Hey OpenMRS community; I am inquiring for the desire to use the program for HIV/AIDS and Psychotherapy services providing for high risk individuals in the MENA, such as: gender and sexual minorities and HIV/AIDS folks who are facing social stigma. Encryption of Database, with zero knowledge is a primary criteria, as well as other features that i couldn’t tell if they are present or not. So: 1- I would like to ask what is the encryption level on the database when it comes to your end of the program? 2- Is there a no show flagging feature? 3- is there a feature for feedback on service, post visit with healthcare provider?
@deevide do you mean , you want to deploy OpenMRS for those services above ?
And talking about encryption , does that mean you’re hosting the instance remotely on the cloud such as to require database Encryption ?
Have you also had a chance to explore https://wiki.openmrs.org/display/docs/Reference+Application+2.10.0
Hi @deevide , I’m going to try and answer your questions to the best of my ability.
Encryption of Database, with zero knowledge is a primary criteria, as well as other features that i couldn’t tell if they are present or not. 1- I would like to ask what is the encryption level on the database when it comes to your end of the program?
“Zero knowledge encryption” refers to E2E encryption, which is applicable for example to messaging apps. E2E encryption becomes increasingly difficult the more clients are involved. I am not aware of any non-messaging applications providing E2E encryption, and seriously doubt that there is any EMR that can provide it.
Fortunately, E2E encryption and database encryption only matter if an untrusted party has access to the server. OpenMRS is not a SAAS product; you must install it yourself on your own server. This means that the data is exactly as secure as your server, which you control. Therefore you must ensure that your server is as well-secured as possible.
OpenMRS does, of course, implement industry standard data transport security. You must serve it over HTTPS and ensure that your users use strong passwords that they don’t leave on sticky notes on their desks.
CC @isears who will have better answers than mine.
2- Is there a no show flagging feature?
3- is there a feature for feedback on service, post visit with healthcare provider?
We do not have such a feature.
Thanks alot for the comprehensive reply <3 Yes, i already had a thought that the Encryption would be according to the server hosting. So that’s a good confirmation.
That’s a very valid and logic point. Hence almost all would be depending on TLS levels, if i am not mistaken, right?
Some kind of “no show” feature is something we at Partners In Health have been very interested in but have not yet had a chance to prioritize. It would be a great feature for the community or an individual implementer to consider!
I would echo @bistenes on this, roughly this is a deployment challenge and is not strictly in the scope of what the OpenMRS Community covers. Of course one can encrypt the database, or if not the database itself, the volume where the data is managed. There are multiple ways to solve this, which is in essence more an infrastructure piece of work in general than an OpenMRS item in particular.
Yes this can be done with the Data Filter module. Beware however that this is quite an advanced module and it requires some fair programmatical knowledge, or the support of a specialised team.
Not as part of what the OpenMRS Community supports, however there are solutions out there that have been integrated with OpenMRS and that would allow patients to “communicate with the EMR” (broadly speaking). This pulls on the string of the wider telehealth topic and specifically of patient portals. Out of the three points that you are interested in this is the highest hanging fruit.
With respect to data-at-rest encryption: In theory, it should be handled entirely by the database layer in a way that’s transparent to the application (i.e. OpenMRS). I think I got this working a while ago with an encrypted AWS RDS instance. I imagine it takes a bit more work on the infrastructure end if you’re not using a managed cloud DB service though.