
OpenEMR: Electronic Medical Records and Medical Practice Management Software - mabynogy
http://www.open-emr.org/
======
JusticeJuice
I'm currently working on my thesis, I'm trying to design a radically different
take on EMR/EHR systems - [http://barnett.surge.sh/](http://barnett.surge.sh/)

I've come to realize healthcare software is a significantly trickier problem
than most realize. Not in terms of technical possiblity, but other factors.

Building healthcare software is really hard - which seems like such a paradox,
because surely ensuring highly trained individuals have half decent tools
would be a huge goal for society - but almost all healthcare software is still
frankly, terrible.

After heaps of reading I've narrowed it down to 3 reasons why healthcare
software is so hard to build.

1 - Modern healthcare is complex, and varied. Building any healthcare softawre
is no easy task, even simple systems have many other systems to integrate
with. But what makes this worse, is that no two places do healthcare quite the
same. Between regions, and institutions, healthcare can vary a shit ton.

2 - Healthcare is risky. Sounds obvious, but if your software fails, people
die - but this risk creates an attitude of "dont touch it". Changing systems
has such a risk, that institutions will use the same software until it's so
out of date its not funny. This impeeds improvement and innovation.

3 - Healthcare software is hard to sell. Not in the sense that its
unprofitable, but that it takes ages to get users. Say if I made video editing
software - I could get professionals trying it out tommorrow. However, if I
make a PMS, I have to sell it to the entire practice - not just a few keen
doctors. From making contact to actually getting a small practice using your
software could literally be years - making it super hard to enter the market.

I've been working on this topic fulltime for a year now - and I must admit, I
don't have the golden answer. However, I'm designing a system as a response to
these factors, an alternative to interoperability, and would love to talk
anybody in the industry about it.

[http://barnett.surge.sh/](http://barnett.surge.sh/)

eliot.slevin@gmail.com

~~~
fny
As far as I can tell, there's no economic incentive for health care systems to
undergo these transformations willingly. Remember, the digital transformation
didn't occur until the HITECH act in 2009, which mandated the use of
electronic health records. Why digitize your operations and worry about
maintaining tech infrastructure when you can do everything on paper with a
handful of secretaries? You could argue providing better data-driven
healthcare to patients, but guess what--most health systems don't care because
_they make money every time you get sick._ [0]

With HITECH, the government forced them to transition to EHRs, and here's what
hospital systems optimized for...

1\. Reliability

2\. Optimizing billing

3\. Guaranteeing compliance with different protocols, particularly those
related to billing

Openess? Interoperability? _They don 't care._ You're piling on more technical
and administrative costs without the promise of future returns.

> ensuring highly trained individuals have half decent tools would be a huge
> goal for society - but almost all healthcare software is still frankly,
> terrible.

You know who hates EHRs the most? Doctors. Do you know who loves them?
Hospital administrators. Guess who pays for the EHR? ;)

[0]: An exception to this is Kaiser Permanente. They insure the patients for
which they care, so they're incetivized to improve health to reduce costs over
time.

~~~
Spooky23
I don't see why any physician implements an EMR. My family doctor, who was
part of a midsize practice was punished hard by adopting a system. They did it
in 2007 thinking they would save money... which didn't happen as they were
only able to eliminate 1/4 clerk positions and had to pick up an IT guy and a
consultant. Then they really got the shaft when the solution they chose wasn't
meeting Medicare guidelines. They ended up getting another system that is
worse.

Now they got swallowed up by a regional medical system and have yet another
EMR, plus they have _6_ clerical staff versus 3 and whatever outsourcer
handles IT for the hospital system.

My other doctor friend is a ophamologist. It's a small practice with 3 full
time and 1 part time doctor. They pay the fine every year for not having an
EMR and use paper and have a standalone system for sending prescriptions. He
is enormously happy with paper and feels that's it better in every way,
including cost. I agree -- I see zero value in the EMR systems.

~~~
nickpsecurity
I saw one system that seemed like a must have: apps that ensure you got the
prescription right. Paper-loving doctors screwing up prescriptions harms a lot
of patients. Especially when they insist on writing in cursive.

Much of your post seems to be about bad tech, though. It could mostly be
mitigated with a supplier that gave a shit.

~~~
gm-conspiracy
Also sounds like a shitty pharmacist and pharmacy tech.

~~~
nickpsecurity
I'm not going that far. What I read implied it was either a mental slip or
illegible writing. Some of the drug names look similar when they're written in
chicken scratch.

------
jdhe
As other comments mention, this project has been going for a while, the
central reason it (or something like it) has not been robustly built out and
deployed universally is because of the way congress chose to structure the
funding for development of EMRs/EHRs. Rather than trying to find a system that
could be universalized, the (idiotic) plan has been to give millions of
dollars to multiple corporations to develop systems, then subsidize the
purchase cost to providers to encourage adoption. Then, only once everyone has
invested in their own proprietary system will they begin trying to
universalize the system by developing cross compatibility. This methodology is
perfectly in line with the free-market approach that the US has championed for
decades. It is also the opposite of how almost every other country has
developed and adopted universal EMRs. Sad. Especially because we know that a
good, affordable universal EMR would significantly enhance the ability to
deliver care for almost all sizes of healthcare providers.

~~~
criley2
As a programmer for an American EHR firm -- all of the market share already
belongs to one of those companies you malign.

You could not have had the government sponsor some new software which would
eliminate a billion dollar software market.

It's a non-starter. All the hospitals already are signed on multi-year
contracts with those large providers. Some of the EHR providers began writing
medical software for hospitals in the 1960s and 1970s. These companies have
multi-decade relationships with the hospitals they service, and decades of
patient data stored.

What Obama and the Democrats did was to break the "paper cycle". Many
hospitals used paper-only system with very little software even into the
2000's and 2010's.

The point of investing in each company was to jumpstart their products into
meeting the huge new regulations, and the point of giving clients money to buy
this new software was to break the paper cycle.

There is no "one size fits all" option in the American market.

I find it funny that you malign our practice as "(idiotic)" when it is your
plan, quite frankly, which is so ignorant to the complicated history and
reality of medical providers and their software, that seems idiotic to me.

Your opinion sounds to me like "The US Gov should, instead of using MS
Windows, pay a company to invent a new operating system, then ban all use of
Windows, OSX and Linux to ensure all firms must use the single new solution".

We already had so many options that have existed for decades, with so many
clients, and so much built-out software infrastructure. There was no "one-
size-fits-all" solution unless your solution includes "Destroy the entire
industry, and use force of government to destroy a half dozen major software
companies in favor of the government mandated and almost assuredly inferior
option"

The crux you may not realize is how customized every major hospital system
expects their EHR software to be. I don't think you realize the sheer level of
customization these networks require, due to the size and scope of their
businesses. It takes entire teams of my company to service certain major
clients. The idea of a one-size-fits-all would have been laughed out of our
country.

~~~
Brybry
But most physicians don't work for hospitals. They work at small practices
with 10 physicians or fewer (according to the AMA).

There was a completely open market, made of the majority of physicians,
regardless of existing provider contracts with hospitals.

I know I talked to a few physicians (and other healthcare professionals) in
the mid-2000s who lamented the paperwork they had to do every day and the lack
of available computer automation.

~~~
entee
The issue with small practices and even slightly larger physician's groups is
that an EMR is often just a cost, with very little benefit.

If you're a hospital with lab facilities, imaging facilities, surgical
facilities etc. it's hugely useful to have medical records flow internally
(quasi-)seamlessly. The EMR does that well, and the large cost of typing
things into the EMR (it's slow, painful, annoying, never met a doc who
preferred it to the old clipboard and notes system) is totally worth it.

For a small practice, that intercommunication problem isn't anywhere near as
large, but the cost of typing things in painfully is the same. So small
practices hate it.

And before you say, "but it's useful to share medical records between
offices/specialists/hospitals when they move around", it turns out that a lot
of these systems don't play very well with one another. Even between two
healthcare systems that share the same software provider (in this case Epic,
one of the big two, the other one is Cerner), I've heard people finding it
easier to print it out, fax it over, and scan it back in. Yes there are people
who want to solve that problem, (see YC's own
[https://www.patientbank.us](https://www.patientbank.us)), but it's a tough
area because who pays for the service? How expensive is it to build software
that interacts with all the 10 zillion different flavors of Epic? How do you
harmonize the peculiarities in how people actually record the data in those
systems? It's really really hard.

~~~
Herodotus38
So I am a physician with a large hospital system that uses Epic. I think your
comments about poor communication (btw Epic systems) are outdated. For the
last two years when I admit a patient I can easily access all Epic records not
only in other hospitals in my state, but in the country through their system
labeled "CareEverywhere". It is a game changer and is really the main reason
why I rank Epic above other EMRs I've used.

~~~
ensignavenger
How do they prevent abuse? How does a patient know who is accessing their
records?

~~~
Herodotus38
Also, in reply to who is accessing your records you don't know. I suppose you
could ask for records of who had accessed it by a certain date, but once your
records are in there they will likely be accessed by your insurance company
for billing purposes.

You can add an additional layer of warning in Epic. I see this most often with
psych records or pts who want an extra layer, such as if they work in the same
hospital. All this entails though is an extra prompt warning requiring you to
put in a reason why you are accessing the records, and put in your usr/pwd
again and warns you it is being recorded, etc...

~~~
ensignavenger
Thanks- ideally the auditing would be done regularly, and require a reason to
be entered for any access the first time a new provider accesses your
information. Even better each patient would have a USB stick with a One Time
Token generator that would 1) hold basic emergency information on the USB
drive) 2) Generate One Time Keys to grant access to new providers. Of course,
in an emergency situation where a provider has an ID but can't find your USB
key, they could enter an over-ride with a reason- which would be strictly
audited. Also, patients should have a list of who has accessed their
information and why- and even be able to sign up for alerts anytime someone
new accesses it.

~~~
Herodotus38
So I think your ideas are good, but you have to realize the multiple competing
priorities in healthcare. When you say ideally, you mean from a privacy
standpoint. In my opinion "best health outcome of the patient" should be the
highest ideal.

Say I am working a night where I may be paged on 100 patients who I am meeting
for the first time. Just opening their records on The EMR eats a significant
amount of time. Time which I need to take care of people. Adding an additional
click would mean even less time and poorer outcomes.

You also have to realize that nobody is going to carry a USB. I have worked in
diabetes clinics where most pts don't remember to bring in their glucometer,
which is the entire point of the clinic. You have to realize that the patient
population also includes the average American (and half by definition are
below average intelligence.)

I mean, I could go on for hours and make my own personal list of the issues
with American Healthcare and I wouldn't list pt privacy in the first 100....

Not trying to be dismissive but I'm just trying to give you computer technical
folk an idea of why EMR is such a hard field and how many factors you have to
consider which is really difficult if you aren't 'in' the system. Even I who
knows more about programming than 99% of docs feel completely ignorant when I
talk to healthcare IT folks about HL7, etc...

~~~
ensignavenger
I see your points- I agree that "best health outcome of the patient" is the
priority. I don't think that is always at the cost of privacy, though. In
fact, if people feel more secure about the privacy of their information, they
will be more likely to be open and to even visit a health care provider in the
first place. (Some people may not care either way, but there are those who do-
and certain circumstances that people are more likely to care about than
others).

I don't think the challenges you mention are unsurmountable-

An ER doctor seeing 100 patients a night might have the system setup to
automatically log in as an emergency, and they already need to log the reason
for the appointment- or else there is no there is no record of it...

Setting up the initial access should be handled by staff during check-in for
non-emergency visits.

Patients are generally already expected to carry a health insurance card (at
least in the US- not sure how that is handled in countries with Government
provided health-care). As the system becomes more widespread, it would become
normal for everyone to have a security token, and they could use those tokens
for access to multiple systems, not just health care (The USB disk thing is
probably optional, just a slight improvement for when the network is down or
you can't otherwise access the information).

I also think the User Experience on the systems I have seen could be greatly
improved to reduce unnecessary clicks- and I have noticed that more often then
not though- loading information over a slow network takes more time than
navigating the GUI.

I would agree that the problems with health care go far beyond EMR systems,
but they were the topic of the discussion.

Thanks for participating, I want to better understand all of the issues and
these types of discussions help a lot toward that goal.

~~~
Herodotus38
I agree that the challenges aren't unsurmountable, but we have to make sure
that we realize everything we change has unintended and unforeseen
consequences, even things that seem as simple as adding an additional click or
checkmark.

You are right there are those who do not seek care because of privacy, but in
my experience they are by far a minority compared to the people who don't get
healthcare because there aren't enough providers to get an appointment (mostly
because they are all already too busy and overwhelmed to take on new
patients), are worried about cost, or who just are in denial about how sick
they are.

The deal with insurance cards though is that there is no problem or issue if
you don't remember to carry it. Registration can still be done, they just look
you up by name, address, or SS# if needed. Not to belabor the point (because
as you mention you could use a network) but any system that depends on people
carrying something will have a lot of caveats.

No matter what you pick it will sometimes not work, the network will be down,
the USB flash memory will no longer work, the USB port will be broken, etc...
so there will have to be a non-emergency allowance for 'token' system not
working. How are you going to verify it really isn't working and that people
aren't just clicking 'not working' because it is easier (or because they are
malicious and lying to steal data...).

With regards to automatically logging people in: Consider your ER doctor
system, ok that works when it is logged as an emergency in the ER. Now
consider my role. I am a hospitalist, meaning I admit patients to the hospital
and take care of the ones already admitted. Should I already be covered under
the emergency since they are sick enough to be in the hospital or do I have to
go through additional steps to log in to address a patient who just needs some
extra nausea or pain medications or a sleeping pill? If I have to log in it
detracts from the time I can spend dealing with a patient who suddenly has a
more pressing issue (such as new chest pain that needs to be seen)? Of course,
I am going to see the chest pain patient and so the nauseated patient is
miserable for a few extra minutes. Now this sounds like squabbling over a loss
of seconds but in reality managing an inpatient service is juggling multiple
pages at once for sometimes several hours straight on many patients, triaging
what needs to be done urgently vs later, and admitting patients, etc... It can
be nonstop. So just one additional step really does add up.

So you can then say, why not have it set up that once a patient is admitted,
they get logged in once and then you don't have to worry. I would then answer
that that is basically what we do now. When you get admitted to the hospital
you sign a release which covers this.

I will bring up another issue: you say a new provider should only have to log
in once. Do you really want a provider you saw maybe 5 years ago for a one
time visit have access to your records. How long until they have to
reregister?

Another issue: What if you have tests done that aren't resulted by the time
you leave the hospital. For example you have a blood culture that becomes
positive after 5 days which means you need to be notified to get new labs
done. The doctors that took care of you are off shift or on vacation. Usually
this is taken care of by another provider, who you may never meet, are they
going to be covered under the token system?

Out of curiosity what is your background in this since you mention User
Experience?

------
ipunchghosts
EMR is simply too messy for openEMR to put a dent in the issue. I truely wish
it were different. If insurance carriers are permitted to operate across state
lines in the future, i think there is a chance of a Google or Microsoft
getting into the space which I think is the right way to go. Right now, the
large companies managing EMR and huge monoliths that simply don't care about
innovation. They are like defense contractors to the military.

If the market ever opens up and consumers have more choice, its clear that
someone like google or MS would win and I honestly believe really give
healthcare a boost in this country.

~~~
swalsh
Google actually gave it a shot, and then eventually gave up.
[https://en.wikipedia.org/wiki/Google_Health](https://en.wikipedia.org/wiki/Google_Health)

~~~
FLUX-YOU
That sounds more like a patient portal used by patients. Building something
for physicians, nurses, revenue personnel, lab personnel, and practice
managers is a completely different game.

~~~
neandrake
I think the idea they were going for is that Google Health would be an EMR
intended to be used by institutions except that the patient is in control of
their record - enabling them to take their health record to any provider. The
problem is that institutions have close to no reasons for investing into
something like that.

I think Microsoft HealthVault was more of what you describe, where it's a
portal intended to be used by patients.

~~~
nradov
No, @FLUX-YOU has it right. Google Health was only ever intended as a patient
portal (PHR) and was a direct competitor to Microsoft HealthVault. Google
never added any EMR features. In fact after the initial release they never
added any features at all; they just lost interest in it and shut it down.

------
messo
Norway has been building a universal and state-run system the last couple of
years, which gathers all the patient information in one centralized system.
Existing commercial companies that already deliver solutions to doctors and
hospitals have integrated this new system into their existing products. It is
practically interoperable by now. I believe this is the way to go. The system
was beta-testet last year, and is being rolled out to doctors offices this
year.

This will benefit both doctors and patients, as they no longer need to
manually juggle between countless different systems (and plain old
paperfiles). Overmedication (and dangerous drug interactions) has been a real
problem for decades, because one doctor does not know what the other has been
doing. When a patient has to visit different hospitals, they have to take new
blood samples, tests etc.

Patients can now log in to one service (helsenorge.no), with the same security
as other state-run services (taxes etc), they get access to their complete
health journal, they can order an appointment at their local doctors office,
order an online consultation, reorder prescriptions etc.

Maybe something for other countries to learn from?

~~~
ensignavenger
How do patients authorize a new care provider to access their data? How do
patients prevent the government from accessing their private health data?
(Obviously the latter is a problem even for distributed systems, but a lot
easier if the government already has the data on servers they control!)

------
walrus01
If people had any idea how much antiquated medical software is out there in
production running on Windows 98, 2000 or XP and coded in _Visual Basic_ they
would run away screaming. It's seriously that bad.

~~~
wallace_f
I did some work for a company that had 100+ banks running accounting software
developed in Visual Basic in the early 90s.

Unfortunately, this experience, supporting obsolete, spaghetti-code-nightmare,
opened my eyes to the world that business is done in a much dirtier way than
how I imagined growing up.

~~~
walrus01
Willing to bet you $5 that the spaghetti code accounting software written in
VB in the early 1990s is actually a GUI front end on top of an AS/400 or an
IBM system/360 thing that's now running in emulation on a "mainframe".

~~~
orionblastar
Showcase ODBC is what we used to talk to Big Iron databases. People could not
learn the IBM Mainframe or AS/400 systems. So we made a VB GUI frontend using
Showcase ODBC to contect to the database. It was a lot easier that way.

------
exception_e
Please read about our groundbreaking v5 release here:
[https://medium.com/openemr/complete-meaningful-use-
certifica...](https://medium.com/openemr/complete-meaningful-use-
certification-1627b989d9bb#.5c9it7a59)

~~~
tim333
Congrats.

------
brianmartinek
Does anyone know of a EMR system that could house my household/personal health
data? One of the struggles I have is organizing my own health data in a
singular place with structured data formats, document uploads, etc.

The closest thing I have found is
[http://mymedicalapp.com/](http://mymedicalapp.com/) but it appears to have
been abandoned by the developer.

~~~
lukas
picnichealth.com

~~~
brianmartinek
Thanks for the recommendation. It is what I am looking for except that it
doesn't seem to offer any upload options if there are holes in the data they
retrieve. Still, a step in the right direction and I'll give it a try.

~~~
nogaleviner
PicnicHealth CEO here. You won't have this problem because we don't miss any
data :) But really, if you have old stuff we can't get anymore we can find a
way for you to send it over.

------
Skeletor
I think it's great that there are projects like [http://www.open-
emr.org/](http://www.open-emr.org/) , [https://oscar-
emr.com/oscar/](https://oscar-emr.com/oscar/) ,
[http://openmrs.org/](http://openmrs.org/) , and
[https://www.hl7.org/fhir/http.html](https://www.hl7.org/fhir/http.html) ;

I think these tools would be even better if they released their code under
LGPL (instead of GPL) so that lazy commercial EHR developers would reuse and
help maintain some core modules to promote more interoperability.

I don't think it's going to ever be possible (or that it is even desirable) to
ever have a "Universal EHR" that everyone is forced to use through either
government intervention or through market/economic forces. We can all exchange
emails with each other, but we aren't all forced to use the same email client

The reason that the entire healthcare system seems broken to most consumers is
legacy EHR systems in large hospitals. These legacy enterprise vendors are
essentially what Oracle was 20 years ago in the rest of the enterprise
software market before companies like Salesforce.com came along. Another part
of this "broken" feeling is the difficulty of exchanging data between
different EHR systems; but this doesn't have to be the case.

"If you've seen one HL7 standard implementation, you have seen exactly one HL7
standard implementation." Which means most systems don't interoperates with
anyone else's systems unless there is an existing commercial relationship that
forced everyone to interoperate on a local scale.

For anyone looking to work on an idea to improve healthcare check out:
[https://www.drchrono.com/api/](https://www.drchrono.com/api/) and/or
[https://www.drchrono.com/careers/](https://www.drchrono.com/careers/)

~~~
mabynogy
Very clear and interesting concept:

[https://app.drchrono.com/ehr-emr/medical-form-
templates/5561...](https://app.drchrono.com/ehr-emr/medical-form-
templates/556163/initial-assessment)

------
hitgeek
this project has been around for a long time. I always take a look at it when
I need a reference system for thinking about data models or ux related issues
for health record type projects.

looks like it got a major facelift since the last time I checked it out. that
must of been a lot of work. congrats to the contributors for making that
happen, looks more modern.

~~~
brady_m
Yep there was a lot of work both above and under the hood to modernize OpenEMR
on the most recent release. Also was a several year effort to get complete
meaningful use certification. Can see here for some more details on both
efforts: [http://www.openhealthnews.com/content/openemr-achieves-
compl...](http://www.openhealthnews.com/content/openemr-achieves-complete-
meaningful-use-certification-breakthrough-release-50)

------
kakoni
We've been gathering various open source health projects here.
[https://github.com/kakoni/awesome-health](https://github.com/kakoni/awesome-
health)

~~~
exception_e
Just sent both an issue and a PR. Great idea!

------
rdudek
How are they planning on pushing it to hospitals? All major players have
adopted Epic EMR, at least here in Colorado. And once they have a system,
they'll stick with it due to premium support and huge cost will prevent
switching.

~~~
keltor
Epic, Cerner and Meditech are the largest EHRs and they combined control just
about 50% of the market. Epic and Cerner tend more towards the Academic
hospitals and Meditech and McKesson (#4) tend towards the Commercial
hospitals.

There has also been a ton of incentive payments from CMS that have almost
exceeded the EHR industry as a whole.

There have also been quite a few big switches from the 90s to today, a bunch
of them from Meditech/Epic/Cerner to others, so it can definitely happen.

------
davidlee1435
Github repo:
[https://github.com/openemr/openemr](https://github.com/openemr/openemr)

------
kevinmannix
This is huge. I previously worked for a healthcare startup, and it seems like
for every other healthcare startup we worked alongside or networked with, all
roads lead to EMRs. It was (felt like) an impossibly large task without a
clear path to execution due to the tangled web of healthcare IT & regulations.

Something like this is huge, especially to potential competitors that now have
a target to aim for.

~~~
keltor
Unfortunately most of the time you end up having to individualize so much data
structure for each deal it's a gigantic pain.

------
tfaruq
What is the different with OpenMRS [http://openmrs.org](http://openmrs.org) ?

------
sidcool
There's a pretty nifty open source OpenMRS app called Bahmni that is widely
used in poor countries. A lot of my friends contribute to it. Worth checking.

------
jasondc
There is even open source dental software, open source is seriously eating the
enterprise (and healthcare) software world!

I run OpenDental for my wife's practice in North Beach, SF. It's licensed as
AGPL, but I'll still take it :)

~~~
cmdrfred
I supported this for a few years as a sysadmin. The most flexible EMR
application I have ever seen.

~~~
jasondc
I think it's getting more and more popular, hearing about a lot of offices
switching to OpenDental. I'm not sure how proprietary software will compete in
the future.

It's been pretty easy to run, no complaints other than the usual MySQL ones.

------
SteveNuts
Having HTTPS enabled on their site would go a long ways for software like
this.

~~~
exception_e
It's an issue with Source forge. We're working on this.

~~~
oomkiller
After sourceforge bundled malware with downloads, it's hard to trust a project
that stuck with them, especially with health data, especially when there are
numerous alternatives that are better.

~~~
exception_e
It's just for our website and wiki. We've moved to Github for the most part.

There is talk between myself and a couple of other contributors to move the
site and wiki to AWS :).

Feel free to volunteer to speed this up, of course.

EDIT: Misread your comment. We are hosting downloads on the SF site. Really
need to move to AWS...

~~~
SteveNuts
How much traffic do you get? and is it all static?

------
ipunchghosts
As much as I would love this, I simply dont think it will work. Why? Epic is
simply too big and has too much of the market and they are too far behind.

I use picnichealth.com to deal with this EMR mess and I love it!

~~~
entee
The pricing seems incredibly high, am I understanding correctly that they want
~$300 up front then $33/month thereafter?

That said, working in this industry, I know exactly how hard it is to do this
right. In many ways this is what it costs to do the job, if not more, but I'm
not sure I'd pay it. There's the tragedy of the whole EMR/patient data story:
bloody expensive, who pays?

~~~
nogaleviner
PicnicHealth CEO here. We did raise prices to keep quality super high as we
scale, but here's a nice discount for our HN friends. Enjoy!
[https://picnichealth.com/friends-of-picnic](https://picnichealth.com/friends-
of-picnic)

------
dualboot
We've had an incredibly well adopted open-source EMR solution here in Canada
for quite a while.

OSCAR

[https://oscar-emr.com/oscar/](https://oscar-emr.com/oscar/)

------
qrbLPHiKpiux
I use open dental. Tell me how open it is. An open EMR in healthcare does not
mean much. Take a look at the necessary support needed to have the proper
compliance.

~~~
exception_e
Not sure what you mean... can you please be more specific?

OpenEMR is 100% open source. It's GPL'ed :).

As far as compliance, we are happy to inform you that OpenEMR is now 2014 ONC
Ambulatory EHR Certification complete.

EDIT: If you're asking about support, there are over 30 professional vendors.
Community support​ is also available.

If you have further questions, feel free to reach out to my email (in my
profile).

------
peterwwillis
I came here to ask the question "Has anyone (hopefully) done a 3rd party
security audit of this open source medical records software?"

But then I saw this: [http://www.open-
emr.org/wiki/index.php/FAQ#What_is_ImageMagi...](http://www.open-
emr.org/wiki/index.php/FAQ#What_is_ImageMagick.3F)

And then this: [http://www.open-
emr.org/wiki/index.php/FAQ#What_are_the_corr...](http://www.open-
emr.org/wiki/index.php/FAQ#What_are_the_correct_PHP_settings_.28can_be_found_in_the_php.ini_file.29.3F)

..... [http://www.open-
emr.org/wiki/index.php/FAQ#What_do_I_do_if_I...](http://www.open-
emr.org/wiki/index.php/FAQ#What_do_I_do_if_I_am_locked_out_of_OpenEMR.3F)
[http://www.open-
emr.org/wiki/index.php/FAQ#What_is_OpenEMR.2...](http://www.open-
emr.org/wiki/index.php/FAQ#What_is_OpenEMR.27s_default_Username.2C_Password_and_other_related_issues.3F)

God help us all.

~~~
brady_m
Agree that security is an important topic.

Note there has not been a default password for about 5 years, and will update
the FAQ.

Regarding the other FAQ links you posted, what specific security issues are
there with those?

To get an idea of OpenEMR's security, recommend checking out the following
section on the wiki(1 of those links has several 3rd party security audits):
[http://www.open-
emr.org/wiki/index.php/OpenEMR_Wiki_Home_Pag...](http://www.open-
emr.org/wiki/index.php/OpenEMR_Wiki_Home_Page#Security)

~~~
peterwwillis
It shows the use of ImageMagick, a legendarily buggy and insecure application
and library. It shows the use of system crypt() for password hashes, which
isn't really very secure since (afaik) it doesn't support pbkdf2 on most
systems or bcrypt (not the blowfish one) or script. It shows hardcoding
database credentials in a flat file. And it shows it uses PHP, which has its
own security problems as well as being well known as a language used by people
not aware of secure coding practices.

------
mbrookes
If you're interested in or working on medical software, you might be
interested in Clinical Meteor:
[http://clinical.meteorapp.com/](http://clinical.meteorapp.com/)

"clinical:meteor is an open-source project creating a next-gen framework for
building healthcare apps".

------
pdimitar
I don't mean to come across as an asshole; I applaud the effort!

But seeing hierarchical menus just made me close the tab immediately. There
are others, much more human-approachable, UI paradigmas.

If we want to push meaningful software to the non-tech-savvy people to make
their lives better, we have to start letting go of ancient UX methodologies.

~~~
tim333
What would you use instead?

~~~
pdimitar
I would analyze the most used click paths and extract the real-life scenarios
people are serving with them, and just make buttons for them. Clicking them
will provide you with a wizard-like interface that aims at a specific need.

Obviously this cannot replace all menus but hey, it's a start.

Please note: I am not an UX expert. It's just what I subjectively find as a
common-sensical approach.

------
amelius
Does it allow anonymization of patient data, so that it can be used for
research?

~~~
robertdown
Yes, openEMR allows for de-identification of patient data!

------
lacampbell
My first permanent IT job was actually working with practice management
software. It worked across multiple jurisdictions with fairly minimal changes
- an appointment is an appointment in any country.

I actually suspect it violated several laws - I remember I had full access to
a database stored offshore where patient notes were there in plain text, along
with their names and addresses. I emailed the privacy commission about it but
they wanted to me to name names and I was scared of losing my job.

So yeah, I hope you encrypt notes.

------
edimaudo
Is it easy to use? Does it reduce the amount of paperwork to be done? How safe
is it?

~~~
robertdown
I think it is easy to use, and yes it has the potential to nearly (if not
completely) eliminate all paperwork in your clinic.

As far as safety, openEMR is fully HIPPA compliant as well as 2014 ONC
Complete Ambulatory EHR certified (a/k/a Meaningful Use 2).

------
vpn1951
vpn1951@yahoo.com; ask me your questions and I will give answers to what I
can.

