Solved

PHP/MySQL for Enterprise Healthcare Software?

Posted on 2013-06-28
10
597 Views
Last Modified: 2013-10-11
Experts,
I'm in the process of planning a new Software application for the Healthcare Insurance company industry.

I'm leaning towards PHP/MySQL since there are a lot of php/ajax software scripts that I can easily integrate with.

I know that when dealing with Health Insurance companies, secure patient info is extremely important to them.  Many of their apps are Java and either Oracle or MS SQL.

I'm comfortable with the decision to use PHP/MySQL, but I know that I'll likely have a hard sell, especially in this industry.

I was reading a few older posts about thoughts on php/MySQL as an enterprise software application.

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_20797427.html
http://www.experts-exchange.com/Database/Software/Microsoft_Enterprise/Q_27442704.html

These are a few years old so I'm really curious to what everyone thinks.

Thanks,

-dsg
0
Comment
Question by:dsg138
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 100 total points
ID: 39286211
Here's a fairly good discussion.  stackoverflow.com/questions/130869/can-php-handle-enterprise-level-sites-as-well-as-java  It even notes that PHP can have precision problems with artithmetic.

Securing patient info is the law and is almost more important than anything else.  http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityruleguidance.html
0
 
LVL 48

Assisted Solution

by:PortletPaul
PortletPaul earned 100 total points
ID: 39286227
>>since there are a lot of php/ajax software scripts
mmmm, please read this
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
many of those things you want to leverage may be out-of-date

>>when dealing with Health ... secure patient info is extremely important to them
literally paranoid would be a closer description (for good reason!)
consider this in the context of "selling your solution" (see next)

>>Many of their apps are Java and either Oracle or MS SQL
your market has declared its preference
introducing a new platform has substantial costs to an enterprise
(not just he 'purchase price' but the skills to maintain, the cost to support and so on)
In my experience, enterprises are seeking to reduce vendors to an absolute minimum - this always favours the 'big and established players'

if you are offering against these, the 'objection will be strong'
if the 'objection is strong' you will have a harder time selling
(and your cost of sale will be higher too)

>>MySQL itself
mmm, hard one, who knows where this will head, but there are already branches and of course extensions - but to an Enterprise this is confusing, confusion makes them nervous - if they are nervous they see risk - if it's an Insurance company they are experts at risk.

Look for:
MariaDB (branch)
Percona (Percona Server, support services)

(you may want to visit Percona btw, there's a calculator there that compares their support services to those of Oracle - this gives you some (small) insight into the enterprise's cost of a different platform)

And, I know I will get flamed for this, but there is still an impression out there that PHP isn't for serious applications (i.e. seen as 'low end'). Add that to some some possible confusion over MySQL.

I am the voice of dissent I guess, but I think I would be looking at J2EE + Oracle/Mssql
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39286244
I forgot to mention that PHP is really intended for use from a web server.  It would be a real stretch to get it running as a desktop app.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 77

Expert Comment

by:arnold
ID: 39286247
The front end you are designing can be independent of the backend storage.
There are ways to integrate PHP with MS SQL, Oracle, Mysql, And IBM DBMS.

The main issue that was pointed out earlier deals with HIPAA.
Access to data, logs/record keeping of which user accessed what record, changes.
For an insurance company there are record/claim/etc. which access security/privileges.  
handling claim/eligibility, etc.

If you are creating an actuarial/statistical/expense type of an application that tries using existing data to project future rates/age group.
0
 
LVL 109

Assisted Solution

by:Ray Paseur
Ray Paseur earned 100 total points
ID: 39286589
Since this is just a blue-sky discussion and doesn't really require a technical answer, I'll throw out a couple of ideas.  All of Digg, parts of Yahoo and Google, nearly 100% of Facebook are PHP machines.  PHP + MySQL powers literally millions of web sites (all of the WordPress blogs).  If your application is built on a RESTful design, nobody will much care what the underlying technology is made of.  At least, not at first, and by the time they start to care, you will be able to hire an auditing firm to write security audits for them.
0
 
LVL 53

Assisted Solution

by:COBOLdinosaur
COBOLdinosaur earned 100 total points
ID: 39286751
Before you start down the road on this I suggest that you first understand the primary protocols for information interchange in healthcare which includes issues around HIPPA.

The widly used and supported standards in Healthcare are dictated by HL7.  See:
https://en.wikipedia.org/wiki/Health_Level_7
For a general description.

Having worked on a number of projects where messaging required HL7 protocols I can assure you it is not an easy implementation even in languages with object packages to support HL7. I have dealt with it in COBOL, c, C++, and JAVA, but I have never seen a PHP implementation and I doubt there is a valid framework for HL7 in PHP.

There is a PEAR alpha version of an API for HL7 messaging but it has not been maintained for 4 years (I don't know if the work stop because there was no demand for the product, or if the task was not doable in PHP).

PHP should be up to the task of parsing H7 messages, but beyond that I am not sure you can meet security requirements.

Cd&
0
 
LVL 77

Expert Comment

by:arnold
ID: 39287005
The interchange is more of a back end operation.  From my reading of the question, the asker is envisioning a front end.  While the data exchange is more of an inter facility consideration.

It should be built from the inside out. database, internal user access/interaction external client/acccess/interaction both require auditing/as well as some proactive access violations.
etc.
0
 

Author Comment

by:dsg138
ID: 39290416
Hi all, thanks for the great feedback.  
You are really helping me to make a good decision.

After reading over HIPPA and PHI, I'm making certain I don't store any of those fields in my DB.  

I'm very happy to hear that large companies like Facebook, Digg, Yahoo and Google are run with PHP.
0
 
LVL 77

Accepted Solution

by:
arnold earned 100 total points
ID: 39292026
The issue is not wether you store them in your DB which is required for an insurance firm, the issue is given you have to store it, what are the steps you are taking to mitigate/avoid exposing the data I.e. store the data using DB encryption in columns. Encrypt the data using encryption within php?
The other issue deals with if you use DB level encryption, is the communication channel between the web server and the database server is encrypted thus preventing data observation using snooping.

PHP is a versatile and free/open source in displaying/providing access to information as well as available to run on any platform.

The flexibility it provides deals with access to various databases.
IMHO, database design, architecture, structure is the more important part.
The access to data and the presentation is handled within the PHP code.
Starting from the presentation side, I.e. PHP means that you would try to design/architect a database to much your presentation which may make the DB structure complex and possibly duplicative in some data it stores.

The database starting point has a tendency to make requirements for repetitive/sequential queries.

This is where you need to balance the design/functionality.
0
 

Author Closing Comment

by:dsg138
ID: 39294908
Thanks everyone.  This was a great discussion.  I greatly appreciate everyone's feedback and giving me the info to make an intelligent decision.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP installation issues 11 60
hasing a url 16 26
two ways encryption with php 3 26
limit a company to search only coupons for that particular company 6 15
Salesforce.com is a cloud-based customer relationship management (CRM) system. In this article, you will learn how to add and map custom lead and contact fields to your Salesforce instance.
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question