[consulting] Consultants that have deployed healthcare-related Drupal projects

Thu Apr 19 14:29:29 UTC 2007

On 4/18/07, Boris Mann <boris at bryght.com> wrote:

> It's actually *less* about "big healthcare" than it is about finding
> some of the people that I remember specializing in e-health related
> items. I remember some websites way back in late 2004.
>
> In fact, some of the people that have recently contacted me are
> looking for community-style solutions (think more about training /
> elearning related to healthcare). I'm trying to help make some
> connections.
>
> There ARE some interesting thoughts regarding, well, a buzzword I just
> made up :P, called "user centric healthcare" -- control over records
> and treatments. But that gets into (in the US) HIPPA and really really
> hairy data privacy and access, which as KarenS points out is highly
> connected to access control.

I think you'll find restrictive laws regarding health care data in
most "first world" countries -- most people aren't interested in
letting just anyone know that they've got an incurable disease, etc.
In the U.S., there are number of laws which apply, the most recent and
comprehensive of which is the Health Insurance Portability and
Accountability Act (HIPAA).  In Germany, data privacy laws concerning
all kinds of personal data, including health care, have long been a
part of the legal structure -- and they are in many ways more
restrictive than those in the USA.

But they're not impossible to deal with.  As I said, I was running
Drupal with claim data at my previous job.  We used SSL on 100% of the
datastream, and there was nothing to see other than a login page
without authentication.

> And a final area is replacing those green screen / DOS apps used to
> manage medical offices with Drupal-based practice management systems.
> Scheduling, billing, connecting to upstream EDI-based insurance
> systems, etc. etc.

Medical practice offices probably have the biggest problem and risk,
as well as the hardest to meet requirements for data privacy in the
USA, because of the mix of data involved.  Billing data isn't private,
unless it includes patient data, which essentially all patient billing
*will* include.  EDI is all about claim data, which is what we handled
in my previous job.  (Go ahead, just ask me about X.12 and 837s and
271s.  No wait, on the other hand, don't!  :-)

Other than smaller "one-horse docs" most U.S. clinics use practice
management systems which integrate some or all of the scheduling,
billing, EDI, etc. activities in one system.  So it's security all
over again.

Actually, the Drupal community's focus on preventing cross-site
scripting attacks and SQL attacks, for example, really helps make
Drupal as secure a starting framework as most frameworks.  (Thank you,
security team!)  It's somewhat like the argument about secure
programming using PHP or any "language X" -- it's really about having
skilled, knowledgeable people doing the work, not the technology that
makes the biggest difference.