U.S.A. clinic use and HIPAA compliance?


(TJ Prescott) #1

I am a doctor of chiropractic and I am looking for a flexible EHR for use in my Colorado, U.S.A. clinic. I am considering OpenEMR and OpenMRS. I prefer OpenMRS based on database and customization flexibility.

Can OpenMRS be used in a U.S.A clinic and can HIPAA complance be provided?

Per Wikipedia, OpenMRS: “There are five known OpenMRS deployments supporting clinical care in the US - three in Indianapolis, one in Los Angeles, and one in Maryland.” The names of the clinics are not provided. Can anyone provide me with the names of these U.S. clinics that are using OpenMRS? I would like to find out how they are meeting HIPAA security requirements. Thank you in advance for any replies.

TJ Prescott, DC PE


(tendo kiiza Martyn) #2

Thoughts cc @burke @janflowers @jthomas


(Daniel Kayiwa) #3

Is this of any help? Report from course assignment assessing security of OpenMRS


(TJ Prescott) #4

Thanks for posting that study. I reviewed that study about a week before posting my question. Unless someone has evidence to the contrary, my conclusions from the study and from other research is as follows:

  1. OpenMRS as it was at the time of the study had several security vulnerabilities.
  2. To the best of my knowledge, these vulnerabilities have not been fixed.
  3. These vulnerabilities make OpenMRS non-HIPAA compliant for use in the U.S.
  4. From what I can tell, most use in the U.S. has been for research where HIPAA compliance is not required, rather than for clinic use.

This is a personal dissapointment as it means OpenMRS is not suitable for use in my clinic. Please post, if you think my conclusions are mistaken. Thank you.


(tendo kiiza Martyn) #5

@dkayiwa can this be chanelled to GSoC ,is it in that scope anyways ?


(Daniel Kayiwa) #6

@tendomart first part would be to clearly define what needs to be done. Then this will determine whether it is fit for GSoC. Do you have the time for this?


(tendo kiiza Martyn) #7

@dkayiwa oh Yes, i may take it up if there is a mentor.Though i know not were to start from.I think security is very crucial for OpenMRS operations. But i’ll go through the link and come up with what needs to be done then share. Would you be willing to mentor this ?


(Daniel Kayiwa) #8

@tendomart i do not mean doing the actual work. I simply mean going through the above docs and links to clearly define what needs to be done from a developer’s perspective.


(tendo kiiza Martyn) #9

I’ll do that tonight. .


(Moses Mutesasira) #10

HI @tendomart, how far with work. its seems to me that this is a very serious issue that needs attention