing I can think of is to ensure the project controls the script (ie. prevent users from downloading the script from third party sites, where there is a chance of the script being modified with malicious content).

And the issue regarding MU is really a moot point. It really makes no difference whether it fulfills MU (of course, much better if it does); even if it doesn’t, it is still an awesome option for clinics not trying to get MU. Are we not allowed to add any more options/features that do not go towards MU? no way.

And lastly the issue of Allscripts. Does allscripts specifically not allow the web browser to remember form field entries; likely not. And if they don’t specifically state in their ‘Terms of Use’ that users are unable to use this methodology, then I see no reason to worry about it.

Of course, feel free to correct me if I’m wrong here; otherwise, I think Kevin should keep moving forward on this,
-brady

gutiersa wrote on Thursday, October 20, 2011:

I use freebsd, I have been using eprescribe back since 2002 with iscribe, which evantually was purchased by allscripts. Now I have been with allscripts for about three years.

I want to give the interface a try.

I can only install greasemonkey 0.9.9, from ports, but I dunno how to install the js script. Do I just put it in the openemr folder? I do not have an oemruserscripts/greasemonkey folder in my installation.

thanks for any help.

sandra

yehster wrote on Thursday, October 20, 2011:

Once you have the greasemonkey add on installed in firefox just click the link

https://github.com/yehster/oemruserscripts/raw/master/greasemonkey/allscriptsInterface.user.js

Greasemonkey will recognize that url as a user script and prompt you to install at that point.

http://userscripts.org/about/installing