We continue with our success stories about Remote Database management and consulting services we provide to our clients.
Today we are going to tell you the story of an interesting client handling management and security of EHR data in New York, USA – Medi-EHR.
What is EHR?
EHR stands for Electronic Health Record. This is digital version of a patient’s paper chart. EHRs are real-time, patient-centered records that make information available instantly and securely to authorized users.
EHRs can contain a patient’s medical history, diagnoses, medications, treatment plans, immunization dates, allergies, radiology images, and laboratory and test results
One of the key features of an EHR is that health information can be created and managed by authorized providers in a digital format capable of being shared with other health care providers and organizations, such as laboratories, specialists, medical imaging facilities, pharmacies, emergency facilities, medical schools and clinics.
EHRs can automate and streamline different providers’ workflows. These better and seamless flows of information within a digital health care infrastructure, created by electronic health records (EHRs), encompasses and leverages the digital progress and can transform the way e-healthcare is delivered and compensated.
With EHRs, information is available whenever and wherever it is needed.
The benefits for e-healthcare by using EHRs are:
- Improved Patient Care
- Increase Patient Participation
- Improved Care Coordination
- Improved Diagnostics & Patient Outcomes
- Practice Efficiencies and Cost Savings
Because each EHR contains health data, it is among the data type considered sensitive.
According to the USA definition, any personal health data, financial data, credit worthiness data, student data, biometric data, personal information collected online, that can be used to carry out identity theft or fraud are considered sensitive.
Therefore, sensitive data fall under very tight rules for security and protection. Organizations working with such data must apply practices of defending it from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction.
As Electronic Health Record is mainly used in medical care, this is among businesses where data is produced permanently, leading to a prolific amount of it.
What Does Medi-EHR do?
Medi-EHR is a cloud-based electronic health record company, which stores patients’ data for doctors and hospitals. It provides telemedicine software as platform used by providers to connect with patients, and share video and images. It can be integrated with a provider’s electronic health record and scheduling systems.
Their platform also supports 3D surgery centers and makes patients to doctors communication. Through it patients can access their doctor from home for electronic prescriptions, which after that signed with digital identification certificates are sent directly to the pharmacies.
Medi-EHR also provides billing and invoicing for all e-healthcare services they support.
Through its digital platform the company is streamlining practice workflow by automating order entry, increasing coding accuracy, and providing portable, accessible, and secure patient info when and where it is needed.
The Medi-EHR Oracle Challenge:
Because of the constantly changing security demands of the USA healthcare and the enormous quantity of data piling up, Medi-HER have a huge and complex database environment.
Medi-EHR used Oracle Enterprise Edition and have licenses for every Oracle component: Tuning, Oracle Application Express (APEX) and the Database (DB).
The start of our mutual work was in 2016, when the company’s owner requested us to maintain its database.
Before we stepped in, we did a through health check and identified several issues with the performance, Oracle Application Express (APEX) and the database.
The slow environment was due to needed server and database acrchitecture, which lead to big disks overload.
The application issues were due to needed Application and Database upgrades.
Phase 1 – New Production Server:
We started by setting up entirely new server, on which the OS layer was separated from the DB layer and restructured for better performance.
BAAER upgraded the architecture, which decreased the disks overload and improved the speed of the system.
We also did a big memory upgrade, which also significantly improved the performance.
Phase 2 – Upgrade of the Application, DB, and the Security Protocol:
After clearing the performance issues, it was time for an upgrade.
On the old server the version of the DB was 10, which is not supported for years. We upgraded it to 11gR2, which support was due to end, but Oracle decided to prolongate its paid Extended Support.
The APEX was 5.1 and we upgraded it to higher version.
The Application upgrade was related to the security protocol – Transport Layer Security (TLS) upgrade. Like and its now-deprecated predecessor, Secure Sockets Layer (SSL), it is cryptographic protocols designed to provide communications security over a computer network. The American health authorities have requirement every third-party system to use at least TLS 1.2 to communicate with their systems, so we installed this version, which resulted in lower clients’ request for the Application availability.
Phase 3 – Implementation of Oracle Data Guard
The Applications issue were also related to the increase of the users. This required parameters adjustment and implementation of Oracle Data Guard.
What Does Data Guard do?
Each DB has at least one recovery copy. Data Guard is not an obligatory setting for a system. It is good practice for critical businesses, as it ensures high availability, data protection, and disaster recovery for enterprise data. It does it by creating the same copy/copies of the primary (main) database (s), stored in a different data center. They stay on standby. Only in case of disasters (data center flooding, server fail, etc.) and data corruptions you can within minutes transfer the whole traffic to the standby database(s) to evade downtime and enable production
Data Guard can reduce the downtime – for example from 10-12 hours, only to 5-6 minutes, because it is served by totally different data center.
Phase 4 – New Test Servers:
After solving the issue with the production part, out team set up two additional servers for test needs.
The first one runs MySQL database and is not connected with the main system.
The second one was to test everything on latest versions.
The Oracle database on the production server 11gR2 was due to be be out of any support . On the other hand, the security protocol was not very well supported by the Application version, which created connection issues.
This test server ran the newest Oracle DB version – 19c and the latest Application – Oracle APEX 20.1. 0.00. 13, which was released on April 23, 2020. Currently our team is in the process of testing and compiling.
Schedules and upgrade of the whole production system are planned.
Worth mentioning is that BAAER adapted to the requests of Medi-EHR on how to connect to their system and provides all its services from Sofia through VPN.
Big appraisal for our work is the numerous emails of gratitude from Medi-EHR owner for the excellent support we are doing for his company.
This successful story is proof of pure remote support on a 24/7 basis for this New York company with very high demands on data security.