web service will blow open third party development

[apollonia]

having OD tables available via the new web service will blow wide open third party web application development to augment OD.

just a few thoughts:

- interactive web-based lab communication, upload and view photos, send messages back and forth, coordinate pickup and delivery, email case notifications, etc.
- dental practice consultants automating their daily/weekly/monthly reporting templates to gather information directly from OD users -- eliminates data reporting compliance issues
- OD users might talk directly to other users via user forums that are directed toward general practice issues and not software questions
- electronic charting utilities can see which appointments from OD appointment tables that don't have clinical notes and provide easy interface to automate paperless charting
- interactive payroll processing that takes data from OD and calculates bonuses, commission, and overtime (varies by state) then shoots info to online processing (third parties)
- interaction with accounting programs, vendor purchases, etc.
- like iPhone apps, there really is no limit.

this truly is a game changer.

[jordansparks]

Based on your history, I fully expect you to develop and sell some plugins for OD that perform some of the functions that you listed.

One current issue that you are maybe not aware of is that we have only built the web service to work in a secure LAN, including in a VPN. We have not given much consideration to making it work over the internet at large. The reason for this is that it would expose the entire patient database to hackers who have nothing better to do than pound away at it all day long. I think we will gradually move towards making it work across the internet on https, but it will take some time. For example, we need to build in better ways for users to change their own passwords and to force those passwords to be secure, including numbers, punctuation, etc.

Once the web service is more secure, I expect us to have two different client platforms. One is the installed Windows program that we have now. The other will be a "lite" web version. They will both connect to the web service, and anyone could host them, including us.

There are already a variety of companies that have interfaced with OD in different ways. Some of them are more real-time or more elegant than others. We try to help them and make it easy for them rather than blocking them like most other dental software companies do.

[apollonia]

i'm poking around a bit and agree that the security issues prevent anything public as yet.

maybe with some sort of user-generated authentication key as a global login security, and perhaps using HTTPS to encrypt the requests, this could become a reality without much refactoring of existing code.

[jordansparks]

Passwords work just fine as long as you:
1. Force them to be strong (something that online banks amazingly don't even do).
2. Force users to change the passwords from time to time.

Yes, it's annoying, but anything less can be cracked by a determined hacker. And it's enough when you run it over https. No further special keys or techniques are required.