PHP/MySQL for Enterprise Healthcare Software?

Posted on 2013-06-28
Medium Priority
Last Modified: 2013-10-11
I'm in the process of planning a new Software application for the Healthcare Insurance company industry.

I'm leaning towards PHP/MySQL since there are a lot of php/ajax software scripts that I can easily integrate with.

I know that when dealing with Health Insurance companies, secure patient info is extremely important to them.  Many of their apps are Java and either Oracle or MS SQL.

I'm comfortable with the decision to use PHP/MySQL, but I know that I'll likely have a hard sell, especially in this industry.

I was reading a few older posts about thoughts on php/MySQL as an enterprise software application.


These are a few years old so I'm really curious to what everyone thinks.


Question by:dsg138
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 400 total points
ID: 39286211
Here's a fairly good discussion.  stackoverflow.com/questions/130869/can-php-handle-enterprise-level-sites-as-well-as-java  It even notes that PHP can have precision problems with artithmetic.

Securing patient info is the law and is almost more important than anything else.  http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityruleguidance.html
LVL 49

Assisted Solution

PortletPaul earned 400 total points
ID: 39286227
>>since there are a lot of php/ajax software scripts
mmmm, please read this
many of those things you want to leverage may be out-of-date

>>when dealing with Health ... secure patient info is extremely important to them
literally paranoid would be a closer description (for good reason!)
consider this in the context of "selling your solution" (see next)

>>Many of their apps are Java and either Oracle or MS SQL
your market has declared its preference
introducing a new platform has substantial costs to an enterprise
(not just he 'purchase price' but the skills to maintain, the cost to support and so on)
In my experience, enterprises are seeking to reduce vendors to an absolute minimum - this always favours the 'big and established players'

if you are offering against these, the 'objection will be strong'
if the 'objection is strong' you will have a harder time selling
(and your cost of sale will be higher too)

>>MySQL itself
mmm, hard one, who knows where this will head, but there are already branches and of course extensions - but to an Enterprise this is confusing, confusion makes them nervous - if they are nervous they see risk - if it's an Insurance company they are experts at risk.

Look for:
MariaDB (branch)
Percona (Percona Server, support services)

(you may want to visit Percona btw, there's a calculator there that compares their support services to those of Oracle - this gives you some (small) insight into the enterprise's cost of a different platform)

And, I know I will get flamed for this, but there is still an impression out there that PHP isn't for serious applications (i.e. seen as 'low end'). Add that to some some possible confusion over MySQL.

I am the voice of dissent I guess, but I think I would be looking at J2EE + Oracle/Mssql
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39286244
I forgot to mention that PHP is really intended for use from a web server.  It would be a real stretch to get it running as a desktop app.
Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

LVL 79

Expert Comment

ID: 39286247
The front end you are designing can be independent of the backend storage.
There are ways to integrate PHP with MS SQL, Oracle, Mysql, And IBM DBMS.

The main issue that was pointed out earlier deals with HIPAA.
Access to data, logs/record keeping of which user accessed what record, changes.
For an insurance company there are record/claim/etc. which access security/privileges.  
handling claim/eligibility, etc.

If you are creating an actuarial/statistical/expense type of an application that tries using existing data to project future rates/age group.
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 400 total points
ID: 39286589
Since this is just a blue-sky discussion and doesn't really require a technical answer, I'll throw out a couple of ideas.  All of Digg, parts of Yahoo and Google, nearly 100% of Facebook are PHP machines.  PHP + MySQL powers literally millions of web sites (all of the WordPress blogs).  If your application is built on a RESTful design, nobody will much care what the underlying technology is made of.  At least, not at first, and by the time they start to care, you will be able to hire an auditing firm to write security audits for them.
LVL 53

Assisted Solution

COBOLdinosaur earned 400 total points
ID: 39286751
Before you start down the road on this I suggest that you first understand the primary protocols for information interchange in healthcare which includes issues around HIPPA.

The widly used and supported standards in Healthcare are dictated by HL7.  See:
For a general description.

Having worked on a number of projects where messaging required HL7 protocols I can assure you it is not an easy implementation even in languages with object packages to support HL7. I have dealt with it in COBOL, c, C++, and JAVA, but I have never seen a PHP implementation and I doubt there is a valid framework for HL7 in PHP.

There is a PEAR alpha version of an API for HL7 messaging but it has not been maintained for 4 years (I don't know if the work stop because there was no demand for the product, or if the task was not doable in PHP).

PHP should be up to the task of parsing H7 messages, but beyond that I am not sure you can meet security requirements.

LVL 79

Expert Comment

ID: 39287005
The interchange is more of a back end operation.  From my reading of the question, the asker is envisioning a front end.  While the data exchange is more of an inter facility consideration.

It should be built from the inside out. database, internal user access/interaction external client/acccess/interaction both require auditing/as well as some proactive access violations.

Author Comment

ID: 39290416
Hi all, thanks for the great feedback.  
You are really helping me to make a good decision.

After reading over HIPPA and PHI, I'm making certain I don't store any of those fields in my DB.  

I'm very happy to hear that large companies like Facebook, Digg, Yahoo and Google are run with PHP.
LVL 79

Accepted Solution

arnold earned 400 total points
ID: 39292026
The issue is not wether you store them in your DB which is required for an insurance firm, the issue is given you have to store it, what are the steps you are taking to mitigate/avoid exposing the data I.e. store the data using DB encryption in columns. Encrypt the data using encryption within php?
The other issue deals with if you use DB level encryption, is the communication channel between the web server and the database server is encrypted thus preventing data observation using snooping.

PHP is a versatile and free/open source in displaying/providing access to information as well as available to run on any platform.

The flexibility it provides deals with access to various databases.
IMHO, database design, architecture, structure is the more important part.
The access to data and the presentation is handled within the PHP code.
Starting from the presentation side, I.e. PHP means that you would try to design/architect a database to much your presentation which may make the DB structure complex and possibly duplicative in some data it stores.

The database starting point has a tendency to make requirements for repetitive/sequential queries.

This is where you need to balance the design/functionality.

Author Closing Comment

ID: 39294908
Thanks everyone.  This was a great discussion.  I greatly appreciate everyone's feedback and giving me the info to make an intelligent decision.

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When table data gets too large to manage or queries take too long to execute the solution is often to buy bigger hardware or assign more CPUs and memory resources to the machine to solve the problem. However, the best, cheapest and most effective so…
This post contains step-by-step instructions for setting up alerting in Percona Monitoring and Management (PMM) using Grafana.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question