Where Is Health Data From Openemr Stored

Menu ▾ ▴

onsite or offsite patient portal

Created: 2011-10-21

Updated: 2013-04-06

I seem to be having trouble wrapping my head around this. I am using version 4.1 with all patches on windows 7 and xampp. Does using either portal require spider web serving out to the internet with a fixed ip address or using dyndns.com or similar service? Does this open your production function arrangement to huge security risks? Exercise you have to set something similar hhtps: . I accept to admit that the more I accept read virtually this, the more paranoid I accept gotten nearly the corporeality of personal data involved. The step from working on my intranet through my LAN behind routers, hardware and software firewalls, and antivirus software, to in some way simply opening data out to the internet seems very large to me. Are there any primers out there on this, or ameliorate instructions on proper openemr security settings, or is xampp even usable for this because their site sounds pretty paranoid virtually information technology likewise. Fifty-fifty the xampp security console is pretty disruptive, and it seems phpmyadmin has its owns security bug forth with xampp storing things like passwords in evidently text files. I think this becomes a pretty big thing going forrad particularly with some of these offices I have read about on here with over 20,000 patients.

If you would like to refer to this annotate somewhere else in this project, copy and paste the following link:

How-do-you-do cverk,
This is a tricky topic. I'm also pretty conservative of what to open to the web (if asked, I generally recommend using apache "client sided certificates" to secure OpenEMR if open it up on the web; this essentially passes the security over to apache and would be rather hard, I think, to set upwardly either of the portals with this security mechanism in place). The opinions on how to best secure OpenEMR over the internet will widely differ, just I think what is vital here is for the user to know what they are doing (ie. know how to secure OpenEMR, Apache etc.) and, if non, to consider getting assistance from a third political party. Like the idea of having a primer/wiki folio where others begin detailing their strategies to secure OpenEMR(for example, 1 very important thing to do is to ensure the patient documents directory is blocked via Apache, which is actually described during the OpenEMR setup script) in more than detail.
-brady
world wide web.open up-emr.org

If yous would like to refer to this comment somewhere else in this project, copy and paste the following link:

It seems for some reason you have to use an older xampp package i.7.3 for openemr, only the apache folks seem to say one of the biggest security enhancements is to use the nigh electric current apache release. Is information technology possible to update apache without messing up openemr?
I have managed to stay independent every bit a dr. past non farming stuff out of my office because I don't sympathise them. I pretty much insist that nothing goes on here I don't empathize or can't do myself, employees included. Thats what attracted me to this projection in the first place. As I learn stuff, I am glad to share if I can help.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Let's be clear.

XAMMP is a developer parcel. It'due south intended for testing and debug. XAMMP was never intended to exist use for production or alive systems. The real, reliable and secure way to run OpenEMR on whatsoever Os including Windows, is to install and configure Apache, PHP and MySQL equally split up, native apps and install OpenEMR code separately, (the Linux installer's exercise that for you).

Preconfigured XAMMP is great for in-house installs that do not need external admission and are behind a solid firewall or not continued to the Cyberspace at all. Anything that requires external access should be configured for security, at least HTTPS/SSL.

-Tony
www.mi-squared.com

If you lot would like to refer to this annotate somewhere else in this project, copy and paste the following link:

Hullo,

Disagree (pleasantly) a bit with Tony here. Information technology's non every bit simple as what tool to use or non apply. The main matter hither is the user has a firm understanding of securing all of the parts (OpenEMR/apache/mysql/https/router/firewall/certificates etc.). Using or not using xammp is not really the issue. cverk, perhaps we should get-go a wiki page to begin to cover this stuff, since it sounds like y'all plan on taking the time to larn and go through this stuff anyways.

-brady
www.open-emr.org

If you would like to refer to this annotate somewhere else in this project, copy and paste the following link:

This is absolutely true :_The master thing here is the user has a business firm agreement of securing all of the parts OpenEMR/apache/mysql/https/router/firewall/certificates etc.). _

What I mean is that XAMMP, according to the project developers, was not intended to be used that way and therefore has some inherent security problems that are easy to overlook. You lot could, of grade fix them, only in my opinion, it is faster and more reliable to practice it with a native installation.

On the other mitt I wouldn't recommend windows OS for any server based anything … :-) So accept that every bit yous will.

-Tony
world wide web.mi-squared.com

If you lot would like to refer to this annotate somewhere else in this project, re-create and paste the following link:

Distressing, only a petty frustrated on being low on the learning curve, which is an unusual place for u.s.a. bookish allstar types. I don't think even so that I am unusual for your audience on this. I have found some literature on securing xampp and it looks to be achievable. I empathise the microsoft aversion, just I go on to find linux even harder to grasp.It is a reality that the vast majority of the earth uses windows, and if I can find good literature and make securing information technology work, I volition share it. I really practise capeesh the input, and I promise to assist intellectually push this projection forrad. I figured if I could go to your master installation from your portal demo site, that most of the bad guys out there could hack me.

http://world wide web.learncomputer.com/secure-apache/

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

How-do-you-do cverk,

Once again, wouldn't really focus on things like microsoft is expert or bad for security; every bit long as you have a form understanding of what's involved and the weaknesses/strengths of your organisation.

Placed a wiki page here to brainstorm documenting the process of hardening OpenEMR for the spider web. I but placed some stuff their off the summit of my head but to get it started. Equally users, such as yourself, going through this process, the goal is to develop specific and detailed steps along the way to do it. Feel gratis to add together/remove/modify/aggrandize anything (for instance, you may want to add together a xampp and a Microsoft department). This serves two purpose:
1. Others will then be able to practise it with much less attempt
2. Steps are open and can become scrutinized and optimized over time (easier for security experts to provide communication when all the steps are laid out)

Here'due south the wiki folio:
http://open-emr.org/wiki/index.php/Securing_OpenEMR

It'south in the Developer->Security section on the chief wiki page:
http://open-emr.org/wiki/index.php/OpenEMR_Wiki_Home_Page#Security

promise this helps to get you started,
-brady
www.open-emr.org

If you lot would similar to refer to this annotate somewhere else in this project, copy and paste the following link:

Hi,

Also created a set of portal instructions for both the onsite and offsite portals here on the wiki (and briefly discussed bug in a higher place forth with a link to the above wiki folio):
http://open-emr.org/wiki/alphabetize.php/Patient_Portal

If you're curious, this Patient Portal howto page is in the online OpenEMR iv.1 User Guide wiki page hither in the 'Supplementary Topics' folio:
http://open up-emr.org/wiki/index.php/OpenEMR_4.1_Users_Guide

Z&H Healthcare, please feel free to better/expand these instructions to cover all the features of your offsite portal.

thanks,
-brady
www.open-emr.org

If you would similar to refer to this comment somewhere else in this projection, re-create and paste the following link:

Every bit several posts have suggested, I also tin't seem to get xampp past version 1.7.3 to work, and the current version is 1.vii.7 with a lot of security patches in between and going forrad. That would seem to hateful that even trying to individually install and configure all of the components for a windows server won't work, or at least I can't seem to make information technology work, if yous are using the most upwardly to date versions of each component. Since using the latest updates seems to be the number 1 requirement in maintaining a secure server, it seems this is currently an impass for utilise of windows. Meaningful utilize is going to require opening your server to the internet and maintaining a secure server with updated security patches. Perhaps what Tony is trying to suggest is that it is not currently achievable under windows because openemr is incompatible with some updated component by what is used in xampp one.7.3, and if y'all are going to utilize this to run an actual role you better start learning linux. Of class merely because I can't get information technology to work with upward to engagement private components under windows, doesn't mean it can't be done. Anybody out in that location been able to do that, and if so, have y'all got any hints?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

I was only reading your new wiki pages and the new instruction transmission. You lot guys are cracking !

So maybe the answer to all of this for windows users is setting upwards a vpn type connection to the offsite portal and leaving everything else behind your firewall for office employ only. Perchance they could bundle the free offsite portal with connexion to a low cost collection of lab interface,patient portal with email of passwords to patients, and east-mail of patient reminders for upcoming meaningful use requirements, and possibly connectedness to something like the secure e-mail service transfer of records into something like microsoft healthvault. Because securing the e-mail server is still another problem. That way, it would present an incentive for developers to make the program equally plug and play as possible equally a conduit into a menu of offsite services, which could be presented by the various developers on a competitive basis. Each part then would retain control of their own data and be able to send out or non ship out data based on their needs. The possibilities of what could be offered through such a connection would and then just be express by imagination. Patient care tickler files, quickbooks interface for electronic deposits, transfer of info for referrals etc.

If you would like to refer to this comment somewhere else in this project, re-create and paste the following link:

Hi,

Actually the VPN thought is also related to another idea that is beginning to be considered for the offsite portal. And that is the utilise of a technology similar to "gotomeeting" (also same technology equally how microsoft logs into customers computers to fix them). Then with this methodology, the offsite portal could potentially connect to the local OpenEMR example without the security adventure of opening up a web server to the public (in fact, don't fifty-fifty think you'd need a static IP address).

My question is practise any developers know more most this technology and if their are any open up source projects that tin can exist used to do this.

thank you,
-brady
www.open-emr.org

If yous would like to refer to this annotate somewhere else in this project, copy and paste the post-obit link:

Brady
Maybe we should move this office of the discussion to some other thread and this would be a very important technical addition to OpenEMR.

I think the applied science would already be in OpenSource because webhuddle is like go to meeting and they must be using this technology.

Thanks
Shameem
www.zhservices.com

If you would like to refer to this comment somewhere else in this project, copy and paste the post-obit link:

I am at present confused: logmein downloads a software on to my computer and I install it. I tin and then log into that figurer from anywhere even if I dont have a static IP. Gotomeeting or webhuddle has to have a coming together scheduled and initiated for anyone to log in. Then is it not a logmein kind of technology that we need?

Shameem
www.zhservices.com

If you would like to refer to this annotate somewhere else in this project, copy and paste the following link:

If you would similar to refer to this annotate somewhere else in this project, copy and paste the post-obit link:

How-do-you-do Shameem, cverk, and everybody else,

Check out this open source multi-bone project:
http://code.google.com/p/gitso/

So, I think the local OpenEMR instance can log into the offsite portal and institute a secure connexion without the local OpenEMR instance needing any IP address at all. This connection could so be used:
1. for the local instance to connect to the offsite portal
two. for the offsite portal to make API calls on the local instance

Every bit yous are, I'thou learning this stuff as I become, just this gitso projection does look promising. I am guessing there are others out in that location like this.

-brady
www.open-emr.org

If yous would similar to refer to this comment somewhere else in this project, copy and paste the post-obit link:

@cverk: Copssh is for windows alone. So we might have to augment our search for the Windowphobes hither … :)

@Brady: Gitso looks promising. I take posted a query on their site as well. Nosotros dont need the entire stuff of remote admin where they can see the screen and manipulate, all we need is their connectedness technology, right? Keep looking: it looks really exciting.

Shameem
www.zhservices.com

If you would similar to refer to this comment somewhere else in this projection, copy and paste the following link:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Personally I call up the guy has no imagination near what we tin do with his code… :)

Shameem

If you would like to refer to this annotate somewhere else in this projection, copy and paste the post-obit link:

Here'south an idea to allow for an offsite portal and keep your onsite system protected on your local LAN behind your firewall etc..

Basically, the idea here is to push data from your onsite system out to the offsite system.

The concept is to do 1-way replication of data to the offsite portal. Since data merely ever moves one direction, from your onsite(master) to the offsite(slave), if the offsite server were compromised, your onsite arrangement won't exist affected.
Since the MU requirement is that the information needs to be available within iii days, the replication doesn't have to happen in real-time.
So, one option to copy data would be to have a cron task that runs every night after hours on the master server which does the following.
1. MySQLDump of relevant data.
2. SFTP transfer of dump file to slave(offsite) server
3. Tell slave server to beginning import
Depending on bandwidth/diskspace issues, the mysqldump could be incremental (only the changes since the previous mean solar day) or full (simpler to implement)

Another idea would be to setup an SSH tunnel from the master to the MySQL port on the slave. The main could and then directly update MySQL on the slave machine. Either through MySQL dump once again or past something more sophisticated, similar MySQL replication.

Another expert affair about this one-way scheme is that if the patient portal becomes overloaded (by users or a Denial of Service Attack) the primary server shouldn't care as all the additional workload is being directed at the offsite/slave machine.

All of the tools required for this are fairly standard and available on both Windows and Linux environments. No need for anything "exotic" like gitso.

P.S. although copssh is "windows only" openssh-server exists for linux and does the same thing. SSH is a standard very useful protocol!

If you would similar to refer to this comment somewhere else in this projection, copy and paste the following link:

Hullo Yehster,

I really similar the direction of this final idea. In fact, I have a couple of directions to suggest:

i) on the main mysql server, create a mysql user for openemr patient portal. This user volition have read-but access to the relevent tables and fields to serve the patient portal. y'all will need to allow this user admission from the portal server. configure the portal server to connect to the main mysql server and run queries.

Or

2) employ mysql replication, and copy the data to the patient portal server. You must replicate But the relevent tables and fields.

I think the largest benefit of using either one of these ideas is that you are using the built-in functionality of mysql, rather than any third-party software that may or may not port properly to your platform.

With whatever of the above cases including Yehster'due south suggestions, you will need to solve how to go the data through the firewall.

-jason

If you would like to refer to this comment somewhere else in this project, re-create and paste the following link:

Jason,
A MySQL user with read-just access for the portal is as well a proficient idea. That user would also need update and insert permissions on the patient_access_onsite table to allow patients to change their passwords. It may need write access to other tables as well (result logging?) . An inventory of the tables the portal uses would be useful regardless of mechanism. Can anyone confirm if that the onsite portal needs access to the documents directories/files (upload .pdfs, .tiffs etc?) I don't believe that it does, and things would exist much simpler if this is true. Incidentally, today was my first time looking at the patient portal code.

One big advantage of an "offsite" read-just user is that it's unproblematic to setup. One disadvantage is that the offsite server can touch on the performance of the onsite server since they will exist running against the aforementioned MySQL instance. Whether that functioning impact is pregnant is going to depend on your onsite hardware, # of users, # of patients, etc… This might not matter, but it's something to keep in heed.

If using mysql replication, information technology would expert to replicate a minimal set of information every bit that would reduce the impact of a data breach as well as cut downwardly on bandwidth and disk usage. Is there annihilation else I'grand missing as to why "ONLY relevant data" needs to be replicated. Yeah, transferring billing and other non-clinical data is probably a waste.

However, replicating extra data wouldn't be all bad as you would have an automatic offsite backup. Consider an extreme scenario where your onsite server failed catastrophically. An organisation with a contingency plan could quickly switch to using the offsite machine while the onsite machine is restored.

On the other hand, once an offsite portal were configured appropriately, we could remove all of the irrelevant php files stored on the offsite server to brand information technology a "less inviting target".

SSH Tunneling or VPN are the best options in my mind for getting information through a firewall.
http://en.wikipedia.org/wiki/Tunneling_protocol
I personally use SSH Tunneling to get access to my machines located at different sites. I tin can even admission my machines on my Android telephone with SSH.
I know less well-nigh VPN, but am sure that it will work.

If yous would like to refer to this comment somewhere else in this project, copy and paste the following link:

Hullo,

Not sure I am seeing the point of a read just example, because the large hazard hither is leaking confidential patient data. This volition as well take away features, such as setting appt and filling out forms.I think the ideal security method will really differ between users that use the onsite (native) patient portal vs the offsite (third political party) patient portal. See below wiki folio for description of each:
http://open-emr.org/wiki/index.php/Patient_Portal

Note they tin can both be tested hands on the online demo also:
http://open-emr.org/wiki/index.php/OpenEMR_Version_4.1.0_Demo

Placed some thoughts on how to secure both the onsite and offsite portals here:
http://open up-emr.org/wiki/index.php/Securing_OpenEMR
(at bottom of the Apache section)

I actually think the offsite portal has more potential for security if able to set up some sort of SSH/VPN tunnel via the local OpenEMR example and the offsite portal (ie. Z&H's portal). If the local case logged into the offsite portal via a SSH tunnel and kept the connection agile, and so basically their could be secure cross-communication betwixt the two without needing to be open to the internet or requiring a a staic IP address. For the users sake, though, hopefully there is some sort of open up source packet that tin can do this rather than the users needing to set up these ssh/vpn tunnels.

Of form, this means the offsite portal site (ie. Z&H), needs to be secure in gild to avoid malicious users from groovy the offsite portal and then having admission to all the ssh/vpn tunneled connections from likely hundreds local openemr instances.

-brady
www.open-emr.org

If yous would like to refer to this comment somewhere else in this project, copy and paste the following link:

Brady,
A read-only portal is extremely useful to a provider trying to achieve meaningful apply. Information technology would help run across the requirement of having clinical summaries available for fifty% of encounters available inside 3 days. The alternative is press at time of run into,or snail mailing or emailing afterward the fact. Honestly, I think that having the clinical summary bachelor at time of come across serves the patient better than through a portal, but that's pretty hard to attain from a workflow standpoint.

The risk of leaking protected health information is is "non-zero" no matter what you practise since the goal is presenting that information to a patient through the internet.

What a read-only approach protects you lot from is for a malicious user from affecting the workflow/information/information on your primary OpenEMR instance if the portal were breached. Every bit an example.if the portal has read/write access to MySQL Suppose a patient'south user id/password were compromised. An attacker could wipe out the patient'due south demographic data, or he could screw up your calendar past posting appointments in every slot. The worst potential vulnerability would exist if a SQL injection assault could make it dorsum from the portal to the primary server.

If the portal is read/but with respect to the main server, none of those potential vulnerabilities tin mess up your onsite arrangement.

Since the appointment functionality is broken for now anyway, you lot don't lose that with a read-only example. Also if 1 chose MySQL replication as the synchronization method, one could determine afterward to do bi-directional replication for some information.

SSH tunnelling is non and then complicated that it needs a "packet" to setup and configure.
Under linux, all you exercise to establish a tunnel from the command line similar this on Automobile A:
ssh -N -u username@remote.host.ip -Fifty 9999/127.0.0.1/3096
User hallmark could be done past countersign or by public/individual central pair.
Now at this betoken, the motorcar I issued the command from has access to the MySQL server running on remote.host.ip. However, instead of making reference to remote.host.ip directly, Motorcar A accesses the remote machine by addressing it as localhost:9999 (i.e. localhost on port 9999 instead of the standard MySQL port 3096).
I use putty on Windows which is a GUI rather than a control line program to do the aforementioned thing, simply the concept is exactly the same.

If the offsite portal gets cracked at the "command level" all bets are off anyhow. Still, if the tunnels are setup then that the openemr instance logs into to the offsite portal, rather than the other style around, all of the hallmark data would be distributed across the openemr instances rather than centrally located on ZH's motorcar. The main thing that would allow an aggressor to do in this example additional is to accept admission to the webserver of the openemr example and/or issue SOAP commands. The attacker would need to break another layer of security before he could cause also much more than damage.

If you would similar to refer to this comment somewhere else in this projection, copy and paste the following link:

Hullo,

The ideal solution will really be dependent on which portal is used:

1. Native portal (this is at patients directory in OpenEMR).
This is currently a read-only portal anyways, so agree it won't affair. I recollect the spectrum of security (from least to most) will exist (in all, would remove whatever unneeded scripts, which are listed at http://open up-emr.org/wiki/alphabetize.php/Securing_OpenEMR) :
-open up to internet over https (and hope for the best)
-open up to internet over https and utilise a client side certificate to specifically protect the OpenEMR login script
-create a patient portal specific sqlconf.php file in the portal directory and have globals.php utilize this when the patient portal is used. By default, this volition simply call the main sqlconf.php, but this gives the user the choice to set up a separate mysql user which can exist express to read-but.
-with to a higher place, sqlconf.php method, could also use a completely separate database to farther secure
-could have 2 completely instance of openemr (ane the mirror that you discuss, which would be read-merely)

2. Third Political party portal using the API
This currently supports creation of new patients, new documents, and changing demographic information by patient. I remember the spectrum of security (from least to most) will exist (in all, would remove any unneeded scripts, which are listed at http://open-emr.org/wiki/alphabetize.php/Securing_OpenEMR) :
-open to internet over https (and hope for the best)
-open to internet over https and employ a client side certificate to specifically protect the OpenEMR login script
-open to internet over https and use a client side certificate to protect unabridged openemr codebase (so the third party portal would need this)
-close completely to internet and connect to the third party portal via a secure bi-directional tunnel (such as VPN or SSH)

Higher up last entry is why it seems the third party portal will be more secure and functional. Because with this, the only bespeak of entry of the third party portal, which will take less code(and newer code) and probable much easier to ensure security. In fact, information technology should explicitly guarantee security (at least to HIPAA level), then physicians are comfy using it. Possibly the thing to exercise is for Z&H to get their portal working with your above ssh tunneling command (seems like a way to provide certificates would be the well-nigh secure, although password should suffice; this is because fifty-fifty if the credentials when logging in from local OpenEMR to the third party portal (the medico portal) is hacked, that's not a very big bargain, because all of the patient data and credentials are actually stored in the local OpenEMR, so the simply point of assault seems to be where the patient logs into the offsite patient portal. If they go the ssh tunnel method working and secure, then could detect easier to install methods/applications (maybe but a putty howto) for the large number of windows users. Promise I'one thousand making sense.

Quick question on shh tunneling. Lets say I create a tunnel with your server. Can your server then independently transport information(API requests) back to me?

-brady
www.open up-emr.org

If you would similar to refer to this comment somewhere else in this project, copy and paste the post-obit link: