I would recommend the open source EMR project that is literally staring at you in the face here, which is OpenEMR :)
There is a reason why there is a healthy community of passionate volunteers and contributors from all walks of life that have spent an inordinate amount of time and resources to support this open source software.
Coming from one of the core volunteer developers that has contributed to this project over the last 18 years all I can say is that a lot has changed over that time. I consider it a robust and secure project regardless of its humble origins. And always happy to answer any questions regarding the project.
OpenEMR version 7.0 has achieved ONC 2015 Cures Update Certification through the SLI Compliance Certification Body. This certification is vital for medical practices in the United States.
OpenEMR (open source medical records software project) pretty much is always asking for donations and always looking for new routes to do this. This is meant to be a fun donation campaign that is highlighting OpenEMR's long history.
I'm a volunteer that has been contributing to OpenEMR for more than a decade and the last year, which is well represented by this 5.0.1 release, has been by far the funnest and most exciting yet. It's a great community that is open to volunteers of all types; come check us out.
But OpenEMR is already built, is in working form, is certified for Meaningful Use in the US, and most importantly is open source.
Epic and Cerner and other proprietary systems are too expensive for many practices in the US and have simply placed both a huge financial burden on the medical system and a productivity burden on the physicians.
Physicians need to take back their EMRs and their productivity and OpenEMR is a great route to do this. For example, a practicing ophthalmologist, whom is also a software developer, developed an eye module in OpenEMR with the goal of the physician maintaining productivity (ie. not to spend time entering meaningless data in an awkward and distracting fashion), which he succeeded at. Can read about the project here: http://www.open-emr.org/wiki/index.php/Eye_Exam
And right now OpenEMR needs more volunteers, physicians, developers, and donations to keep progressing. And what is so great about an open source project like this is that if OpenEMR keeps doing great things in the US, then these achievements are essentially multiplied by 1000 as low resource areas throughout the globe get free access to this same open source fully functional EMR.
i agree it sounds like a great tool, and epic and cerner leave huge unmet needs in terms of productivity and also cost. seems like marketing is the huge challenge
id imagine this is really for independent physicians at least in the most-near term, as the sales cycle at big hospitals is brutal, and youd have epic / cerner folks scaring the hospital admins about real / imagined security concerns.
but marketing to independent physicians is brutal. from what ive heard you need at least an inside, and sometimes field, sales force, and getting through all the marketing noise docs get is really hard. would love to hear your thoughts on how to market this more widely
edit: my post mostly concerns US physicians, but id imagine marketing challegnes would be just as big or greater for developing nations
It's hard to argue marketing to giant health care systems is difficult when you go up against corporations like Epic, Cerner, or Athena Health. We simply lack the funding to do so (just thinking about Cerner's marketing budget is mind-spinning). But outside the U.S. I find that marketing is substantially easier. Many developing nations and low-resource clinics seek out ways to be financially stable with next to no funding (compared to U.S. providers). While hard to track, we estimate most of the installs are outside the U.S. helping build healthcare in areas that could never dream of a 9 figure IT install. Being a free and open-source platform is our greatest "sales pitch."
I wrote a reference implementation of OpenEMR, the "OpenEMR Full Stack", that's taking aim at facility-grade loads. It's deployed from Amazon CloudFormation, and the highlights include multi-AZ redundancy, an Elastic Beanstalk deployment fronted with a load balancer running parallel OpenEMR instances in multiple AZs, an internal Route53 domain protected with SSL between nodes, redundant document stores for patient records, and enterprise-grade backup and recovery structures all wrapped up CloudTrail and Amazon's Key Management System.
I just spoke with someone today who argued that HIPAA requires TLS termination on an instance, not the ELB. Can’t confirm or deny, as I’m in financial services, thought I’d mention it for those under such compliance/regulations.
Yeah, you won't believe the work I had to put in over it. As part of the stack creation process, I have to create a backend CA and hand certificates out to a bunch of services, and then make other services use 'em. Getting Elastic Beanstalk to use an arbitrary certificate for the backhaul is both possible and documented, but not as well I would've liked.
It was CloudFormation that made it difficult -- I had to work out exactly how to get the certificate all the way down to the load balancer's configuration details, starting from CloudFormation's interface into provisioning Elastic Beanstalk.
However, the format ELB would accept a certificate in was really frustrating, too -- I ended up having to create a Lambda function that would load a certificate file from S3 and then parse it and then return the results as a resource CFN could later refer to. If I could've simply provided an S3 URI that the CA lived in, and had the ELB load it up during initial config, I could've used many fewer layers.
The CFN syntax for actually setting those critical ELB details was also unclear, too. It took some experimentation and off-Amazon examples before I finally understood how the rule groupings worked together.
Yep, marketing is a real issue, since that can take up extensive resources (I am just guessing that the proprietary EMRs sink 20% or more of their resources into marketing).
Especially since US based physicians are trained that more money means better things. As you can imagine the skepticism that then results when discussing a free EMR.
Prior to a year or so ago, OpenEMR really relied on the professional support (this is basically an organic ecosystem of companies, vendors, and professionals that offer paid services to support OpenEMR) for marketing. However, the project is now taking on a more active role in marketing and is why it is listed as an item to fund in the OpenEMR Collective blog. The goal would be to get professional marketing advice and guidance.
The developing nations market is really another matter. The marketing is still important and requires resources, but is mainly focused on making OpenEMR known and accessible to these nations (for example, OpenEMR currently supports 33 languages).
And we are always looking for volunteers with (or without since we are all learning) expertise to help us in these endeavors, and anybody is free to participate in the community (hint hint).
Thanks for the info, I'll look into the project. I really believe EMRs need to work better for docs and be more open. I know a few physician-programmers who've built their own web apps but EMR integration obviously sucks. If they can build on top of something open source and a small medical group can save money without losing functionality with an open source solution, that could garner enough donations / financial support to for ex hire an engineer
I am only a hobbyist programmer and am investing most of my spare time into learning new things, but if I ever get to the point where I felt I could add something to the open source community I'd definitely start with a project like this
I'm also a hobbyist programmer with a physician day job. Volunteering for OpenEMR has been and continues to be an awesome experience. If you or your colleagues are ever interested, always feel free to contact me at brady.g.miller (at) gmail (dot) com if you have any questions or use the forums at https://community.open-emr.org/ . Note that all of us are learning at all times, and the project welcomes all skill levels.
This project exists to offer an open source EMR and give providers and patients the freedom that comes with that.
OpenEMR has gone through the rigid US regulatory requirement for an outpatient EMR and is Meaningful Use certified. It can compete in functionality with any of the other proprietary outpatient EMRs out there.
This then give providers and patients throughout the globe, especially low resource areas, access to a free and open source fully functional product.
And we are always looking for volunteers, contributors, and donations to maintain the progress of OpenEMR.
Since OpenEMR is open source and supported by numerous vendors, companies, and volunteers, it's very difficult to accurately collect this information. It's downloaded more than 4000 times per month, and the project is confident there are thousands of installations in the US and across the globe. There was an attempt in 2012 in this article to quantify the number of installations:
http://www.openhealthnews.com/hotnews/openemr-continues-grow...
I'll note that there are (possibly out of date) estimates at the bottom of the Stage III page of ~31 developer months of work to be fully ready for Stage III and an estimate of $22k to cover the cost of certification testing. I suspect the testing hasn't gotten cheaper in the past 2 years, and I don't know how much developer effort has gone into MUIII.
On a quick scan (the spreadsheet file was 300MB and it looks like I wasn't able to load everything on my computer at work), there are at least 300+ OEMR attestations (this is the non-profit organization that represents OpenEMR for MU certification).
Will plan to look into this further and thanks again for pointing this out.
It shows the use of ImageMagick, a legendarily buggy and insecure application and library. It shows the use of system crypt() for password hashes, which isn't really very secure since (afaik) it doesn't support pbkdf2 on most systems or bcrypt (not the blowfish one) or script. It shows hardcoding database credentials in a flat file. And it shows it uses PHP, which has its own security problems as well as being well known as a language used by people not aware of secure coding practices.
The combination of OpenEMR being open source, open community, volunteer driven, physician driven and getting significant use in the real world makes it a perfect vehicle to glean really useful insights into EMR use and I highly recommend looking into it in your research endeavors. For example, in subjects such as EMR system development and the effects of regulation.
A really nice and innovative example on EMR system development is the development of the Eye module released in OpenEMR's most recent version 5.0. A practicing ophthalmologist, Dr. Ray Magauran, decided to develop a ophthalmology module in OpenEMR with the goal of actually improving efficiency over paper (as a physician, I would confidently say I have never used an EMR that is faster than paper). What this physician/developer did was simply amazing and the details of this eye module(including the makings of it) can be found here: http://www.open-emr.org/wiki/index.php/Eye_Exam
What I think is innovative here is that this was designed, built, tested, and used by a practicing physician on the front lines.
Then on the flip side can also learn about the dichotomy of fulfilling regulations versus developing an innovative and efficient EMR system, which OpenEMR provides a ring side seat too since the road to complete meaningful use certification was done the open source way(ie. in full public view).
Yep there was a lot of work both above and under the hood to modernize OpenEMR on the most recent release. Also was a several year effort to get complete meaningful use certification. Can see here for some more details on both efforts: http://www.openhealthnews.com/content/openemr-achieves-compl...
There is a reason why there is a healthy community of passionate volunteers and contributors from all walks of life that have spent an inordinate amount of time and resources to support this open source software.
Coming from one of the core volunteer developers that has contributed to this project over the last 18 years all I can say is that a lot has changed over that time. I consider it a robust and secure project regardless of its humble origins. And always happy to answer any questions regarding the project.