[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Filemaker 5.5 Database Online

Posted on 2005-05-12
Medium Priority
Last Modified: 2010-04-27
We currently use Filemaker 5.5 to run a proprietary laboratory database system developed for our company.  We are looking into ways of allowing our clients (physicians) to access the system to be able to retrieve results for there patients on tests that they have asked us to perform.  We would like to give them the ability to view the results without comprimising the system while it is in production.  We are looking into ideas in which this could be accomplished in the most secure way possible.  As a medical facility we need to deal with HIPAA regulations and are looking into something we could implement having all this in mind.

Question by:mdltech
  • 3
  • 2
LVL 19

Expert Comment

ID: 13999619
I have a few questions.

How many clients will actually access the system at the same time?
How much data will be retrieved in a session?
Do they want to access the data through a web browser?
Do you have the ability to make design changes to the existing files?
Are you using FileMaker Server?
Do you plan to upgrade to FileMaker 7?

Here are my thoughts...

First option would be to publish the data over the web via a secure site that requires login.

FileMaker 5.5 has its own web publishing capabilities that could be used for this purpose. The main advantage of the internal web publishing features is that it's very easy to set up. However performance could be a problem if lots of people are hitting it at once.

You can also publish the data through a separate web server using something like Lasso
or the free package FX.PHP
This would allow you to create a web application in PHP using FileMaker as a back-end database.

Using a separate web server would allow more simultaneous uers, and probably help with performance, and would give you more flexibility with security. If you want to go with a web-based solution, I'd recommend this approach over the built-in web publishing, mostly for the security advantages.

Another is to create an actual VPN (virtual private network) that allows the physician to connect directly to a database server you control, and give each physician a FileMaker application that accesses your database. This is probably more secure as far as preventing outside users from accessing the system, since you can control the encryption level and who gets the client. But it's more complex, and the physicians would have to buy a copy of FileMaker to use.

One warning. HIPAA has been a goldmine for vendors who use scare tactics to sell expensive security solutions that may or may not really be needed, so don't let someone fool you into thinking you must buy special custom hardware and software to be HIPAA compliant. That just isn't true. HIPAA does not require use of state-of-the-art security technology. In fact, HIPAA doesn't make any specific recommendations as far as technology is concerned.

What you do need to do is take all reasonable measures to protect your data. In my opinion this means being careful who you give access to the system, using strong encryption to protect your network traffic over public networks, requiring the use of STRONG passwords that are changed on a regular basis, automatically logging people out after a short inactivity period, thorough tracking and auditing of all logins to the database, and monitoring the system for suspicious activity. You'll also want the clients to sign an agreement stating that they will not try to circumvent any of that stuff, and that they will not share passwords, etc. This will help make sure that if there is a security breach, the person actually responsible gets the blame.

Author Comment

ID: 14010233
Hey Bill,

Thanks for your answer.  Regarding some of the questions asked here are some answers:

How many clients will actually access the system at the same time?
Still to be determined.  This is an option many physicians have been asking for so a survey would need to be performed to see those which are interested in this service from us.

How much data will be retrieved in a session?
Physicians will only be viewing there patient results and possibly printing them when needed.

Do they want to access the data through a web browser?
I guess it all depends on what options we use.  I mean I was thinking perhaps using a security box like F5 Networks or Enkoo in which the physician could come via a link and access a secure connection with us and then be ablt to run TS to get access to a server running Filemaker Pro that would access our database.  The only problem with that is we would not particularly want the physicians to access the database in production because it might have impact on performance on our end even though the main thing physicians will be doing is viewing results and nothing else.

Do you have the ability to make design changes to the existing files?
We can make changes to the actual database.  The application was actually created by my boss who developed it.  So changes could be made.

Are you using FileMaker Server?
Yes we are using FileMaker Server 5.5

Do you plan to upgrade to FileMaker 7?
We are planning on doing that but really were counting on hiring another Filemaker developer that would assist in the process because there are a couple of things that need to be performed before doing the upgrade in regards to the database.

I actually had also thought about having a secure web server that physicians could access with a username and password.  I thought this might be a good idea because the thing is that we were thinking about possibly running another FileMaker server just for physicians in which they would connect via VPN and TS and access a server running the Filemaker Pro client to access that seperate database.  The actual database content would be about a day old because we would need to every day make a copy of the database in production and move it over to this seperate server we would have setup.  The only thing is that we would face issues on having that additional server as not part of our network.

I think we would need to look into a solution as you mentioned best regarding a Web Server and have our current Filemaker database as the back end database.  I guess we need to consider the options and which solution would be best for us so we could have the overall performance for physicians to access the system as well as not impacting our database in production.

Any other ideas Bill would be gladly appreciated it.
LVL 19

Expert Comment

ID: 14011745
Is it a design requirement that the physician-accessed database be physically separated from the production database, or is this just an idea you were considering? Doing that will ensure they can't make changes to the real data, but there are several other ways that could be done without having to maintain two copies of the database. Also, this doesn't provide any advantage as far as securing the data from being read.  

Allowing the physicians real-time access (versus having to wait a day) would add value to the service, and could be done without any real risk of them altering existing data, especially with a web interface.

If you're not comfortable with that, you could still have faster updates by running an import where any newly created records are imported from the live database into the published copy, and this can be run on an hourly basis, or whatever.

I think a web-based solution will give you the most flexibility. A VPN solution with terminal server might be better protection against an untrusted third party, but that's only part of the HIPAA battle. You also need to ensure that the legitimate users are restricted to seeing only the data for their own specific patients, and allowing the user access to the OS will make that more complicated. Client configuration would also be more problematic.

One thing you need to be aware of is that there are significant differences between FM5 and FM7, especially with regard to the web publishing and data sharing.

If you do plan to upgrade to 7 soon, my suggestion would be to use FileMaker Server Advanced, and use the custom web publishing feature to generate reports over a secure web connection. The Server Advanced package has a separate web publishing  piece that communicates with FileMaker server, but does not have its own web server. It uses Apache or IIS. Each piece can be running on a separate machine. That gives you a lot of flexibility in terms of controlling both security and performance impacts.

FileMaker 7 has far better security and user management capabilities than previous versions.

If you plan to stay with FM5.5 for a while, then I'd suggest you try to find a copy of FileMaker Unlimited. It's no longer sold by FileMaker, but can still be bought through resellers.


Author Comment

ID: 14030614

We would like the physicians to actually not have to go onto the production system but at the same time I think it would be good if the data that physicians access is current.  I mean we first started with the idea of running another copy of the database just for phyisicians and we were thinking about creating VLANS to keep that additional server seperate from our current network and then possibly use a box like F5 networks to provide a SSL VPN for the physisicans but I am really looking in the options we have to choose from and which solution would be best for us.

Already in our FileMaker database the functionality has been developed in which each physician will only see there own patients and no one elses. Regarding the upgrade to FileMaker 7 I am not sure when that will occur.  I know that there are more robust features in this new version that would probably help tremendously in this task we are trying to accomplish.

I guess the bottom line is just examining the options and what would be best to do.  I personally would like to put a solution in place that would be able to handle the growth of users as well.  For example if possibly in the beginning we only have 50 people who would take advantage of this service, down the line there might be 200 or so on (just setting as an example not real figures) but I think we need a solution that we implement once and is upgradeable and as we grow we won't need to redesign a whole new solution to accomplish this.

We do have FileMaker 5.5 Unlimited.
LVL 19

Accepted Solution

billmercer earned 1000 total points
ID: 14032073
Since growth potential is important to you,  you should probably consider developing a web front-end in PHP, and using the FX.PHP package to communicate with FileMaker. This separates the user interface from the database engine, which will help performance, especially with lots of simultaneous users. The user requests the data through the web, the request is passed to the FX.PHP module, which then connects to the FileMaker database through its web publishing, retrieves the results, and passes them back to the web server, where the end user can review them. This maintains a good separation between the FileMaker database and the web site users, and gives you some separation of interface from engine, which is good for flexibility and growth.

However I really think your first priority should be to decide whether you want to stick with 5.5 for a while (at least a year or so) or make the jump to version 7 immediately. The reason being the extremely dramatic differences between the two versions, especially with respect to web publishing and data interchange. It's true that version 7 has some tremendous advantages over previous versions. But the differences in the file format and data sharing are so great that you almost have to start from scratch when making the change from 5 to 7.

You can take an existing FM5 solution and just convert do a simple conversion to FM7, but doing that will limit your ability to take advantage of FM7's new features, so it's generally not recommended.
The only way to publish data from an FM7 server is by purchasing the Server Advanced product. Also, the web publishing language is totally different. CDML has been eliminated, and replaced with an XML-based system. In short, it's NOT a gentle transition.

Budget will be important here, since you already have the software you need for version 5.5, and v7 will require upgrading all clients to version 7, and purchasing Server Advanced, which is $2500 by itself.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop up windows can be a useful feature of any Filemaker database.  Though best used sparingly, they can be employed in a multitude of different ways, for example;  as a splash screen at login, during scripted processes to control user input, as pick…
Conversion Steps for merging and consolidating separate Filemaker files The following is a step-by-step guide for the process of consolidating two or more FileMaker files (version 7 and later) into a single file with multiple tables. Sometimes th…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question