Linking website to database in the office

For users or potential users.
Post Reply
Estan
Posts: 3
Joined: Thu May 03, 2012 9:43 am

Linking website to database in the office

Post by Estan » Thu Jan 16, 2014 4:25 am

I wondered if anyone can guide me through this.

I want to run a MYSQL select query from my website using php querying the MYSQL SERVER on my office pc which has the opendental database on it.

I have already set-up the the appropriate php files to render the web page and for the query.
I have an ssl certificate on the web server.

I have found the following bits and bobs on the internet and think I need to do the following:

1.set up a user on mysql server.
2.Give it the ip address and username of website.
3.secure using ssl certificate
4. to forward port 3306 on the office pc

I will be using my backup on a home pc to start with. I'm a compete novice, so if anyone can give me an idiot guide I would really appreciate it.

User avatar
Rickliftig
Posts: 764
Joined: Thu Jul 10, 2008 4:50 pm
Location: West Hartford, CT
Contact:

Re: Linking website to database in the office

Post by Rickliftig » Fri Jan 17, 2014 1:59 pm

If all you want to do is access and use Open Dental remotely, there are many programs. I use logmein. Similarly, if all you want to do is backup to your home, I also use logmein backup. Backup to the cloud is easy with Crashplan or the like.

Hey, why re-invent the wheel?

Rick
Another Happy Open Dental User!

Rick Liftig, DMD FAGD
University of CT 1979
West Hartford, CT 06110
srick@snet.net

User avatar
Hersheydmd
Posts: 700
Joined: Sun May 03, 2009 9:12 pm

Re: Linking website to database in the office

Post by Hersheydmd » Fri Jan 17, 2014 11:48 pm

Rick,
Why do you need LogMeIn, when Windows Remote Desktop works so well and is so easy to use?
Robert M Hersh DMD, FAGD
Univ. of Penn 1982
Brooklyn, NY 11234
https://www.facebook.com/pages/Robert-M ... 1471599429

User avatar
Rickliftig
Posts: 764
Joined: Thu Jul 10, 2008 4:50 pm
Location: West Hartford, CT
Contact:

Re: Linking website to database in the office

Post by Rickliftig » Sat Jan 18, 2014 6:15 pm

Rob - probably like so many of us, that's what I started using and so I'm used to it. I guess I'll put RDP on the todo list!

Best,

Rick
Another Happy Open Dental User!

Rick Liftig, DMD FAGD
University of CT 1979
West Hartford, CT 06110
srick@snet.net

Estan
Posts: 3
Joined: Thu May 03, 2012 9:43 am

Re: Linking website to database in the office

Post by Estan » Sun Jan 19, 2014 4:47 am

Hi Rick,

I don't want to access the program remotely. I want to set up a web page allowing patients to see what appointments are available over the next week.

We handle a lot of email enquiries from patients wanting to book in. Instead of the front desk having to look for the appropriate appointments, I want to let the patients look on a web page and choose.

The bare bones is some php to produce a web page with the next four working days and a sql query to show availability on the days.

Its the connection between the php on the web server and the mysql server(on my backup to start with) that I'm trying to figure out.

bpcomp
Posts: 304
Joined: Mon Feb 27, 2012 7:30 am
Location: Tucson, AZ
Contact:

Re: Linking website to database in the office

Post by bpcomp » Thu Jan 23, 2014 7:23 am

Estan, I'm going to recommend that you not do this yourself. As a complete novice, the danger of opening access from your patient database to internet access without being something of an expert in security is a disaster waiting to happen. I am not said expert and would not know how to do it but I know that there are some third party services that can provide this functionality for you. The downside is that they cost you money each month. The upside is that they have gone through all the hassle of making sure that the connections are secure and not opening your office data up to the internet.

User avatar
jsalmon
Posts: 1551
Joined: Tue Nov 30, 2010 12:33 pm
Contact:

Re: Linking website to database in the office

Post by jsalmon » Thu Jan 23, 2014 10:08 am

And if you do end up implementing it make sure everything you do is HIPAA compliant.
The best thing about a boolean is even if you are wrong, you are only off by a bit.

Jason Salmon
Open Dental Software
http://www.opendental.com

User avatar
B.Thomas
Posts: 160
Joined: Mon Jul 23, 2007 11:00 pm

Re: Linking website to database in the office

Post by B.Thomas » Mon Jan 27, 2014 4:47 pm

Yes, a big red Hipaa flag popped up when I read that. You would need to ensure the website server, where the patient information was being stored, is private and not shared for starters. Then make sure that server drive was encrypted and that there was a log of every user who had access to it. I've been reading up on HIPAA and HiTech recently and it's not pretty.

I'm not even sure how Hipaa compliant remote desktop is any more. Is an SSL connection good enough or should it be run through a VPN? Ugh!

User avatar
jsalmon
Posts: 1551
Joined: Tue Nov 30, 2010 12:33 pm
Contact:

Re: Linking website to database in the office

Post by jsalmon » Mon Jan 27, 2014 5:36 pm

To my knowledge, as long as the SSL connection is FIPS compliant (uses TLS 1.2) then it's secure enough for HIPAA. At least that is what the ONC has as their requirement for EHR softwares and they better be HIPAA compliant otherwise I've got a bone to pick with them. :?
The best thing about a boolean is even if you are wrong, you are only off by a bit.

Jason Salmon
Open Dental Software
http://www.opendental.com

teamhowey
Posts: 39
Joined: Fri Apr 09, 2010 12:44 pm

Re: Linking website to database in the office

Post by teamhowey » Thu Jan 30, 2014 11:12 am

look at mypatientscheduler.com It does what you are trying to do.

KevinRossen
Posts: 293
Joined: Mon Apr 22, 2013 8:49 am
Location: Dallas, TX
Contact:

Re: Linking website to database in the office

Post by KevinRossen » Mon Feb 17, 2014 6:10 pm

jsalmon wrote:To my knowledge, as long as the SSL connection is FIPS compliant (uses TLS 1.2) then it's secure enough for HIPAA. At least that is what the ONC has as their requirement for EHR softwares and they better be HIPAA compliant otherwise I've got a bone to pick with them. :?
I'm looking into setting up some automated reports for my office. I'd like to do it web-based with a couple javascript plugins and (I'm guessing) PHP programming. I still need to learn the language a little bit, but I'm wondering if I could get some feedback.

I'm planning on making sure the host is encrypted, but I really want to make sure I don't accidentally allow any personal information get accessed. My general questions:
  • How secure would MySQL be with both high-level encryption and SSL certificates?
  • Would it be better for me to setup my own server to make sure I control the data?
  • I've considered creating a second copy of the MySQL database and dropping any unnecessary tables/columns before uploading. Would that be smart?
If you have any feedback I'd appreciate it. Thanks
Kevin Rossen
Office Manager, Rossen Dental
Founder, DivergentDental.com
Image

User avatar
jsalmon
Posts: 1551
Joined: Tue Nov 30, 2010 12:33 pm
Contact:

Re: Linking website to database in the office

Post by jsalmon » Mon Feb 17, 2014 11:14 pm

KevinRossen wrote:How secure would MySQL be with both high-level encryption and SSL certificates?
That's a pretty loaded question. I think it would be as secure as you would need it to be. My biggest thing with accessing your database via the web is to make sure to be intimately familiar with creating MySQL users. You should have a separate MySQL user per web application that you build that has very minimal permissions. By permissions, I'm referring to what the MySQL user has rights to do with MySQL in general, SELECT statements, creating functions and procedures, inserting new data, etc.
KevinRossen wrote:Would it be better for me to setup my own server to make sure I control the data?
I guess it wouldn't hurt and depending on what information you are wanting, it might be exactly what you need to do to put your mind at ease. But if your separate database has sensitive information on it already, it will most likely be an unnecessary hoop that you create for yourself to jump through. We created a separate db for the Open Dental mobile app. However, the patient portal app that we created uses the same database as what the full application talks to. So it all depends on what your "reports" will be accessing which will help determine what you should spend your time locking down, what users have access to or beefing up the connection security at which the data passes through.
KevinRossen wrote:I've considered creating a second copy of the MySQL database and dropping any unnecessary tables/columns before uploading. Would that be smart?
I'd almost consider this the same situation as the previous question. In a sense you are creating your own database by doing this in the first place and instantly force Open Dental to never be able to talk to the new database. If you are wanting to isolate your database that faces the web, this route might just save you substantial time instead of growing your own custom database.

If you ever want data to go from this db back to the live db, that's going to open a whole other can of worms and I highly urge you to reconsider what you're planning on doing because it will potentially make your and our lives harder when troubleshooting what's going on with your db. If it's simply reports, I say have at it!
The best thing about a boolean is even if you are wrong, you are only off by a bit.

Jason Salmon
Open Dental Software
http://www.opendental.com

KevinRossen
Posts: 293
Joined: Mon Apr 22, 2013 8:49 am
Location: Dallas, TX
Contact:

Re: Linking website to database in the office

Post by KevinRossen » Tue Feb 18, 2014 4:51 am

Thanks for the feedback. I'm still researching what I'm wanting to do, so your thoughts are very helpful.
Kevin Rossen
Office Manager, Rossen Dental
Founder, DivergentDental.com
Image

KevinRossen
Posts: 293
Joined: Mon Apr 22, 2013 8:49 am
Location: Dallas, TX
Contact:

Re: Linking website to database in the office

Post by KevinRossen » Tue Feb 18, 2014 8:35 am

jsalmon wrote:We created a separate db for the Open Dental mobile app. However, the patient portal app that we created uses the same database as what the full application talks to.
Could you elaborate a little on these two databases? Are they hosted on the practice server or OD? How are they secured? If this info is already on the website I'd be happy to read it there. I'm mostly trying to figure out the best practices of securing my data, if I put it on another server.
Kevin Rossen
Office Manager, Rossen Dental
Founder, DivergentDental.com
Image

Post Reply