By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
457,876 Members | 1,159 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 457,876 IT Pros & Developers. It's quick & easy.

I am looking fo ropen source package for "appointment package" for Doctors

P: n/a
GS
Hello,

I am looking for any opensource package for "appointment system" for
doctors, please let me know. This is just o take Name/Phone/time,
incase if there is not any opensource, then is it hard to implement
using web/php/mysql?. Please let me know.

GS

Apr 30 '06 #1
Share this Question
Share on Google+
15 Replies


P: n/a
GS wrote:
Hello,

I am looking for any opensource package for "appointment system" for
doctors, please let me know. This is just o take Name/Phone/time,
incase if there is not any opensource, then is it hard to implement
using web/php/mysql?. Please let me know.

GS


Don't know of one offhand, but a caution. If you're in the U.S., you need to be
very careful. This could be covered by HIPAA and security would be very important.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Apr 30 '06 #2

P: n/a

"Jerry Stuckle" <js*******@attglobal.net> wrote in message
news:9Z******************************@comcast.com. ..
GS wrote:
Hello,

I am looking for any opensource package for "appointment system" for
doctors, please let me know. This is just o take Name/Phone/time,
incase if there is not any opensource, then is it hard to implement
using web/php/mysql?. Please let me know.

GS

Don't know of one offhand, but a caution. If you're in the U.S., you need

to be very careful. This could be covered by HIPAA and security would be very important.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Your so right!! And not only doctors, but also anyone or organization that
deals with personal data that could be considered diagnostic. (support
groups, therapy etc.) I've been bitten by this dog already.

Al Kolff al******@eartlink.net
remove the x
"Experience is a hard teacher because she gives the test first, the lesson
afterward. But properly learned, the lesson forever changes the man."
~ Randy Alcorn, Safely Home
Apr 30 '06 #3

P: n/a

Jerry Stuckle wrote:
This could be covered by HIPAA and security would be very important.


What more can someone do beyond basic passwords to keep unwanted users
out? I dont see how personal info needs to be treated with the same
security as credit card and social security numbers.

Apr 30 '06 #4

P: n/a
ve*****@yahoo.com wrote:
What more can someone do beyond basic passwords to keep unwanted users
out?


Here are some examples. Not very practical, but sometimes might be even
required.

- Using strong passwords or forcing users to use strong passwords. It
would also be possible to require two persons to login at the same time,
before data is revealed.

- Data should be kept in crypted form instead of plain text, and the
algorithm used should be strong enough to hold the privacy, even if the
algorithm itself is known. To prevent data leaking if someone steals the
hard drive or happens to gain access to the server itself.

- Access to the data can be restricted. Usually it is not required that
everyone can access to everyones data in every day. To prevent attacks
from inside and preventing someone to steal the whole database within a
single and fast attack.

- Logging can be used to save reconds of possible abuses or abuse attempts.

- There should be no access to the data via public networks, directly or
indirectly as that would give potentiaaly anyone access to the computer.

- There should be no public access to the computer that holds the data,
or is connected to the computer that holds the data. Same thing as it is
with Internet, except in smaller scale.
Apr 30 '06 #5

P: n/a
ve*****@yahoo.com wrote:
Jerry Stuckle wrote:
This could be covered by HIPAA and security would be very important.

What more can someone do beyond basic passwords to keep unwanted users
out? I dont see how personal info needs to be treated with the same
security as credit card and social security numbers.

In the United States, giving out someone's social security or credit card number
is not a federal offense. Giving out any medical information without their
consent is. Do some searches on HIPAA.

So - if you value your freedom, any personal information having to do with the
medical field has to be guarded with even more care than credit card and social
security numbers. The law is very strict and penalties severe.

And yes, there are a number of things you can do beyond basic passwords. And
when dealing with medical information, some of these things MUST be done.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Apr 30 '06 #6

P: n/a

Jerry Stuckle wrote:
So - if you value your freedom, any personal information having to do with the
medical field has to be guarded with even more care than credit card and social
security numbers. The law is very strict and penalties severe.


I dont understand the logic behind this. If someone steals my cc and
ssn, I lose thousands of dollars and enormous amounts of time. If
someoen finds out I have a doctor's appointment at 2PM, what is the
loss? Regardless of what the law says, the two breaches are not of the
sams magnitude. Plus there tons of people trying to hack and find cc
and ssn numbers, but how many people are hacking to find medical
information? I understand what you are saying about the HIPAA law, but
it does not seem very practical.

Apr 30 '06 #7

P: n/a

Aggro wrote:
- There should be no access to the data via public networks, directly or
indirectly as that would give potentiaaly anyone access to the computer.


You have given some good suggestions, but does this one mean web-based
are not allowed? If you google medical emr software, there are dozens
of solutions, most web based.

Apr 30 '06 #8

P: n/a
ve*****@yahoo.com wrote:
So - if you value your freedom, any personal information having to do with the
medical field has to be guarded with even more care than credit card and social
security numbers. The law is very strict and penalties severe.


I dont understand the logic behind this.


Laws are designed often for political reasons, not for reasons of
consistency with other laws.

In any case, we don't need to agree with it, it's the law and it must be
taken into account. If you're a programmer on a medical information
system, you had better learn HIPAA and do what it takes to comply, or
else the organization for whom you're designing code could suffer huge
consequences.

Regards,
Bill K.
Apr 30 '06 #9

P: n/a
>> What more can someone do beyond basic passwords to keep unwanted users
out?


I would add to the list of security practices to train the users of the
system how to recognize and resist "social hacking". This may be an
even more risky area of computer security than any of the software
solutions we programmers can implement.

See:
http://en.wikipedia.org/wiki/Social_hacking
or books by Kevin Mitnick

Regards,
Bill K.
Apr 30 '06 #10

P: n/a
GS wrote:
Hello,

I am looking for any opensource package for "appointment system" for
doctors, please let me know. This is just o take Name/Phone/time,

Leaving aside the big discussion about security (it should be secure) what
did you do to try and find one? Try Searching freshmeat for PHP and
Calendar. There are a lot out there.
incase if there is not any opensource, then is it hard to implement
using web/php/mysql?. Please let me know.


Is it hard? Compared to what? Harder than implementing it using paper and
crayons, but easier that with FPGAs.

C.
Apr 30 '06 #11

P: n/a
ve*****@yahoo.com wrote:
Aggro wrote:
- There should be no access to the data via public networks, directly or
indirectly as that would give potentiaaly anyone access to the computer.

You have given some good suggestions, but does this one mean web-based
are not allowed? If you google medical emr software, there are dozens
of solutions, most web based.


First of all, remember - HIPAA applies only to the United States. And the U.S.
is NOT the only country which has the internet.

Secondly, software can be used on an intranet also, not just the internet. On
an intranet it can be secured.

But medical information in the U.S. is considered highly sensitive, and must be
secured. You could place it on the internet. But you had better ensure that
the data is secure. Failure can land you in prison.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Apr 30 '06 #12

P: n/a
ve*****@yahoo.com wrote:
Jerry Stuckle wrote:

So - if you value your freedom, any personal information having to do with the
medical field has to be guarded with even more care than credit card and social
security numbers. The law is very strict and penalties severe.

I dont understand the logic behind this. If someone steals my cc and
ssn, I lose thousands of dollars and enormous amounts of time. If
someoen finds out I have a doctor's appointment at 2PM, what is the
loss? Regardless of what the law says, the two breaches are not of the
sams magnitude. Plus there tons of people trying to hack and find cc
and ssn numbers, but how many people are hacking to find medical
information? I understand what you are saying about the HIPAA law, but
it does not seem very practical.


No, the breach of medical information can be even more severe. For instance -
what if that doctor is an oncologist? That suggests a potential case of cancer.
And if that news got out, it could cost you your job, your insurance and worse.

A credit card number getting out is a hassle in comparison. I know - I've had
it happened when a database was hacked. Not fun, and it took some work to
straighten it out, but that I did.

As for whether you think it's practical or not - it is the law. And violating
it can land you in prison.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Apr 30 '06 #13

P: n/a
Bill Karwin wrote:
ve*****@yahoo.com wrote:
So - if you value your freedom, any personal information having to do
with the
medical field has to be guarded with even more care than credit card
and social
security numbers. The law is very strict and penalties severe.

I dont understand the logic behind this.

Laws are designed often for political reasons, not for reasons of
consistency with other laws.

In any case, we don't need to agree with it, it's the law and it must be
taken into account. If you're a programmer on a medical information
system, you had better learn HIPAA and do what it takes to comply, or
else the organization for whom you're designing code could suffer huge
consequences.

Regards,
Bill K.


Bill,

Actually HIPAA wasn't designed for political reasons. It was designed because
people would lose their jobs if their employer found out they had a serious
disease. They could lose their insurance if the insurance found they were
genetically prone to certain diseases. There could be all kinds of consequences.

Medical information is supposed to be private between the doctor and the
patient. The patient can request its release to specific parties, such as
insurance companies, which obviously want to know what they're paying for.

With the advent of the internet, there are many more possibilities for
information to get out - either because someone was careless with the info, used
an unencrypted wireless connection, hacked a site, or whatever. HIPAA is
designed to protect that information from getting out, either via the internet
or otherwise.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Apr 30 '06 #14

P: n/a
Jerry Stuckle wrote:
HIPAA is designed to protect that information from getting
out, either via the internet or otherwise.


Thanks for the info, Jerry. Those are good things to be concerned
about, and HIPAA is a good thing.

Three cheers for HIPAA! Hip, hip, hooray!

(Sorry, I couldn't resist.)

Regards,
Bill K.
May 1 '06 #15

P: n/a
Bill Karwin wrote:

Thanks for the info, Jerry. Those are good things to be concerned
about, and HIPAA is a good thing.

Three cheers for HIPAA! Hip, hip, hooray!


At least now you will know one reason why the cost for your next
doctor's appointment is so exorbitantly high. Developing and
mantaining highly secure apps is a lot more expensive than less
secure ones. I have never heard of employers and insurance companies
phishing and hacking websites so they can see if their clients have
any terminal illnesses.

Medical information is far more likely to be leaked out from within.
You can build an expensive secure app. but I doubt that will reduce
the overall risk of your info leaking out. It just adds unneccessary
costs to the healhcare system.

It is my understanding that HIPAA was made in 1996 when the Internet
was in it's infancy and only large medical institutions could afford
web based software. Nowadays every solo practioner wants to go online
to reduce costs for their patients. I would not be surprised if we
see the law changed and penalties reduced in the future .

May 1 '06 #16

This discussion thread is closed

Replies have been disabled for this discussion.