Web-linked Patient Record Database

Architecture View of Web-based Patient Record Database System

. major advantages of Web Client-server Architecture

Client
. Global access - maximum use/share of centralized data
. platform-independent - low cost commodity Web browser software, mainteance-free
. uniform user interface 
. multi-media - text, image, audio, video
. serve for both Internet and IntraNet users

Server
. every Web page is generated on-the-fly as results of a database query,
keeping patient data most updated, highly consistant and immediately available
. high performance - support large number of concurrent transactions
. high security - confidential data can be protected
. high availability and reliability - backup, quick recovery
. preserve traditional database investment - other non-Web applications remain unchanged

Network
. Can be either IntraNet or Internet - widely available
. Text-based patient database requires minimal network bandwidth
. highly secure network transmission can be enforced

Security Considerations in Web-based Database Access
. Connect-less Web client-server interaction imposes different security issues
in traditionally session-oriented database client-server transaction
. additional security layer must be built to deal with Web-based access interface

Web transaction:

web browser open network connection -> Web server -> 
    login/open DB -> DB transactions ->logoff/close DB -> return results
Web server pass results -> web browser display results -> Web browser close network connection

Problems:
. one Web transaction = one database session - each requires a user login authentication
. one application usually requires multiple database/Web transactions
. it is impractic to ask user login authentication for each Web access - login persistence
across multiple Web interactions is required
. All source HTML code displayed in a Web browser is readable by any user

Our solutions:

1) each user is given a group privilege. Differen groups have different set of permissions
for different or the same data and functions. a user's group privilage can be
reassigned by administrative root user.
2) each user has a pre-defined login userid and password, to be uniquely identify a user.
A user can change his/her password anytime. Root user can reset any other users' passwords
3) Each user login can not be duplicated for the same or different users.
Each login will generate an uniquely session id that is carried over all the subsequent Web-DB access.
Different logins for the same user or different users have different session ids. 
4) Each database access is tracked and a timeout threshold is enforced to restrict maximum time interval
between two Web interactions

The OB/GYN Demo

Major components
. Oracle database server 
. Computerized Antepartum Record Database
. HTML and JavaScript based Web interface
. A Web/DB security layer

Oracle Database Server
. industrial standard relational database management software
. can handle large volume of data and concurrent users
. sophisticated tools to support database application design and development 

Computerized Antepartum Record Database
. patient information
. History
. Physical Examination
. Estimated Date of Delivery
. Medications
. Laboratory Results
. Visit date and data
. Problems and Plan

HTML and JavaScript based Web interface
. Any Netscape browser
. Multi-Frame based
. Fully customizable

A Web/DB security layer
. Group1 - only allowed to SEARCH/READ the patient database
. Group2 - allowed to SEARCH/READ the patient database, ADD new patient data
and MODIFY patient record
. Group3 - allowed to SEARCH/READ, ADD, MODIFY and REMOVE patient data
. GROUP4 - only allowed to SEARCH/READ certain patient record
. ROOT - user/security administration