PHP/MySQL for Enterprise Healthcare Software?

Posted on 2013-06-28
Last Modified: 2013-10-11
I'm in the process of planning a new Software application for the Healthcare Insurance company industry.

I'm leaning towards PHP/MySQL since there are a lot of php/ajax software scripts that I can easily integrate with.

I know that when dealing with Health Insurance companies, secure patient info is extremely important to them.  Many of their apps are Java and either Oracle or MS SQL.

I'm comfortable with the decision to use PHP/MySQL, but I know that I'll likely have a hard sell, especially in this industry.

I was reading a few older posts about thoughts on php/MySQL as an enterprise software application.

These are a few years old so I'm really curious to what everyone thinks.


Question by:dsg138
  • 3
  • 2
  • 2
  • +3
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 100 total points
Comment Utility
Here's a fairly good discussion.  It even notes that PHP can have precision problems with artithmetic.

Securing patient info is the law and is almost more important than anything else.
LVL 48

Assisted Solution

PortletPaul earned 100 total points
Comment Utility
>>since there are a lot of php/ajax software scripts
mmmm, please read this
many of those things you want to leverage may be out-of-date

>>when dealing with Health ... secure patient info is extremely important to them
literally paranoid would be a closer description (for good reason!)
consider this in the context of "selling your solution" (see next)

>>Many of their apps are Java and either Oracle or MS SQL
your market has declared its preference
introducing a new platform has substantial costs to an enterprise
(not just he 'purchase price' but the skills to maintain, the cost to support and so on)
In my experience, enterprises are seeking to reduce vendors to an absolute minimum - this always favours the 'big and established players'

if you are offering against these, the 'objection will be strong'
if the 'objection is strong' you will have a harder time selling
(and your cost of sale will be higher too)

>>MySQL itself
mmm, hard one, who knows where this will head, but there are already branches and of course extensions - but to an Enterprise this is confusing, confusion makes them nervous - if they are nervous they see risk - if it's an Insurance company they are experts at risk.

Look for:
MariaDB (branch)
Percona (Percona Server, support services)

(you may want to visit Percona btw, there's a calculator there that compares their support services to those of Oracle - this gives you some (small) insight into the enterprise's cost of a different platform)

And, I know I will get flamed for this, but there is still an impression out there that PHP isn't for serious applications (i.e. seen as 'low end'). Add that to some some possible confusion over MySQL.

I am the voice of dissent I guess, but I think I would be looking at J2EE + Oracle/Mssql
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
I forgot to mention that PHP is really intended for use from a web server.  It would be a real stretch to get it running as a desktop app.
LVL 76

Expert Comment

Comment Utility
The front end you are designing can be independent of the backend storage.
There are ways to integrate PHP with MS SQL, Oracle, Mysql, And IBM DBMS.

The main issue that was pointed out earlier deals with HIPAA.
Access to data, logs/record keeping of which user accessed what record, changes.
For an insurance company there are record/claim/etc. which access security/privileges.  
handling claim/eligibility, etc.

If you are creating an actuarial/statistical/expense type of an application that tries using existing data to project future rates/age group.
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 100 total points
Comment Utility
Since this is just a blue-sky discussion and doesn't really require a technical answer, I'll throw out a couple of ideas.  All of Digg, parts of Yahoo and Google, nearly 100% of Facebook are PHP machines.  PHP + MySQL powers literally millions of web sites (all of the WordPress blogs).  If your application is built on a RESTful design, nobody will much care what the underlying technology is made of.  At least, not at first, and by the time they start to care, you will be able to hire an auditing firm to write security audits for them.
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

LVL 53

Assisted Solution

COBOLdinosaur earned 100 total points
Comment Utility
Before you start down the road on this I suggest that you first understand the primary protocols for information interchange in healthcare which includes issues around HIPPA.

The widly used and supported standards in Healthcare are dictated by HL7.  See:
For a general description.

Having worked on a number of projects where messaging required HL7 protocols I can assure you it is not an easy implementation even in languages with object packages to support HL7. I have dealt with it in COBOL, c, C++, and JAVA, but I have never seen a PHP implementation and I doubt there is a valid framework for HL7 in PHP.

There is a PEAR alpha version of an API for HL7 messaging but it has not been maintained for 4 years (I don't know if the work stop because there was no demand for the product, or if the task was not doable in PHP).

PHP should be up to the task of parsing H7 messages, but beyond that I am not sure you can meet security requirements.

LVL 76

Expert Comment

Comment Utility
The interchange is more of a back end operation.  From my reading of the question, the asker is envisioning a front end.  While the data exchange is more of an inter facility consideration.

It should be built from the inside out. database, internal user access/interaction external client/acccess/interaction both require auditing/as well as some proactive access violations.

Author Comment

Comment Utility
Hi all, thanks for the great feedback.  
You are really helping me to make a good decision.

After reading over HIPPA and PHI, I'm making certain I don't store any of those fields in my DB.  

I'm very happy to hear that large companies like Facebook, Digg, Yahoo and Google are run with PHP.
LVL 76

Accepted Solution

arnold earned 100 total points
Comment Utility
The issue is not wether you store them in your DB which is required for an insurance firm, the issue is given you have to store it, what are the steps you are taking to mitigate/avoid exposing the data I.e. store the data using DB encryption in columns. Encrypt the data using encryption within php?
The other issue deals with if you use DB level encryption, is the communication channel between the web server and the database server is encrypted thus preventing data observation using snooping.

PHP is a versatile and free/open source in displaying/providing access to information as well as available to run on any platform.

The flexibility it provides deals with access to various databases.
IMHO, database design, architecture, structure is the more important part.
The access to data and the presentation is handled within the PHP code.
Starting from the presentation side, I.e. PHP means that you would try to design/architect a database to much your presentation which may make the DB structure complex and possibly duplicative in some data it stores.

The database starting point has a tendency to make requirements for repetitive/sequential queries.

This is where you need to balance the design/functionality.

Author Closing Comment

Comment Utility
Thanks everyone.  This was a great discussion.  I greatly appreciate everyone's feedback and giving me the info to make an intelligent decision.

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now