I am a medical student in Arizona involved in setting up an EMR system for a series of free clinics run by medical students at my school and staffed by physicians on a volunteer basis. I have OpenEMR up and running for test purposes and believe it suits our needs. I am interested in rolling it out in a production environment but am concerned about security issues when deploying it on a remotely hosted server. Can anybody point me to some helpful advice regarding setting up OpenEMR in a secure, remotely hosted environment?
hi,
If use OpenEMR over internet, recommend only allowing SSL (https) transmission utilizing ‘apache client certificate authentication’. Then you basically leverage Apache (much more secure than OpenEMR) to secure OpenEMR. Also important to ensure the remote host provider is itself secure.
-brady
Thanks for the reply. I was wondering if the SSL transmission was sufficient. Can you recommend any particular hosts? Do you recommend hosting as a virtual appliance, or hosting on a VPS?
I think that this is a pretty good application for a small clinic if used only on an Intranet. I wouldn’t use it live (Online), it is chock full of security flaws and most of the code used is deprecated (it has been superseded)
I am just an amateur at scripting php, but I have found many, many, many security holes, I wish I would have written them down…
I have changed a few (5 - the lab results print and report, the new patient report, the SOAP report, and the encounter form) forms to honor line breaks when viewing them… I didn’t check for flaws as we are only testing this for use on our clinic’s Intranet…
What is your github account name so we can find your repository and take a look?
Or post a link to your actual repository….
Here is mine as an example. https://github.com/yehster/openemr
Before you “push” two useful commands you can use to try and see what git is tracking on your local repository are “log” and “diff”
git log
will show you the descriptions of the most recent commits
git diff
will show you uncommitted code changes
So if the changes you are trying to show up at this point, it means you aren’t ready to push. You need to do an add and commit.
git diff origin
should show you changes on your local system that are ready to be shared out.
Okay, I followed your advice, yehster, and was able to “push” the files that I made changes to.
My github account is - https://github.com/dwr1975/openemr - but the changes do not show up there for some reason, I may have done something incorrectly again.
You have to go to - https://github.com/dwr1975/openemr/tree/line-breaks to see the changes that I made…
dwr1975/openemr is never going to directly show your specific changes when you do things correctly because it shows the master branch by default from that page. You want your master branch to always only contain code that has been officially incorporated into the project. Customization/new code should go into a branch, as you have done.
Everything you have done with git looks correct at this point.
You can run OpenEMR offline. I stumbled upon this accidentally when I was writing progress notes and noticed that I was not connected to the Internet. I presume that you don’t need to bill insurance companies because you are doing pro bono work. Even if you do bill, the downloaded x12 file from your browser can be generated offline and later you can send the x12 file to the clearinghouse after you have logged off OpenEMR.
I think you realize that being a free clinic does not exempt you from compliance with HIPAA and Arizona confidentialty laws, so protection of the medical record is of paramount importance.
If physicians from different clinics need to exchange information, the safest way is the old fashioned way, namely, the telephone.
Avoid enabling patient portals like the Bubonic Plague, if you don’t want a gigantic mess on your hands. Indigent patients are generally happy to get free care and don’t fuss about access to their medical records.
Follow the recommendations from Securing OpenEMR if you have not done it already. SSL transmission is the default if you use Firefox.