Security and PHP EMR software .
as am a developer ( software manufacture ) also a doctor ( end user ) of the EMR , EHR software , I tried many PHP / EMR software , somehow they simple usable , mainly browser based software . somehow what i didn’t like in many of them , usually the DB , Configured adding the Database Account details in open file :
// ** MySQL settings ** //
define(’DB_NAME’, ‘EMR’); // Database Name
define(’DB_USER’, ‘root’); // MySQL Username
define(’DB_PASSWORD’, ‘mysqlpassword’); //Password
define(’DB_HOST’, ‘localhost’); //sometimes you won’t need to change this value
i didn’t realize this till , one of my teacher was using a PHP/EMR software , and accidentally he loses the main account password , and as he re-installed a a new one , he realizes he wants the old backup , so he called me , kindly all what i did , is logging to the MySQL , using the Details listed in the DB connection file , and export the old one , and importing the Backup to the new DB installed , easily he can use the same DB if he used the same values rather than creating a new DB.
The security , i was thinking soon as this PC becomes Venerable and exposed to any who ( the case study PC, was quite usable for 8 users , 6 are doctors , 2 nurses , 1 assistants and 1 technician ) ,. who has some knowledge , he can access directly to the DB in less than a Min ( if he knows what he is looking for , and if he is familiar with the system used ) . i can give it some mins for a geek . let’s say : seeing the patient’s Details Open wild not a good thing . and was not the aim of EMR software .
With open discussion with a friend , other follow Java Developer , he believed that would be one of the reasons why the Free Open source code using some languages hold exposed bugs , and that would be risky on Privacy demanded software as EMR .
Conclusion :
1- Please Use Your PHP/EMR software , On a security guarded software , Oops : not quite a practical solution but : at lest define the people who are using it . ( for more security and assurance you may install KeyLogger : Just Kidding of course you can’t cause it’s a violation to privacy to whom using the PC )
2-PHP softwares cold be more useful as when run as web applications . especially when many EMR ( PHP powered ) made to be so .
3- Note for a developer : You could encrypt the DB Connection Details in a file , it’s not that time consuming as it’ll help your software becomes more usable in the venerable common used computers .
