AppGini - building a webpage/db
-
@Dashrender said in AppGini - building a webpage/db:
@stacksofplates said in AppGini - building a webpage/db:
Airtable is a good tool for this kind of stuff
Nice, though I'm guessing not HIPAA compliant (or at least they won't sign a BA for it)...
yup, guessed it
You are trying to design something in house to store PHI?
-
@Dashrender said in AppGini - building a webpage/db:
@stacksofplates said in AppGini - building a webpage/db:
Airtable is a good tool for this kind of stuff
Nice, though I'm guessing not HIPAA compliant (or at least they won't sign a BA for it)...
yup, guessed it
Well I mean that seems like it should have been mentioned in the op?
-
@IRJ said in AppGini - building a webpage/db:
@Dashrender said in AppGini - building a webpage/db:
@stacksofplates said in AppGini - building a webpage/db:
Airtable is a good tool for this kind of stuff
Nice, though I'm guessing not HIPAA compliant (or at least they won't sign a BA for it)...
yup, guessed it
You are trying to design something in house to store PHI?
We already do - it's called an excel spreadsheet.
-
I would say there is a never a case where you want to design something in house to store PHI. Unless, of course you are a software company that is willing to go through things like external code review, pen testing, HIPAA certification, etc. It is just a HUGE risk that could potentially put your upper management in a hot seat (or prison) if there is a breach.
-
@Dashrender said in AppGini - building a webpage/db:
@IRJ said in AppGini - building a webpage/db:
@Dashrender said in AppGini - building a webpage/db:
@stacksofplates said in AppGini - building a webpage/db:
Airtable is a good tool for this kind of stuff
Nice, though I'm guessing not HIPAA compliant (or at least they won't sign a BA for it)...
yup, guessed it
You are trying to design something in house to store PHI?
We already do - it's called an excel spreadsheet.
Excel spreadsheet and web app are totally different. Web apps have so many more component and holes in them that you have to be worried about.
-
@stacksofplates said in AppGini - building a webpage/db:
@Dashrender said in AppGini - building a webpage/db:
@stacksofplates said in AppGini - building a webpage/db:
Airtable is a good tool for this kind of stuff
Nice, though I'm guessing not HIPAA compliant (or at least they won't sign a BA for it)...
yup, guessed it
Well I mean that seems like it should have been mentioned in the op?
It kind of is. "At this time." Anyone who understands what it would cost will know to reach out. Anyone who thinks that they should reach out and find out what it will cost, won't be happy with the answer.
-
@IRJ said in AppGini - building a webpage/db:
I would say there is a never a case where you want to design something in house to store PHI. Unless, of course you are a software company that is willing to go through things like external code review, pen testing, HIPAA certification, etc. It is just a HUGE risk that could potentially put your upper management in a hot seat (or prison) if there is a breach.
This is in-house for in-house use only. How is this any worse than storing PHI in Excel?
-
@Dashrender said in AppGini - building a webpage/db:
@IRJ said in AppGini - building a webpage/db:
I would say there is a never a case where you want to design something in house to store PHI. Unless, of course you are a software company that is willing to go through things like external code review, pen testing, HIPAA certification, etc. It is just a HUGE risk that could potentially put your upper management in a hot seat (or prison) if there is a breach.
This is in-house for in-house use only. How is this any worse than storing PHI in Excel?
-
@scottalanmiller said in AppGini - building a webpage/db:
@stacksofplates said in AppGini - building a webpage/db:
@Dashrender said in AppGini - building a webpage/db:
@stacksofplates said in AppGini - building a webpage/db:
Airtable is a good tool for this kind of stuff
Nice, though I'm guessing not HIPAA compliant (or at least they won't sign a BA for it)...
yup, guessed it
Well I mean that seems like it should have been mentioned in the op?
It kind of is. "At this time." Anyone who understands what it would cost will know to reach out. Anyone who thinks that they should reach out and find out what it will cost, won't be happy with the answer.
What are you talking about? I'm saying if he needed his app to be HIPAA compliant he should have mentioned it in the op.
-
@Dashrender said in AppGini - building a webpage/db:
@IRJ said in AppGini - building a webpage/db:
I would say there is a never a case where you want to design something in house to store PHI. Unless, of course you are a software company that is willing to go through things like external code review, pen testing, HIPAA certification, etc. It is just a HUGE risk that could potentially put your upper management in a hot seat (or prison) if there is a breach.
This is in-house for in-house use only. How is this any worse than storing PHI in Excel?
Excel has that code review, and depends 100% on Windows OS security.
I think IRJ is really referring to bespoke networked software. If you were making a notepad replacement that just highlighted certain phrases and only edited local text files that are already protected by the OS... I don't think that that is what he means.
-
@scottalanmiller said in AppGini - building a webpage/db:
@Dashrender said in AppGini - building a webpage/db:
@IRJ said in AppGini - building a webpage/db:
I would say there is a never a case where you want to design something in house to store PHI. Unless, of course you are a software company that is willing to go through things like external code review, pen testing, HIPAA certification, etc. It is just a HUGE risk that could potentially put your upper management in a hot seat (or prison) if there is a breach.
This is in-house for in-house use only. How is this any worse than storing PHI in Excel?
Excel has that code review, and depends 100% on Windows OS security.
Yes
-
@IRJ said in AppGini - building a webpage/db:
@Dashrender said in AppGini - building a webpage/db:
@IRJ said in AppGini - building a webpage/db:
I would say there is a never a case where you want to design something in house to store PHI. Unless, of course you are a software company that is willing to go through things like external code review, pen testing, HIPAA certification, etc. It is just a HUGE risk that could potentially put your upper management in a hot seat (or prison) if there is a breach.
This is in-house for in-house use only. How is this any worse than storing PHI in Excel?
Well - I still don't make the decisions.
-
@IRJ said in AppGini - building a webpage/db:
@scottalanmiller said in AppGini - building a webpage/db:
@Dashrender said in AppGini - building a webpage/db:
@IRJ said in AppGini - building a webpage/db:
I would say there is a never a case where you want to design something in house to store PHI. Unless, of course you are a software company that is willing to go through things like external code review, pen testing, HIPAA certification, etc. It is just a HUGE risk that could potentially put your upper management in a hot seat (or prison) if there is a breach.
This is in-house for in-house use only. How is this any worse than storing PHI in Excel?
Excel has that code review, and depends 100% on Windows OS security.
Yes
Interesting - so you don't consider any software that hasn't gone through code review good enough to store PHI or PCI, etc type data?
-
@Dashrender said in AppGini - building a webpage/db:
@IRJ said in AppGini - building a webpage/db:
@scottalanmiller said in AppGini - building a webpage/db:
@Dashrender said in AppGini - building a webpage/db:
@IRJ said in AppGini - building a webpage/db:
I would say there is a never a case where you want to design something in house to store PHI. Unless, of course you are a software company that is willing to go through things like external code review, pen testing, HIPAA certification, etc. It is just a HUGE risk that could potentially put your upper management in a hot seat (or prison) if there is a breach.
This is in-house for in-house use only. How is this any worse than storing PHI in Excel?
Excel has that code review, and depends 100% on Windows OS security.
Yes
Interesting - so you don't consider any software that hasn't gone through code review good enough to store PHI or PCI, etc type data?
Yup.
-
@Dashrender said in AppGini - building a webpage/db:
@IRJ said in AppGini - building a webpage/db:
@Dashrender said in AppGini - building a webpage/db:
@IRJ said in AppGini - building a webpage/db:
I would say there is a never a case where you want to design something in house to store PHI. Unless, of course you are a software company that is willing to go through things like external code review, pen testing, HIPAA certification, etc. It is just a HUGE risk that could potentially put your upper management in a hot seat (or prison) if there is a breach.
This is in-house for in-house use only. How is this any worse than storing PHI in Excel?
Well - I still don't make the decisions.
I dont make final decisions either, but that doesnt mean I wont fight doing the wrong thing.
Its your job to say NO sometimes. Plain and simple. If you dont say NO to something like this you aren't doing your job.
-
@IRJ said in AppGini - building a webpage/db:
@Dashrender said in AppGini - building a webpage/db:
@IRJ said in AppGini - building a webpage/db:
@Dashrender said in AppGini - building a webpage/db:
@IRJ said in AppGini - building a webpage/db:
I would say there is a never a case where you want to design something in house to store PHI. Unless, of course you are a software company that is willing to go through things like external code review, pen testing, HIPAA certification, etc. It is just a HUGE risk that could potentially put your upper management in a hot seat (or prison) if there is a breach.
This is in-house for in-house use only. How is this any worse than storing PHI in Excel?
Well - I still don't make the decisions.
I dont make final decisions either, but that doesnt mean I will fight doing the wrong thing.
Its your job to say NO sometimes. Plain and simple. If you dont say NO to something like this you aren't doing your job.
Interesting - I'm seriously believing that my EHR company doesn't have code review, other than internal review - is that good enough?
So basically, you're staying I'm stuck - I'm forced to hire someone to custom write me a system, and then hire someone to review that software before I can actually use something.
-
@Dashrender said in AppGini - building a webpage/db:
@IRJ said in AppGini - building a webpage/db:
@Dashrender said in AppGini - building a webpage/db:
@IRJ said in AppGini - building a webpage/db:
@Dashrender said in AppGini - building a webpage/db:
@IRJ said in AppGini - building a webpage/db:
I would say there is a never a case where you want to design something in house to store PHI. Unless, of course you are a software company that is willing to go through things like external code review, pen testing, HIPAA certification, etc. It is just a HUGE risk that could potentially put your upper management in a hot seat (or prison) if there is a breach.
This is in-house for in-house use only. How is this any worse than storing PHI in Excel?
Well - I still don't make the decisions.
I dont make final decisions either, but that doesnt mean I will fight doing the wrong thing.
Its your job to say NO sometimes. Plain and simple. If you dont say NO to something like this you aren't doing your job.
Interesting - I'm seriously believing that my EHR company doesn't have code review, other than internal review - is that good enough?
They certainly do more than that if you are using Athena Health. They are HIITRUST certified
-
@Dashrender said in AppGini - building a webpage/db:
So basically, you're staying I'm stuck - I'm forced to hire someone to custom write me a system, and then hire someone to review that software before I can actually use something.
If dealing with PHI, then 100% yes you are not just able to design your shit on a whim.
-
@IRJ said in AppGini - building a webpage/db:
If dealing with PHI, then 100% yes you are not just able to design your shit on a whim.
Why do you trust Excel but not this app? You trust MS?
Is it possible they put backdoors, etc into shit - yeah, but it's generating PHP would can all be audited, so I don't fear this like you do.
I can also lock the server down to prevent it from talking to the internet.
AppGini is self hosted solution, not a cloud solution.I think you're being over cautious.
-
@Dashrender said in AppGini - building a webpage/db:
I think you're being over cautious.
Nope. Not something I am willing to ruin my career over.