Weheh, On Jul 13, 12:19 am, weheh <richard_gor...@verizon.net> wrote: > Indeed, any EMR (electronic medical record) system must be HIPPA > compliant. There's no reason web2py why an online web2py
I see no reason that web2py cannot be HIPPA compliant. My point was more in relationship to your comment on the costs of such systems. The $100k per installation sounds about right. But slicing the onion, the allocation of that charge is probably 60-70% for preparatory legal defense. The more a particular EMR grows in installations the greater the risk is that a breach will occur. > But indeed, I am suggesting a paradigm shift away from a monolithic > medical culture where the patient is a piece of meat with no ownership > of their personal data, I have had medical care in Russia and that is the type of records management they have. Its the patients responsibility to maintain their long term medical records. The doctors/hospitals also keep records but only of the procedures they alone performed. Considering the cultural nature of the US, it seems counter intuitive that if privacy is in such high esteem that medical records are not the personal property of the patient. I am with you there. > The point of HIPPA is not to make it impossible for anyone to do EMR. > It's to protect the privacy of the info. For what technical reason > should a web2py based EMR system NOT be able to achieve said > compliance? Again, based on what I have developed with Web2Py I have no doubt it can be done. The issues are external to the technology. Lets say you write the world's best EMR. 1) It being open source does not protect you from the stupidity of the user base. You can still be sued. 2) Even if in your documentation you state that to use the software the user is required to use only a secure USB key. Many won't as they simply did not read your document and purchased a $9.99 USB special. So when their medical records end up on some website they are going after you because it is 'your fault'. 3) You also sign yourself up for keeping current on medical record security mandates. I don't want to rain on the parade. Its an ambitious undertaking and a worthy cause to pursue. But the downside risks would not let me sleep at night. JohnMc --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
