• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 643
  • Last Modified:

PHP/MySQL for Enterprise Healthcare Software?

I'm in the process of planning a new Software application for the Healthcare Insurance company industry.

I'm leaning towards PHP/MySQL since there are a lot of php/ajax software scripts that I can easily integrate with.

I know that when dealing with Health Insurance companies, secure patient info is extremely important to them.  Many of their apps are Java and either Oracle or MS SQL.

I'm comfortable with the decision to use PHP/MySQL, but I know that I'll likely have a hard sell, especially in this industry.

I was reading a few older posts about thoughts on php/MySQL as an enterprise software application.


These are a few years old so I'm really curious to what everyone thinks.


  • 3
  • 2
  • 2
  • +3
5 Solutions
Dave BaldwinFixer of ProblemsCommented:
Here's a fairly good discussion.  stackoverflow.com/questions/130869/can-php-handle-enterprise-level-sites-as-well-as-java  It even notes that PHP can have precision problems with artithmetic.

Securing patient info is the law and is almost more important than anything else.  http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityruleguidance.html
>>since there are a lot of php/ajax software scripts
mmmm, please read this
many of those things you want to leverage may be out-of-date

>>when dealing with Health ... secure patient info is extremely important to them
literally paranoid would be a closer description (for good reason!)
consider this in the context of "selling your solution" (see next)

>>Many of their apps are Java and either Oracle or MS SQL
your market has declared its preference
introducing a new platform has substantial costs to an enterprise
(not just he 'purchase price' but the skills to maintain, the cost to support and so on)
In my experience, enterprises are seeking to reduce vendors to an absolute minimum - this always favours the 'big and established players'

if you are offering against these, the 'objection will be strong'
if the 'objection is strong' you will have a harder time selling
(and your cost of sale will be higher too)

>>MySQL itself
mmm, hard one, who knows where this will head, but there are already branches and of course extensions - but to an Enterprise this is confusing, confusion makes them nervous - if they are nervous they see risk - if it's an Insurance company they are experts at risk.

Look for:
MariaDB (branch)
Percona (Percona Server, support services)

(you may want to visit Percona btw, there's a calculator there that compares their support services to those of Oracle - this gives you some (small) insight into the enterprise's cost of a different platform)

And, I know I will get flamed for this, but there is still an impression out there that PHP isn't for serious applications (i.e. seen as 'low end'). Add that to some some possible confusion over MySQL.

I am the voice of dissent I guess, but I think I would be looking at J2EE + Oracle/Mssql
Dave BaldwinFixer of ProblemsCommented:
I forgot to mention that PHP is really intended for use from a web server.  It would be a real stretch to get it running as a desktop app.
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

The front end you are designing can be independent of the backend storage.
There are ways to integrate PHP with MS SQL, Oracle, Mysql, And IBM DBMS.

The main issue that was pointed out earlier deals with HIPAA.
Access to data, logs/record keeping of which user accessed what record, changes.
For an insurance company there are record/claim/etc. which access security/privileges.  
handling claim/eligibility, etc.

If you are creating an actuarial/statistical/expense type of an application that tries using existing data to project future rates/age group.
Ray PaseurCommented:
Since this is just a blue-sky discussion and doesn't really require a technical answer, I'll throw out a couple of ideas.  All of Digg, parts of Yahoo and Google, nearly 100% of Facebook are PHP machines.  PHP + MySQL powers literally millions of web sites (all of the WordPress blogs).  If your application is built on a RESTful design, nobody will much care what the underlying technology is made of.  At least, not at first, and by the time they start to care, you will be able to hire an auditing firm to write security audits for them.
Before you start down the road on this I suggest that you first understand the primary protocols for information interchange in healthcare which includes issues around HIPPA.

The widly used and supported standards in Healthcare are dictated by HL7.  See:
For a general description.

Having worked on a number of projects where messaging required HL7 protocols I can assure you it is not an easy implementation even in languages with object packages to support HL7. I have dealt with it in COBOL, c, C++, and JAVA, but I have never seen a PHP implementation and I doubt there is a valid framework for HL7 in PHP.

There is a PEAR alpha version of an API for HL7 messaging but it has not been maintained for 4 years (I don't know if the work stop because there was no demand for the product, or if the task was not doable in PHP).

PHP should be up to the task of parsing H7 messages, but beyond that I am not sure you can meet security requirements.

The interchange is more of a back end operation.  From my reading of the question, the asker is envisioning a front end.  While the data exchange is more of an inter facility consideration.

It should be built from the inside out. database, internal user access/interaction external client/acccess/interaction both require auditing/as well as some proactive access violations.
dsg138Author Commented:
Hi all, thanks for the great feedback.  
You are really helping me to make a good decision.

After reading over HIPPA and PHI, I'm making certain I don't store any of those fields in my DB.  

I'm very happy to hear that large companies like Facebook, Digg, Yahoo and Google are run with PHP.
The issue is not wether you store them in your DB which is required for an insurance firm, the issue is given you have to store it, what are the steps you are taking to mitigate/avoid exposing the data I.e. store the data using DB encryption in columns. Encrypt the data using encryption within php?
The other issue deals with if you use DB level encryption, is the communication channel between the web server and the database server is encrypted thus preventing data observation using snooping.

PHP is a versatile and free/open source in displaying/providing access to information as well as available to run on any platform.

The flexibility it provides deals with access to various databases.
IMHO, database design, architecture, structure is the more important part.
The access to data and the presentation is handled within the PHP code.
Starting from the presentation side, I.e. PHP means that you would try to design/architect a database to much your presentation which may make the DB structure complex and possibly duplicative in some data it stores.

The database starting point has a tendency to make requirements for repetitive/sequential queries.

This is where you need to balance the design/functionality.
dsg138Author Commented:
Thanks everyone.  This was a great discussion.  I greatly appreciate everyone's feedback and giving me the info to make an intelligent decision.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 3
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now