My HealtheVet question

47 views
Skip to first unread message

Kevin Toppenberg

unread,
Aug 27, 2021, 7:15:58 AM8/27/21
to Hardhats

I am curious if anyone in the community has got My HealtheVet running?  I am wondering if this would be a solution for my private practice to establish a patient portal.

Does anyone know how the technology works?  I.e. is it directly connected to the mumps VistA database?  Or is it a separate database that receives copies of the data and then displays it?

Special concerns I have would be to ensure security of the data.  Does is support 2FA?

Thanks
Kevin

Sam Habiel

unread,
Aug 27, 2021, 9:54:03 AM8/27/21
to hardhats
myHealtheVet is a Java application on an Oracle database. It does not talk a lot to VistA, but when it does, it uses VistALink J2EE code. I don't think it's easily deployable outside of the VA, but we do have the source code somewhere in the OSEHRA Technical Journal. Most of its functionality exists outside of VistA; I think the only reason it ever talks to VistA is to send refill requests. But I think it just mostly talks to the CDW to get the patient data.

There is KRM's HealtheMe; but I don't know where that lives anymore; I think it's also on the OSEHRA Technical Journal.

I heard from the grapevine many years ago that Oroville Hospital and their system wrote something on top of VistA using some variation of EWD.

I don't know what either Medsphere or DSS is doing for their clients to be honest.

If I were to build something from scratch, I would use QEWD, but unfortunately you have to build the entire security system for patients, as there is no way to authenticate patients in VistA. Note that unfortunately, like any node.js technology, you basically need to keep your stack current every month as new vulnerabilities keep coming up.

This could be a good collaborative project, if people were interested.

--Sam

--
--
http://groups.google.com/group/Hardhats
To unsubscribe, send email to Hardhats+u...@googlegroups.com

---
You received this message because you are subscribed to the Google Groups "Hardhats" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hardhats+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hardhats/5571a098-36a5-438b-9c29-c66d85edc685n%40googlegroups.com.

Nancy Anthracite

unread,
Aug 27, 2021, 11:07:36 AM8/27/21
to hard...@googlegroups.com, Sam Habiel
Kevin, the liability associated with being hacked is considerable, so if you
are thinking of a patient portal, I would suggest that you only put data on
there for patients who understand the risk and sign an agreement that they do.
I would consult a lawyer and also understand that HHS goes after people who
get hacked if their security is not what they consider up to snuff and fines
them. As far as I know, they don't really have a standard for security and
there is no liability protection for those who meet any particular standard
such as one on NIST.

--
Nancy Anthracite
> > <https://groups.google.com/d/msgid/hardhats/5571a098-36a5-438b-9c29-c66d85edc685n%40googlegroups.com?utm_medium=email&utm_source=footer>
> > .
> >
>
>




Kevin Toppenberg

unread,
Aug 27, 2021, 2:32:54 PM8/27/21
to Hardhats
Nancy,

I agree about the security issue.  I was hoping that if someone else had made the solution, they would have solved some of those problems.  I looked to see if there are any turn-key solutions, but everyone wants to sell a full package with EMR, practice management etc etc. 

Sam,

Thanks for the info.  Sounds like a bigger project than I want to get into right now.  That J2EE stuff is a pain in the butt.  When I was part of the e-screening program, that issue kept coming up over and over.  There is no way that I could ensure that it was all secure when I could barely understand how it works.

Thanks all
Kevin
Reply all
Reply to author
Forward
0 new messages