Friday, December 11, 2009

Healthcare Identifiers

People actively involved in developing HL7 compliant applications may find some issues on duplicate records caused by typos or inaccurate information. All these problems go back to the software developers who seem to hold all the responsibilities of creating such dilemma. On the one hand, people who do the data entry should share part of responsibilities in making wrong records. On the other hand, The patients may also provide inaccurate information about their identities. Finally, all these errors could make the patients suffering when medical staff makes wrong decisions based on the incorrect information produced by the software during treatment.


Medicare number is not a good choice for patient identification. You may agree with that after you read this:


Why not use the Medicare number?
A Medicare number is not unique. Some people have more than one Medicare number because they are members of more than one family and may be on multiple cards. Also, not everyone who needs healthcare will have a Medicare number.


So what is individual healthcare identifier?
An IHI is a unique 16 digit number that will be allocated to each Australian resident and others seeking healthcare in Australia. Your IHI will be unique and only apply to you for use in health information records alongside your name and date of birth. No clinical information will be linked to your identifier. Healthcare providers and healthcare organisations will also have their own unique identifiers.


An unique identifier would really help ease the pain of the application developers in Australia. For successful e-health strategy, health institution will need to use HL7 for orchestration among the systems maintained by different vendors. Patient identification causes big trouble to the developers whereas most of them find their own ways to identify an unique patient's record. With both of healthcare identifier and HL7 protocol, various systems can really talk to each others with less errors than ever before.


An exposure draft of Healthcare Identifiers Bill has been released and is ready for public comment. This will help build the basic infrastructure of e-health communication protocol. Hopefully, we will see Healthcare Identifiers Service offered by Medicare by mid-year 2010.


http://www.health.gov.au/internet/main/publishing.nsf/Content/pacd-ehealth-consultation

Thursday, November 12, 2009

Must-have functions in clinical application

Doctors see clinical software as a tool to help them sort out lots of problems where a team of workers would achieve in the past. What functions of a killer application would be desired by GPs? I looked around and find a useful comment from an article online.

How family doctor can function without these features:

  • chronic prescription handling
  • drug interaction checking
  • drug information
  • patient information leaflets
  • printing useful patient data report
  • tracking of investigations
  • chronic disease management tools/searches
  • audit tools for doctors (i.e., to ensure they are doing what they think they are doing)
  • legible notes
  • comprehensive backup strategies
  • remote access from home
An open source tool like OSCAR seems to be popular among the GPs. That's good starting point to add and enhance such features for making doctors' life easier.



Thursday, September 24, 2009

Advanced PHP mail problem in Ubuntu

After a MTA like sendmail has been setup in Linux environment, PHP script for sending email seems not to work correctly. The symptom is so weird. Say, you sent out email successfully without any error message by using PHP. However, the email actually didn't reach the destination mailbox. The famous PHP manual did not show any light on what happened.

Assuming we are using SMTP server other than the sendmail agent to send out the email, sometimes we need to pass authentication details to make it work. However, PHP built-in mail() function is lack of authentication feature. This function works really well on Windows machine, supposing it is using SMTP server in local network.

For Linux, it is recommended to use PEAR project's Mail object as it has extra feature for passing authentication parameters to SMTP server. This is especially useful when the hosting machine is not in the local network of SMTP server. In this case, authentication is a must to send through emails successfully.

For the beginning of the PHP script, we'd better add this:



Then you may pupulate Mail::factory() object to send out the email content.

PHP4 or newer version has already integrated PEAR's Mail library in its package. If they don't, then you may add it yourself:



The beta 1.2.0b2 version of Mail works okay so I guess you may like it. Of course, you may install newer version as you like.

Then you may use Mail::factory() object for sending email using PHP script, surely with your SMTP username and password. This Mail object works even if you don't use authentication.

Nice to have a try;)

Tuesday, September 1, 2009

Remote Javascript function calls to close IE7 Window with PDF opened

When we let users open a PDF file from our web site, it seems we can't close that IE7 window by javascript once the PDF content is loaded. We want more interactive features at the client's IE7 browser, like closing window from Parent window's JS call.
The question is: How can we make Javascript function calls to remotely close an child IE7 Window with PDF opened?
Answer: HTML tag frameset can help us solve this problem. Take a look at this forum discussion for more ideas.

Wednesday, August 26, 2009

Unlock button greyed out in Ubuntu menu with remote SSH VNC Connection

After I setup a Ubuntu server somewhere, I decided to use VNC via SSH tunnel for getting its nice GUI back. However, each time I click to open Program from menu item, the "Unlock" button is always greyed out. After googling for a few articles about this, I found a solution which was working on Hardy server. Amazingly, it works on Jaunty server as well!

1. After I logon with SSH client and open VNC client sucessfully. I type this in terminal window:



Then the polkit-authorization dialog box appears.

2. In the left pane, navigate to freedesktop->systemtoolsbackends->Manage System Configuration. In the right pane, click "Edit" button under Implicit Authorizations. Edit Implicit Authorizations dialog box will appear.

3. In Edit Implicit Authorizations dialog box, assgin Anyone with Admin Authentication.

4. Click Modify button to confirm and then Close button to exit.

5. Reboot the server and try login again via SSH and then open VNC client to come back to GUI environment.

Now any dialog from menu item with Unlock button should be enabled again and you will be authenticated when clicking Unlock button.

Monday, August 17, 2009

PHP Sendmail problem on Ubuntu

For most general PHP functions like mail(), XAMPP package always works well on Win32 platform with its pre-defined settings. For linux distro like Ubuntu, you need to do extra steps to make it work.

1. You must be sure that you have run the following commands:



2. Come to your php.ini and edit like this (you'd better search php.ini yourself by issuing 'locate' command):



3. One extra thing to fix unqualified host name issue with error message like 'unable to qualify my own domain name'. Open and edit /etc/hosts as follows:

Let's say you have your machine locally named 'yourserver', add it with postfix '.local'

127.0.0.1 yourserver.local localhost

4. Restart Apache server or your LAMPP server to make PHP settings effective.

Now your PHP code should work on using mail() function for sending email message out.

Tuesday, August 11, 2009

Let Apache as a internet gateway to other intranet servers

To secure the web services and maintain high availability, it is good to have a proxy in front of the other web application servers which sit inside the intranet. You can imagine there is only one IP address available and one physical machine. How can I setup multiple servers at a time? Using VMware makes my dream come true;)

Inspired by an article about setting gateway server for Internet users accessing intranet resources like Outlook Web Access service, I get this good thing work on my machine.

With one front-end gateway with ability to be accessed by Internet users, we can implement reverse proxy which redirects particular web requests to internal servers. The gateway server should have Apache server equipped and ready to run. What you need to do on the machine would be adding a few lines to the configuration file like, httpd-ssl.conf. This file contains settings for general Apache HTTPS request handling. I assume you have your SSL certificate sitting well in the gateway machine. For the rest, just a few lines in the configuration file like httpd-ssl.conf:

Within the block of VirtualHost
(possibly something like VirtualHost _default_:443):



SSL certificate will sit inside the gateway server and serve HTTPS requests for other intranet servers. In this case, we only need one SSL certificate for all internal servers.

Download faster with enhanced apt-get

Yes, right. System update could take longer and longer time without using this gadget. On Ubuntu, traditional package installer apt-get is great but requires something else to make downloading faster. Axel is one of the best candidate and which is also free to download and install.

To install axel at first, type this:



There is a sample script to combine the power of apt-get and axel.

Just copy and paste the script into a text file, name it ("apt-fast", whatever) and then place it into a directory like /usr/bin/ and make it available for use with the following command:



Then you can use it like apt-get command and enjoy the high speed downloading than ever before.

Good tool, indeed!

Monday, August 10, 2009

Start vnc4server automatically on Ubuntu bootup

Nice to find an article talking about how to deal with vnc4server on Xubuntu, especially for auto startup. With my imagination, now it's for Ubuntu use as well;>

Making vnc4server start automatically

You can make your vnc4server start automatically with a simple one-line script.


Paste the following into the script editing the resolution to your liking:



Now save the file and exit nano. You'll also need to make the file an executable, do so with the following command:


Finally, to have this script run automatically, simply add it to your startup group:


To remove it from your startup list, do this:


For Gnome user, better do this:

Tuesday, August 4, 2009

Add MySQL Authentication feature to Apache2 on Ubuntu

mod_auth_mysql is said to have served the web community pretty well along the time and most developers, even though not all of them, find it useful and love it. I can see the complaints about this module as the development of Apache server keeps going. In terms of security and management, using MySQL as a permanent store for user accounts is better than using plain text file. As long as the way to carry out web authentication is shifted from traditional pop-up browser window, to Application Server's own session control, it is still valuable to retain such usage for MySQL Authentication. As new version of XAMPP package comes out, the mod_auth_mysql module seems to be missed out. Actually, you need to build one yourself. Of course, I assume you are using Ubuntu.

An article from Europe may help building DSO module ourselves. Just download the right stuff, patch it, build it and install it.

Something else need to be done according to the linked article, mostly likely a little change in .htaccess under the protected directory.

Another article aims at clarifying the usage and configuration of mod_auth_mysql module in .htaccess file. Very useful! I have missed out some parameters mentioned there and couldn't make the authentication work on Ubuntu.

For .htacess, I do have the following comments:

To eliminate any unnecessary complaints from Apache itself, add the following line first:
AuthUserFile /dev/null

However, some articles point out that the following line should be COMMENTED OUT, especially for Apache2.X:
#AuthGroupFile /dev/null

When using mod_auth_mysql, it is a must to tell Apache which MySQL socket be used. Otherwise, you may receive complaint like:
MySQL ERROR: Can't connect to local MySQL server through socket '...'
MySQL user ... not found:...


This problem can be solved by adding the following line:

AuthMySQLSocket "full/path/to/mysql.sock"

This helps Apache finding the right MySQL socket for successful connections.

It seems that we'd better declare everything whether it is default or not. This will help identifying any problem in the configuration.

LAMPP Autostart on Ubuntu

More and more people start to use Linux and one of the most popular distribution is Ubuntu. People like me are fantastic about setting up virtual appliance with Ubuntu. Turn it on and run!
However, we need to have more sophisticated control over the services. To make the service started itself when the appliance is turned on, we need some tricks. Thanks to the reference article.

Let's say we are going to make LAMPP server up when the appliance is turned on. We can do it by typing something like this:



Ubuntu is a bit different in managing the services than Debian distro. It's worth to learn more about this excellent platform.

Cheers!

Friday, June 19, 2009

New model of application development

We can't stop thinking about individual's privacy while we are finding the way to get out of the hurdle laid by conservative IT infrastructure. It's always in doubt that whether data security and privacy for application hosting can be maintained successfully at outside company.

In U.S., Health Insurance Portability and Accountability Act of 1996 (HIPAA) announced the requirements to protect individual's protected health information. No matter if such important information is going to be embedded in the message or transferred over the public Internet, it should be encrypted with technologies like 256 bit AES algorithms. In the programming point of view, it's an idea in mind when we are dealing with such kind of information. Then, how about the server where our applications are sitting? Are they secured enough to provide web services to the public while both data security and individual's privacy can be maintained?

Application developers need to consider a stable platform for baby-sitting their applications. To minimize the cost of setting up expensive and ever-changing hardware of the application server, Amazon gave out a solution - Elastic Cloud Computing (EC2). It is not difficult to image that nowaday developers build their own application image and plug it into the computing cloud whenever they want. Flexible charging model makes this happen. You can choose hourly based model or data transfer based model. People can release concern about the hardware restriction on their applications, in terms of time and money. Once a vitual machine image is built up and the programming souce codes are deployed ready, it is just one click action to start your application on the Internet. It really shortens the time to customize the system environment. People want to sell their application but they may not want to spend time to build up I.T. infrastructure on their own.

System virtualization can be done in-house, but you'll need to make sure your system environment safe and sound. Now we need one step forward to facilitate our services in a real 24/7 situation. I could image it brings lots of opportunities to the application developers, based on this new charging model from Amazon.

Tuesday, May 26, 2009

Security concern over PHP page access control

Under normal model-view-controller (MVC) design pattern, controller is a good mediator between the server and the client while the server can keep some secrets about how it redirects various requests with one single point of intact. It fits Java pretty well, so how about PHP?

Without MVC, PHP page redirection is fairly easier, but with a little bit out of control. The user may try hacking into a web application by sniffing the url. Somehow, this violates the workflow among the pages. Web developer may try their best to hide the url from the users. However, it's not quite practical as nowaday browsers always keep up-to-date to have new features to protect the user's interest, i.e., disclosing as much information as they can from the web site. At least, you can't suppress the url bar on IE7.

The enclosed link was originally the problem on a forum about how to prevent direct downloading of javascript source code from the web server. Someone gives out a good example. The thoery behind this is based on using PHP MD5 checksum to generate unique ID session for the calling page and then use it as input parameter to verify the access right on the target page by comparing the ID session object and the input parameter.

Let's have a enhanced version for PHP pages.

Example:





From this example, only the user clicking the link can access page1.php. When trying to access the main content of page1.php by typing url directly, no one will succeed. A warning message will be shown instead. Simple, but useful ;-)




Friday, May 15, 2009

Get cursor position within Textarea

Thanks to someone sharing the javascript code for getting curssor position within web component like Textarea on both IE and Firefox browser. The code would look like this:

function doGetCaretPosition(ctrl) {
var CaretPos = 0;
// IE Support
if (document.selection) {
// The current selection
var range = document.selection.createRange();
// We'll use this as a 'dummy'
var stored_range = range.duplicate();
// Select all text
stored_range.moveToElementText( ctrl );
// Now move 'dummy' end point to end point of original range
stored_range.setEndPoint( 'EndToEnd', range );
// Now we can calculate start and end points
CaretPos = stored_range.text.length - range.text.length;
}
// Firefox support
else if (ctrl.selectionStart ctrl.selectionStart == "0")
CaretPos = ctrl.selectionStart;
return (CaretPos);
}


It does it's job very well, except when you press the navigation keys like arrow keys or even [Shift] key inside Textarea. In IE (only in IE), the cursor position will always shift to the end of the string after you press keys like those metioned above. To make it better, we can avoid any action taken when those problematic keycodes are detected.

var intKey = 0;
if (!is_gecko){
var evnt = window.event;
intKey = parseInt(evnt.keyCode);
}
// Process only if key code is not in ignore list (Fix IE bug)

//Firefox will pass this condition
if (intKey!=8 && intKey!=16
&& intKey!=17 && intKey!=18
&& intKey!=33 && intKey!=34
&& intKey!=37 && intKey!=38
&& intKey!=39 && intKey!=40) {

var posStart = doGetCaretPosition(elm);
...processing string and move caret if you like

}

Firefox is always fine with this, it won't reset the cursor positon when you call selectionStart property. Therefore, we only need to be aware of IE's wired behaviour;-)

Thursday, May 14, 2009

A long way to go

It has been a couple of years since I started to think about how E-Health System should be evolved in such a niche market - short of funding and support. Although the Government has been aware of doing something in E-Health service, there is no clear objectives on what has to be done. Most of the things are still happening on the paper.

We know that there is a market among the hospitals. The medical staff at the front end are suffering from the paperwork which should have been replaced long time ago since the great inventions of computer and Internet existed. The jargon to make a hurdle for somebody to step in E-Health industry is "Patient's privacy".

What we can do is to struggle between opening information to the expertise and guarding the patient's privacy.