mcondon-mcsi wrote on Monday, October 28, 2013:
At the request of a client, we’ve made a few tweaks to the patient portal on our end. Figured I’d share them here and get a little feedback while I was at it.
If anyone has a different or preferred strategy for doing this, I’d love to hear it - I’m relatively new to PHP and flying a little by the seat of my pants.
The goal was to allow patients to view PDFs uploaded to their medical records. This helps meet meaningful use rules regarding visit summaries. Showing the PDFs in the same window as the rest of the patient portal is problematic - the layout doesn’t really work - so this will create a “View File” button for each PDF instead. Clicking the button will open the PDF file in a new window.
This does not require opening the documents folder to outside access, and allows patients to access only the files associated with their own PID.
edit
I see a few spots where I haven’t swapped hard-coded links to variables in URLs. I’ll fix that when I get a chance.
CODE
Copied and modified an existing “get” php script to retrieve patient documents of type PDF. Much like the existing ‘get’ scripts, this executes a SQL statement and builds an HTML table with the results. Current layout is “date”, “filename”, “view button”. The button is created with it’s ID set to the filename (not path) of the associated document.
<?php // Copyright (C) 2011 Cassian LUP // // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. require_once("verify_session.php"); $sql = "SELECT * FROM documents WHERE owner = ? AND type = 'file_url' AND mimetype = 'application/pdf' ORDER BY docdate"; $res = sqlStatement($sql, array($pid) ); if(sqlNumRows($res)>0) { ?><table class="class1"> <tr class="header"> <th><?php echo htmlspecialchars( xl('Document Date'),ENT_NOQUOTES);?></th> <th><?php echo htmlspecialchars( xl('File Name'),ENT_NOQUOTES);?></th> <th><?php echo htmlspecialchars( xl('Document'),ENT_NOQUOTES);?></th> </tr> <?php $even=false; while ($row = sqlFetchArray($res)) {
if ($even) {
$class="class1_even"; $even=false; } else { $class="class1_odd"; $even=true; } echo "<tr class='".$class."'>"; echo "<td>".htmlspecialchars($row['docdate'],ENT_NOQUOTES)."</td>";
echo "<td>".basename(htmlspecialchars($row['url'],ENT_NOQUOTES))."</td>";
echo "<td><button id=".basename(htmlspecialchars($row['url'],ENT_NOQUOTES))." onClick=docBtnClick(this.id)>Show</button></td>";
//echo "<td> <embed src=\"/openemr/sites/woolley/documents/".htmlspecialchars($pid)."/".basename(htmlspecialchars($row['url'],ENT_NOQUOTES))."\"></td>";
echo "</tr>"; } echo "</table>";}
else
{
echo htmlspecialchars( xl(“No Results”),ENT_NOQUOTES);
Create a function to capture those button clicks. The button ID is set to the local name of the PDF document, and passed to the click handler. This gets added to the ‘summary_pat_portal.php’ page.
function docBtnClick(clicked_id)
{
var wopts = “height=” + screen.height + “, width=” + screen.width + “,toolbar=No,location=No,scrollbars=no,status=No,resizable=yes,fullscreen=No”;
var targurlstr = “/openemr/sites/woolley/testGetPdf.php?target=” + clicked_id;
/alert(targurlstr);/
var openpath = “C:/xampp/htdocs/openemr/sites/woolley/documents/” + clicked_id;
alert(openpath);
var w = window.open(targurlstr, “_blank”, wopts);
}
To trigger this and display the collapsible panel listing the patient documents, copied and modified an existing script within the page. Calls the “get” script shown above.
<?php echo ""; // Patient Chart Notes results expand collapse widget $widgetTitle = xl("Chart Notes"); $widgetLabel = "dictation"; $widgetButtonLabel = xl(""); $widgetButtonClass = "hidden"; $linkMethod = "html"; $bodyClass = "notab"; $widgetAuth = false; $fixedWidth = true; expand_collapse_widget($widgetTitle, $widgetLabel, $widgetButtonLabel,
$widgetButtonLink, $widgetButtonClass, $linkMethod, $bodyClass,
$widgetAuth, $fixedWidth);
?>
Finally, the page which actually displays the PDF, using whichever PDF viewer is installed on the user’s computer. The page intakes only the filename of the clicked PDF, and builds the full path using the validated user’s PID. The file is retrieved using ‘get_file_contents()’ so no external access to the documents directory is required.
<?php
//continue session
session_start();
//landing page definition – where to go if something goes wrong
$landingpage = “index.php?site=”.$_SESSION[‘site_id’];
//
// kick out if patient not authenticated
if ( isset($_SESSION[‘pid’]) && >isset($_SESSION[‘patient_portal_onsite’]) ) {
$pid = $_SESSION[‘pid’];
}
else {
session_destroy();
header(‘Location: ‘.$landingpage.’’);
exit;
}
//
//path to file
//alert(window.opener.openpath);
$filedir = “C:/xampp/htdocs/openemr/sites/woolley/documents/”.htmlspecialchars($pid).“/”.htmlspecialchars($_GET[“target”]);
//alert($filedir);
$filename = ‘dictation.pdf’;
$mimetype = ‘application/pdf’;
$data = file_get_contents($filedir);
// see PHP: strlen - Manual
$size = strlen($data);
header(“Content-Disposition: inline; filename = $filename”);
header(“Content-Length: $size”);
header(“Content-Type: $mimetype”);
echo $data;
?>