Secure and Accessible Electronic Medical Records: Setting Up Your Own Reliable, Low-Cost Web-Based System

Table of Contents


Medical records are often required at multiple sites, but secure data transmission has been problematic for many providers and organizations. This document describes a practical method for using readily available, inexpensive software components to build a electronic medical record system that is accessed securely via the World Wide Web.

Operating System and Hardware

The system described here can be run under the increasingly popular Linux operating system on ordinary IBM PC-compatible hardware. The cost of hardware for a powerful system (without monitor) should easily be less than $1,000.


The software required can be set up by someone with the degree of computer expertise that is now commonly available among advanced high school students. To ensure low cost and reliable high quality, one may use open-source software packages. Because the software improves rapidly with updates every few months, including security updates, the latest versions should be used. A standard Web browser running on any hardware can be used to retrieve and input data from and to the server. Three components are required for the server computer:
  1. A secure Web server. One popular choice is the Apache web server ( with the Raven security module ( The Raven module costs $357. The Apache server comes with a no-cost license for unrestricted use. A less expensive secure server is available from for $150.
  2. A database server. The popular MySQL database server ( is a full-fledged SQL database that differs in capabilities from Oracle largely in its lack for transactional support (commit/rollback capability).

    The MySQL server comes with a no-cost license for unrestricted use except for resale of the MySQL software itself. See the Web site for details.

  3. A server-side Web script interpreter. The PHP interpreter ( is a powerful script language whose interpreter can be build right into the Apache Web server for enhanced speed.

    The PHP package comes with a no-cost license for unrestricted use.

Equivalent Microsoft software (, that may be less secure (, costs at least $3,000 (Windows NT Server with 5 clients, $800 at Internet server suite (with SQL server), $2,300 at 8/30/1999).

Creating Your Electronic Medical Record System

After installation of the software components described above, the following steps are required: (1) generation of a secure Server Certificate using the software, (2) writing the scripts that implement the user interface to the database, and (3) creating the database structure and initializing it from preexisting data.

Available Software

An open-source project to develop medical office software has existed for about a year, and now appears to be reaching the point of being useful. It is named The FreeMed Project and is located at It is based on Apache and PHP, the software described above, and uses standard Web browsers for the user interface. At the moment Freemed is available in German, French, Spanish, Italian and Chinese as well as English. This software is probably not useful for practical use in the short term, but is a good basis for customization by an consultant (see below).


Many organizations choose not to invest their professional time in learning how to set up and install the above packages, and similarly choose not to learn how to write the scripts necessary to create an operational medical records system. In these cases, consultants may be hired to perform these tasks as well as to train staff in the operation of the new database system.

When selecting consultants, it is prudent to remember that the consultant is offering a personal service. He or she must talk at length with the client physicians and office staff to ascertain how the database should be structured and how work should flow through the user interfaces. Often this information is not provided directly by clients, but rather must be inferred and intuited from what the clients say and do. Thus, the consultant's personality should mix well with the personalities in the client office(s). The consultant should be prepared to provide several prototype implementations, each a refinement of the one before it, to allow the clients to see how the new system will look and function, before actual implementation is performed. It is wise to prepare a statement of work to be performed to make sure that everyone has the same idea of what the final product will be able to do.

It is reasonable to expect that the consultant will provide a copy of the source code so that the client can have someone else update and support the purchased system in case the original client cannot. This source code can either be owned by the client or, more likely, licensed from the consultant with the right to make modifications for internal use.

The cost of preparation of an electronic medical system depends on the complexity of the task. Readers should be sure to look at turn-key systems in the market to see whether their needs might be better met with such systems than with a custom-tailored but perhaps less sophisticated system of the type described here.


Comprehensive support for the Linux operating system is available from IBM and from Hewlett-Packard, as well as from less well-known companies such as LinuxCare.

Support for custom-written software should be available from whomever wrote it, for a reasonable annual fee.

For questions or comments on this document, please email

Copyright © 2000 Cardiothink, Inc.
All Rights Reserved.