Hello,

I am looking for any opensource package for "appointment system" for
doctors, please let me know. This is just o take Name/Phone/time,
incase if there is not any opensource, then is it hard to implement
using web/php/mysql?. Please let me know.

GS

GS wrote:
> Hello,
>
> I am looking for any opensource package for "appointment system" for
> doctors, please let me know. This is just o take Name/Phone/time,
> incase if there is not any opensource, then is it hard to implement
> using web/php/mysql?. Please let me know.
>
> GS
>

Don't know of one offhand, but a caution. If you're in the U.S., you need to be
very careful. This could be covered by HIPAA and security would be very important.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

"Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
news:9ZadnRMPk_zivcnZnZ2dnUVZ_tednZ2d@comcast.com. ..
> GS wrote:
> > Hello,
> >
> > I am looking for any opensource package for "appointment system" for
> > doctors, please let me know. This is just o take Name/Phone/time,
> > incase if there is not any opensource, then is it hard to implement
> > using web/php/mysql?. Please let me know.
> >
> > GS
> >
>
> Don't know of one offhand, but a caution. If you're in the U.S., you need
to be
> very careful. This could be covered by HIPAA and security would be very
important.
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstucklex@attglobal.net
> ==================
Your so right!! And not only doctors, but also anyone or organization that
deals with personal data that could be considered diagnostic. (support
groups, therapy etc.) I've been bitten by this dog already.

Al Kolff alkolffx@eartlink.net
remove the x
"Experience is a hard teacher because she gives the test first, the lesson
afterward. But properly learned, the lesson forever changes the man."
~ Randy Alcorn, Safely Home

Jerry Stuckle wrote:
>> This could be covered by HIPAA and security would be very important.

What more can someone do beyond basic passwords to keep unwanted users
out? I dont see how personal info needs to be treated with the same
security as credit card and social security numbers.

veg_all@yahoo.com wrote:

> What more can someone do beyond basic passwords to keep unwanted users
> out?

Here are some examples. Not very practical, but sometimes might be even
required.

- Using strong passwords or forcing users to use strong passwords. It
would also be possible to require two persons to login at the same time,
before data is revealed.

- Data should be kept in crypted form instead of plain text, and the
algorithm used should be strong enough to hold the privacy, even if the
algorithm itself is known. To prevent data leaking if someone steals the
hard drive or happens to gain access to the server itself.

- Access to the data can be restricted. Usually it is not required that
everyone can access to everyones data in every day. To prevent attacks
from inside and preventing someone to steal the whole database within a
single and fast attack.

- Logging can be used to save reconds of possible abuses or abuse attempts.

- There should be no access to the data via public networks, directly or
indirectly as that would give potentiaaly anyone access to the computer.

- There should be no public access to the computer that holds the data,
or is connected to the computer that holds the data. Same thing as it is
with Internet, except in smaller scale.

veg_all@yahoo.com wrote:
> Jerry Stuckle wrote:
>
>>>This could be covered by HIPAA and security would be very important.
>
>
> What more can someone do beyond basic passwords to keep unwanted users
> out? I dont see how personal info needs to be treated with the same
> security as credit card and social security numbers.
>
In the United States, giving out someone's social security or credit card number
is not a federal offense. Giving out any medical information without their
consent is. Do some searches on HIPAA.

So - if you value your freedom, any personal information having to do with the
medical field has to be guarded with even more care than credit card and social
security numbers. The law is very strict and penalties severe.

And yes, there are a number of things you can do beyond basic passwords. And
when dealing with medical information, some of these things MUST be done.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Jerry Stuckle wrote:

> So - if you value your freedom, any personal information having to do with the
> medical field has to be guarded with even more care than credit card and social
> security numbers. The law is very strict and penalties severe.

I dont understand the logic behind this. If someone steals my cc and
ssn, I lose thousands of dollars and enormous amounts of time. If
someoen finds out I have a doctor's appointment at 2PM, what is the
loss? Regardless of what the law says, the two breaches are not of the
sams magnitude. Plus there tons of people trying to hack and find cc
and ssn numbers, but how many people are hacking to find medical
information? I understand what you are saying about the HIPAA law, but
it does not seem very practical.

veg_all@yahoo.com wrote:
>>So - if you value your freedom, any personal information having to do with the
>>medical field has to be guarded with even more care than credit card and social
>>security numbers. The law is very strict and penalties severe.
>
> I dont understand the logic behind this.

Laws are designed often for political reasons, not for reasons of
consistency with other laws.

In any case, we don't need to agree with it, it's the law and it must be
taken into account. If you're a programmer on a medical information
system, you had better learn HIPAA and do what it takes to comply, or
else the organization for whom you're designing code could suffer huge
consequences.

Regards,
Bill K.

>> What more can someone do beyond basic passwords to keep unwanted users
>> out?

I would add to the list of security practices to train the users of the
system how to recognize and resist "social hacking". This may be an
even more risky area of computer security than any of the software
solutions we programmers can implement.

See:
http://en.wikipedia.org/wiki/Social_hacking
or books by Kevin Mitnick

Regards,
Bill K.

GS wrote:

> Hello,
>
> I am looking for any opensource package for "appointment system" for
> doctors, please let me know. This is just o take Name/Phone/time,


Leaving aside the big discussion about security (it should be secure) what
did you do to try and find one? Try Searching freshmeat for PHP and
Calendar. There are a lot out there.

> incase if there is not any opensource, then is it hard to implement
> using web/php/mysql?. Please let me know.
>

Is it hard? Compared to what? Harder than implementing it using paper and
crayons, but easier that with FPGAs.

C.

veg_all@yahoo.com wrote:
> Jerry Stuckle wrote:
>
>
>>So - if you value your freedom, any personal information having to do with the
>>medical field has to be guarded with even more care than credit card and social
>>security numbers. The law is very strict and penalties severe.
>
>
> I dont understand the logic behind this. If someone steals my cc and
> ssn, I lose thousands of dollars and enormous amounts of time. If
> someoen finds out I have a doctor's appointment at 2PM, what is the
> loss? Regardless of what the law says, the two breaches are not of the
> sams magnitude. Plus there tons of people trying to hack and find cc
> and ssn numbers, but how many people are hacking to find medical
> information? I understand what you are saying about the HIPAA law, but
> it does not seem very practical.
>

No, the breach of medical information can be even more severe. For instance -
what if that doctor is an oncologist? That suggests a potential case of cancer.
And if that news got out, it could cost you your job, your insurance and worse.

A credit card number getting out is a hassle in comparison. I know - I've had
it happened when a database was hacked. Not fun, and it took some work to
straighten it out, but that I did.

As for whether you think it's practical or not - it is the law. And violating
it can land you in prison.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Bill Karwin wrote:
> veg_all@yahoo.com wrote:
>
>>> So - if you value your freedom, any personal information having to do
>>> with the
>>> medical field has to be guarded with even more care than credit card
>>> and social
>>> security numbers. The law is very strict and penalties severe.
>>
>>
>> I dont understand the logic behind this.
>
>
> Laws are designed often for political reasons, not for reasons of
> consistency with other laws.
>
> In any case, we don't need to agree with it, it's the law and it must be
> taken into account. If you're a programmer on a medical information
> system, you had better learn HIPAA and do what it takes to comply, or
> else the organization for whom you're designing code could suffer huge
> consequences.
>
> Regards,
> Bill K.

Bill,

Actually HIPAA wasn't designed for political reasons. It was designed because
people would lose their jobs if their employer found out they had a serious
disease. They could lose their insurance if the insurance found they were
genetically prone to certain diseases. There could be all kinds of consequences.

Medical information is supposed to be private between the doctor and the
patient. The patient can request its release to specific parties, such as
insurance companies, which obviously want to know what they're paying for.

With the advent of the internet, there are many more possibilities for
information to get out - either because someone was careless with the info, used
an unencrypted wireless connection, hacked a site, or whatever. HIPAA is
designed to protect that information from getting out, either via the internet
or otherwise.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Jerry Stuckle wrote:
> HIPAA is designed to protect that information from getting
> out, either via the internet or otherwise.

Thanks for the info, Jerry. Those are good things to be concerned
about, and HIPAA is a good thing.

Three cheers for HIPAA! Hip, hip, hooray!

(Sorry, I couldn't resist.)

Regards,
Bill K.