Weekly Conference Call

Agenda for January 5th 2019 call:

  1. Chatting / new caller introductions
  2. Jerry’s fishing 101 (@sjpadgett)
  3. Daniel E’s security updates
  4. Victor’s PAC project updates
  5. Zbig UI updates
  6. Asher’s Cloud updates
  7. Robert’s Non-profit Strategy updates
  8. Daniel E’s docker madness updates
  9. Matthew’s and Jerry’s API/FHIR updates
  10. Stephen’s billing updates
  11. Brady’s MU updates
  12. Everything else / new topics

Reminder for the call tomorrow. This call is open to all and call in details can be found here:

Agenda for January 12th 2019 call:

  1. Chatting / new caller introductions
  2. Jerry’s fishing 101 (@sjpadgett)
  3. Daniel E’s security updates
  4. Victor’s PAC project updates
  5. Zbig UI updates
  6. Asher’s Cloud updates
  7. Robert’s Non-profit Strategy updates
  8. Daniel E’s docker madness updates
  9. Matthew’s and Jerry’s API/FHIR updates
  10. Stephen’s billing updates
  11. Brady’s MU updates
  12. Everything else / new topics

Reminder for the call in 2 hours :slight_smile:
This call is open to all and call in details can be found here:

hope to have a new caller, Waseem, introduce himself this coming Saturday :slight_smile:

  1. chatted with Waseem about HL7 compliant medical device flowing through the air to the emr
  2. discussed out of date vendor list and lack of follow up upon contact and willingness to help flesh this out for the benefit of the community

Let’s add the vendor list clean up to the todo for the website migration to drupal. It’ll be a good opportunity to address it

Thanks for the update @stephenwaite .
The vendor list is less of a presentation issue and more of a roll up sleeves and verify vendors. See here for instructions on doing this along with tracking scheme:
(haven’t been able to spend much time on this since 2016 or so, so would be great if somebody took this on :slight_smile: )

will share with @waseem :slight_smile:

Some highlights from this week’s call. I spoke with David Vu and Beju Shah who are both Pharmacist Informaticists. I gave them an overview of the project and the plan for the inpatient modules. They have a lot of insight into the pharmacy modules for inpatient hospitals and I think they will prove invaluable doing the development of this module.

We’re anticipating another call next week to demo the current workflows of the system to help them better understand everything.

Beju may also have some insight in bringing awareness to the project, he is a content creator

1 Like

2/23/19 meeting summary by Kevin Lan


Asher, Brady, David, Kevin, Stephen


Inpatient Module Discussion

  • Pharmacy Team brainstormed and came up with a list of items that they have in their EHR or wished that had Google Doc found here: https://docs.google.com/document/d/1S_hHvQwsTAsFo-1ThSzpJleWdkvLCJgJHC52zO8hGpw/edit
  • First question was: For the inpatient module, are we thinking about splitting off the module into inpatient and another for outpatient OR are we layering the inpatient module on top of the outpatient
    • Concluded: At the moment, we can use the things from outpatient and develop from there
  • Discussed if others get openEMR and customize it
    • Open for building additional modules
    • Its open source – we welcome all development

Inpatient Infrastructure Breakdown

  • Pharmacy team discussed the development process can be broken down into four basic components: Creating a drug database, inpatient ordering function, pharmacist verification, medication administration record (MAR)
  • Research Drug database (dictionary) - with service of NDC, manufacture code
    • Check RxNorm API export/import – it has NDC and drug data and DDI
      • Package size, preservative free or not
      • Drug alert, DDI is hard to do, because its limited ability to detection.
    • Having a drug database would also be beneficial for inventory management
  • Inpatient Ordering function
    • May be set as the priority of the four basic components because of its complexity
    • Discussed incorporation of order sets, formulary availability, clinical decision support, etc.
  • Pharmacist verification function
    • Thought about if there is a current pharmacy workflow in the application. Currently, it seems It is like shipping the script to outside pharmacy to get verified for remote usage. Potential putting the function into dispensary
    • Inpatient formulary item
      • Item that we talked about getting: lab, outpatient imaging, orders, procedures, med orders, free text field limit the chance of medication safety issue, bed placement, admission encounter
      • Pharmacy team asked about possibility of blockchain and incorporating OpenEMR and retail pharmacy together. Problem was that, in retail pharmacy, pharmacists do not know the patient medical/full drug history when dispensing medications. It would be helpful to include that information when making clinical based decisions when dispensing medication.
        • The security for patient medical record access would be biggest hurdle
        • Pharmacist point of view: medication list, problem list
          • Blockchain: Sharing the patient medical information and medication recognition process
  • Medication Administration Record
    • Discussed that Robert could mock up a draft of what the MAR would look like and then we could discuss data endpoints


  • Asher and Brady discussed the cloud packages.


  • Brady discussed ongoing security improvement projects.


  • Stephen discussed ongoing billing projects. Jerry’s has been doing a lot of work and is currently working on real time eligibility which will be a big help to practices by making sure their patients are eligible with the insurance card that they present. Also noted that Jerry has done the first ever non-Brady patch :slight_smile: - Stephen’s note

Action Items

  1. In regards to clinical decision support and drug-drug-interaction alerts, we can see if someone can research with RXNorm would provide the information needed to create these alerts.
  2. Create/find a Github Issue about broken drug look API. Here is an issue: Fix online drug lookup · Issue #2156 · openemr/openemr · GitHub
  3. See if Robert could come up a potential draft of what the MAR would look like
1 Like

3/16/19 Meeting Minutes by David


Aaron, Asher, Beju, Brady, David, Robert, Sherwin, Tigran

Meeting Minutes

Security Discussion

  • Addressing security
  • Background: Software had discovered to have security vulnerabilities in the past. Since then OpenEMR has prioritized resolve to address security. Major problems have been discussed and no current critical issues.
  • Multiply ways to do Multi-factor Authentication:
    • TOTP
      • ex. like using Authy
    • U2F
  • Encrypting on documents too
    • Ex. Uploading patient document will be encrypted also
  • OpenEMR’s security work will be big in the upcoming release
  • Robert had mentioned that there will be a blog post that will be pushed over the weekend to address why open source software provides MORE security
    • Breaches are going to happen
    • Why address with open source causes more productivity
    • Net benefit

MAR Discussion

  • Still work to be done. Once it is about 80% to completion, it would be available to demo and access on the Drive. ETA – 3/22
  • For the MAR, decided with Robert that we are going to add onto the outpatient layer as opposed to creating two modules.
  • Also, Robert has reached out to the core PHP team because we are looking to modernized and our code will be future proof

OpenEMR Demo for the New Participants

  • Showed ‘Search/Add’ Patient functions, which meetings Meaningful Use standards
    • Customizable for practitioner needs
  • Showed Medication Reconciliation
    • Currently, has limitations on adding dosing information because it is the same database element
      • Perhaps we could review FHIR resource
      • Look into Bluebutton
      • Pharmacy Team discussed the need for good medication reconciliation because it provides the decision making for a patient’s inpatient stay
      • Action item will be listed at end
  • Showed Medication Order List
    • Hits external – uses NIH API
    • Discussed about pulling in values from NIH to autofill. Pharmacy to research.

Robert’s Content Creation Topic

  • Wanted to ramp up content creation
  • Post more on the blog at least once a month
    • Topics could be about open source or OpenEMR. Improving healthcare. Essentially anything in the radar of OpenEMR
  • Also, wanted to add to the YouTube space
    • Geared towards new users
    • Wants to create how-to videos

Action Items

  • Admin team to set up a persistent demo (but can also download to local machine if no demo)
  • Robert to finish MAR draft
  • Pharmacy to research about NIH values you can pull to auto-fill in medication reconciliation

4/6/2019 Meeting Minutes by David


Brady Miller, David Vu, Stephen Nielson, and Stephen Waite

Meeting Minutes

OpenEMR 5.0.2 Release Planning

  • Planning a release in 6-10 weeks
  • Some features in this release
    • Focused on enhanced cybersecurity
    • User-interface changes
    • Encryption
    • Multifactorial Authentication
    • Rest API
      • What is Rest API? Instead of logging in, it is offering services. Such as getting an allergy. You would send request and get back JSON sort of stuff. Discussed credentials, tokens, functions.

Follow-up from previous week

  • Brady is looking into creating demo environment with own server for the pharmacy team to keep data persistent in the demo environment
    • Gets reset at 1am every night
    • This new demo environment would be good for long term testing, especially for the inpatient module.
    • Alternatives to this would be: AWS – had to compete with the super cheap web shared hosting. Lightsail -$3-5/month
  • Funding
    • David Vu has been in discussion with funding strategist at respective university. Trying to look for funding opportunities to have a FT developer work on OpenEMR
    • Project administrators of OpenEMR applying for 501-3c non-profit organization. If approved, can be more aggressive in getting funding and grants


  • Insane Development Docker Troubleshooting Discussion
    • Vendor directory was laying around, which stopped the build
    • How to diagnose issue: Do I have most recent docker?
      • Issue that it doesn’t automatically update dockers, so need to do that manually.

Automated Testing

  • Stephen Nielson discussed strategy to incorporate automated testing in OpenEMR.
    • Is there any particular framework as far as unit testing?
      • Codeception, PHP unit, was trying to make sure not throwing a tool in there that would throw people off
      • We decided to go with whatever is best because devs can learn
    • Targeting the API and not the user interface – building out the test suite to make sure all the APIs are working correctly

Inpatient Module Discussion

  • David Vu to lead inpatient ordering in parallel to Robert’s MAR creation.

4/13/2019 Meeting Minutes by Kevin


Brady Miller, David Vu, Kevin Lan, Stephen Nielson, Stephen Waite, Tigran, Tony Dao

Meeting Minutes

OpenEMR 5.0.2 Release Planning

  • Planning a release in 6-10 weeks
  • Still working on finishing up some security improvements.
  • Also working on some licensing standardization.

Codebase Development Discussion

  • Zend Upgrade Zend 2 to Zend 3
    • Stephen Nielson is working on this with plans to submit PR in near future.
    • Discussed that will have impact on users that have created Zend modules; they will be able to follow the examples that will be in the main codebase to update their modules.
  • Stephen Waite discussed the long length of time it too to use the single order scripts. Whenever make a change it has to updated all he labs again rather than just the labs that were changed.
    • Discussed options of ajax via jquery, ajax via fetch api, and memcache use. Plan to go with ajax via jquery to optimize this script.
  • Discussed javascript and browser support.

Inpatient Module Discussion

  • Awaiting MAR planning.
  • Discussed order module and options to build new module specific to inpatient or if to leverage the current outpatient Procedures ordering mechanism.
  • Discussed that it would be very helpful for the online demos to have several basic orders (from each type) configured.

4/27/2019 Meeting Minutes by David


Brady, David, Stephen Nielson, Stephen Waite, Tony

Meeting Minutes


  • New feature for upcoming 5.0.2 release.
  • There is a mechanism to make internal API calls, but appears need to know the web path, which can be difficult (and sometimes impossible) to automatically discern when calling from the server itself. Still evaluating this issue.

Zend Module

  • Stephen Nielson is upgrading from Zend 2 to Zend 3.
  • Also optimizing and fixing issues in code that uses Zend.

Pharmacy Team

  • Possible University and OpenEMR collaboration discussion
  • Clinical Documentation Wiki discussion
  • Tony and David to work on Inpatient CPOE story grooming

we’ve been having some great meetings over the past few months with 5-6 regular participants led by Brady and Stephen Nielsen and on 7-27 @robert.down joined in :slight_smile:

Hello! Will there be a meeting this coming Sat the 3rd? I am a clinical informatics fellow and would like to call in and in sort of a fly on the wall type fashion listen in to your discussions. Thanks for the work you are doing :slight_smile:

1 Like

hi @mboazak ,
Yep, meeting happens every Saturday and is open to all. Looking forward to seeing you there :slight_smile:

Hey all,

I have been taking some notes during the Saturday calls for the past three weeks; I promise they will become better formatted and more inclusive as I sit in on more calls! But here is an overview of the past three sessions, and please correct me if I wrote something down incorrectly (I usually have to drop my roommate off at her job mid-call so I am driving while listening).

Discussing a reset token that’s encrypted; a feature to reset your email that sends you a token and pin to reset those credentials. Will need to be able to audit this to ensure there are no obvious security issues.

Testing and patching another release

GitHub issue #2172: Preventing XSS attacks, JavaScript environment; Conversation about examples and the possibility of having a js escaping function for these cases. Replacing certain instances of document.write and innerHTML switches.

Project to utilize Lambda and DynamoDB features on AWS for registration emails. Current method only allows for one-line messages. Reference to Python library that runs the registration server; talking about current beanstalk mechanism.

OpenEMR project deployment to Eastern India; village where implementing Raspberry Pi and wifi extenders to provide care to a local village. Based off the theory that nearly every adult there has access to a smartphone, can send an SMS with a secure link to access their patient documents.

LDAP, OpenLDAP; do (they) support encryption with AWS/how secure is LDAP as provided through AWS?

Conversation about feature to capture emails more efficiently to reduce cost as well as indication of active/inactive UI feature

Noting that other organizations such as Quest Diagnostics and child companies have implemented OpenEMR, possibly using codebase from 5 years ago, noticing same stack.

Mentioning a certification with AUC that OpenEMR achieved


Conference Call for 11/09/2019

I did have to jump out after about 25 minutes, so this covers that portion :slight_smile:
As always please feel free to add and edit!

David’s Hackathon exposure for OpenEMR; discussing the possibility of offering Grant Writing, Marketing, Blog Posts – things for students who might not have the experience to code efficiently; alternative ways people can contribute

David mentioned university speaking engagements, and how he might be able to integrate discussion about OpenEMR and new contributors to the project, mention that it would promote newbies’ developing experience and also those alternative contribution efforts

OpenEMR Welcome Page updates needed, especially for new volunteers and contributors. “How do I volunteer” is outdated on the page; current categories cover things ranging from testing to translations and grant writing.

Figuring out a way to get people started in each of those categories quickly, a way for people to more or less hit the ground running. Refocusing that welcome page for OpenEMR on new people and users.

Looking to capture people on the homepage and guide them to the right pages more efficiently than the current method. “Don’t know where to start?” - suggestion for a prompt that’s a catch-all in place, the team can then engage these newcomers directly and point them in the right direction.

Reference to Google Docs spreadsheet for translation efforts, automated translations that need to be audited and corrected accordingly by volunteers. Steps to update and add new translations - an effective way to communicate with translators doesn’t exist anymore and has resulted in those volunteer numbers being whittled down.

10,000 terms, maybe consider another way to create database tables from the spreadsheet, and a way to contribute. Google Docs represents the entry point for this, and the repository on GitHub is where those translations are stored.

Communication and emails; Drupal suggestion, in that it can be developed on; used by marketers etc, asks whether you are a developer or doctor and can drive that person to a landing page for how they would get started with OpenEMR.

Email methods; Mailchimp where we are currently under the threshold for paid-for services as we have about 500 emails/day, they do offer a discount for nonprofits. For Discourse (current fee is $20/month) and Sparkpost, comparing how these services function and which might better serve the project.

Issue #2770; Initial goal was to update hashing scheme and make it future proof, then organizing the authentication code and making it less of a black box for devs

looking to convert the updatePassword() and testPasswordStrength() to take advantage of being in a class.

updating the password expiration scheme (to not use a static expired date in credentials, but calculate in real time from a last-updated-date) this will skip the entire mechanism when LDAP is being used by the user.

Providing settings to pick the hashing mechanism (php default, bcrypt, argon2i) along with setting for cycles, memory, CPU for two processes (standard authentication and API token authentication)

1 Like

I actually do have someone who would be a newbie looking to contribute on the code side, so we could always ask him about feedback for anything that’s changed in the near-future for newcomers! :slight_smile:




  • cdr - revamped by @rmagauran
  • 2015 cehrt aka mu3 - proposed rule finalized yet?
  • telehealth - jitsi
  • fhir, medex and redox
  • implantable devices - link with procedures and add devices to medical_problems (issues) sql table
  • bootstrap updates, zend->laminas and ccda
1 Like