Printable Version of Topic

Click here to view this topic in its original format

UtterAccess Forums _ General Chat _ Using Access As A Clinical Database

Posted by: lbster Aug 2 2018, 02:27 PM

Hello All,

I was wondering your opinion if MS Access would be proficient enough to be used as a clinical database (patients, history, etc)? Let me be clear this is for an individual family practice, not some large corporation. They have maybe 5 employees and I'm not sure how many active patients (probably under 1000). I know there may be unknowns of what other things they may need it for, but in general, would it be good enough to be used as an interface and relational database in this scenario? Maybe I need to ask, what flags would tell me not to use Access?

Thanks for your time/thoughts,

Lance

Posted by: theDBguy Aug 2 2018, 02:34 PM

Hi Lance,

As far as using Access as a basis for a business database is not going to be the problem for a small- to medium-size business. However, in this particular scenario, I think you will find complying with the laws and regulations surrounding healthcare, such as HIPAA (for example), would be the most concern you'll have when deciding if Access would be suitable in your case. My first instinct would be a "no," but I am not fully versed with HIPAA requirements (for example).

Just my 2 cents...


Posted by: cheekybuddha Aug 2 2018, 02:35 PM

Yes and no!

Access certainly has the capability, if properly designed, to run such a database.

Your real issue will be security. Unfortunately, Access is not very secure (in its native form, at least). There are many things you can do to mitigate this, but nothing will be 100% foolproof.

A different backend such as SQLServer or MySQL (or others) is one way to mitigate such a risk.

However, to get a usable database, for your whole practice will be a pretty major undertaking.

The benefit will be that you can make it bespoke for your working practices.

hth,

d

Posted by: GroverParkGeorge Aug 2 2018, 02:47 PM

An Access front end with a SQL Server back end would probably work best.


Posted by: JonSmith Aug 2 2018, 03:57 PM

QUOTE
I think you will find complying with the laws and regulations surrounding healthcare, such as HIPAA


Dont assume its the US dbguy. I used to get that alot and it got abit tired hearing about being told I won't be compliant with a rule that didn't apply to me. Fine to point it out but perhaps add the caveat of 'if you are in the US we have this rule'.

Posted by: theDBguy Aug 2 2018, 04:04 PM

Hi Jon,

Good point. Do you think there could be countries without healthcare regulations? The HIPAA part was just my attempt to give an example of a possible healthcare law. I guess I could have worded it better other than using "such as."

Thanks!

Posted by: projecttoday Aug 2 2018, 05:49 PM

So you want to use Access for appointments, billing, storing basic patient info? What about as part of the treatment (storing charts, x-rays, etc.)? Have you looked at any commercially available software?

Posted by: zaxbat Aug 2 2018, 06:31 PM

The commercially available software is insanely cost prohibitive (not to mention bulky, clunky, slow, and counter-intuitive)....pretty sure that is why the OP came here with their questions.

Posted by: JonSmith Aug 3 2018, 02:11 AM

QUOTE
Good point. Do you think there could be countries without healthcare regulations? The HIPAA part was just my attempt to give an example of a possible healthcare law. I guess I could have worded it better other than using "such as."


Thanks DbGuy! Good edit smile.gif
Now thats a very broad question, a country without healtcare regulations, probably not, without data regulations, unlikely, without data regulations that specifically exclude Access as a database, thats certainly the case.
In the UK we could use it for storing clinical information but it had to be on our secure networks etc and protected by a password. There are often examples of as much clinical data being saved in an Excel file so I think the pragmatic approach they take is smart. Make sure your infrastructure is secure and that your staff are highly trained in information governance, then the less secure things like a spreadsheet or Access database are less of an issue. It also means you can start off some things small scale and upscale when appropriate rather than having to start in a SQL server.

I am certain there will be a ton of data leakage and not secure stuff in US hospitals, banning specific applications doesn't help, its a data protection culture and infrastructure you need to create.
For example, where I am now, they have none of it, passwords are shared, screens are left unlocked, all of that is waaaaay more of a risk than data in an Access database.

JS

Posted by: lbster Aug 3 2018, 04:57 PM

Thank you guys for all the insight. Much appreciated! After talking to client yesterday, I found out that they use Praxis, so probably not rocking that boat to implement an Access DB even though they mentioned a lot of shortcomings with the software.

Thanks again,

Lance

Posted by: MadPiet Aug 3 2018, 07:25 PM

I built clinical databases in Access a long time ago, so I know it's possible. Being that I'm in the US, the HIPPA stuff made me nervous - only because I didn't want to be responsible for confidential data (social security numbers etc) being so easy to steal. Can you use Access as a front end to your database and just create linked tables?

Posted by: Flint Aug 3 2018, 09:35 PM

It is feasible and it is profitable.

I have written and supported several clinical applications that are in MS Access for the last 20 years. I have been inspected by the FDA (have 510K and certification) and have survived many HIPAA reviews by small to large institutions. Security is only as good as the organization's internal security policies and work practices.

The things I have written and passed security reviews and HIPAA:

Clinical Reporting System: Point of service with DICOM imaging, import of structured report files from ultrasound modalities for measurements, etc
HL7 Parser and Importer
HL7 Results Outbound Results
HL7 Billing interface (DFTs)

I have these applications in local onsite networks and in data centers running within VMware.

I have some sites that have hundreds of thousands of records.

Regards.


Posted by: theDBguy Aug 3 2018, 10:41 PM

Hi Flint,

Thank you for sharing your experience with us. This just goes to show Access can do almost anything. This is very encouraging to know.

Cheers!

Posted by: JonSmith Aug 4 2018, 03:15 AM

QUOTE
Security is only as good as the organization's internal security policies and work practices.


Precisely! I too have made clinical databases, I was in the UK at the time though so none of that HIPPA or FDA nonsense. Our hospitals are all just ran by the NHS (Which is much better than the private healthcare system tongue.gif) and it has regulatory bodies too but it concerns itself more with internal policies and practices rather than individual applications.

Posted by: nvogel Jun 8 2019, 05:13 PM

The UK and Europe do of course have regulations relating personal and healthcare data. GDPR in particular says:

"measures should ensure an appropriate level of security, including confidentiality, taking into account the state of the art and the costs of implementation"

So it is not an excuse to say you are no worse than others in your industry. The obligation is that your security measures have to be benchmarked against the state of the art measures available for a given cost. Since state of the art database security is available in software that is cheaper than Access (e.g. in the "free" versions of Oracle, MS SQL Server or PostgreSQL) it's very difficult to see how an Access database could satisfy the GDPR requirement. Adherence to code of conduct processes is also required but it seems clear that failure to follow procedures can hardly be used as an excuse for not implementing the technical requirements. This is my view as an IT professional but I am not a lawyer.