OpenEMR 2.8.1 Appliance Manual

Page Last modified: 10/02/07 01:18:29 AM

LINK TO MANUAL IN PDF FORMAT

Author: Brady Miller

Email: brady@sparmy.com

Discussion Board: http://www.oemr.org/modules/newbb/

SECURITY PATCHES: here (Appendix A.)





Introduction

Main TOC Link

The clinical benefits of computerized medical records are clear, however, the costs of current proprietary systems are large. This high cost precludes many small practices from transitioning to computerized medical records. Open Source medical record systems are quickly becoming a viable, cost effective alternative. Comprehensive open source medical practice management software suites consist of several independent software packages, which can make them more difficult to install/evaluate than their proprietary counterparts. This obstacle can easily be circumvented with a pre-installed Appliance.

The goal of this project was to build a comprehensive Open Source Medical Practice Management Software Appliance, which provides office scheduling, electronic medical records, prescriptions, insurance billing, accounting, inventory, and access controls. This appliance will have many possible applications, such as a fully functional demo, a testing/developing platform, and as the starting point in real world clinic applications. It can be run on any operating system that supports the VMware Player. The detailed building instructions of this appliance are also included in this manual, which will allow easy modification/updates of appliance and will allow simple transition to a native server, if required.

OpenEMR is installed, along with FreeB, SQL-Ledger, and php-GACL. They are installed on the Mandriva2006 operating system. OpenEMR is the practice management software. FreeB is the insurance billing/printing software. SQL-Ledger is the accounting software. Php-GACL is the access control software.

This manual contains instructions on downloading, starting, and using the OpenEMR Appliance, OpenEMR user manual web links, helpful tips on OpenEMR use, instructions for configuration of the Appliance, and full detailed instructions on how the Appliance was built.

The Download the OpenEMR Appliance and VMware Player chapter contains how and where to download software from.

The Start the OpenEMR Appliance chapter contains information on starting the OpenEMR Appliance.

The Using the OpenEMR Appliance chapter contains information on how to use the OpenEMR Appliance, web links to User Manuals, helpful tips, and all the login names and passwords that will be needed while using the appliance.

The Configuration of the OpenEMR Appliance chapter describes how to set up a printer, an email server, and an automated backup scheme which incorporates encryption.

The Instructions for Building the OpenEMR Appliance chapter describes in detail how this Appliance was built.

Online Demo

Main TOC Link

Here's an online demo of the OpenEMR 2.8.1 appliance:

https://OpenSourceEMR.com:2083/openemr/ (Main OpenEMR program)

https://OpenSourceEMR.com:2083/sql-ledger/ (Sql-Ledger accounting)

https://OpenSourceEMR.com:2083/phpgacl/admin (php-GACL access controls)

This is a fully functional demo, which allows you to play around with all the software packages in the appliance. It uses all the same logins and passwords as the appliance( refer to 'Login Name and Password' section). Some simple configuration has been added for clearer demonstration of OpenEMR, Sql-Ledger, FreeB, and php-GACL. OpenEMR users were added to demonstrate the access controls:

-Login name------Password---------Description

1. admin__________pass_____________Administrator

2. physician_______physician________Physician(more access than clinician)

3. clinician________clinician_________Clinician(less access than physician)

4. accountant______accountant______Accountant

5. receptionist_____receptionist_____Front desk receptionist

Don't worry about breaking it, because it resets itself to its original state every day at midnight(Pacific Time). Have fun. (If demo is not working email me at brady@sparmy.com)

Download the OpenEMR Appliance and VMware Player

Main TOC Link

1. Download and install the FREE VMware Player at: http://www.vmware.com/products/player/

2. Download the FREE OpenEMR Appliance. The file is 984.2 MB, and will extract to 3 GB.
   1. You can download Appliance via Direct Download or Torrent:
      1. Direct Download from Sourceforge: http://sourceforge.net/project/showfiles.php?group_id=167832

      2. Torrent file link: http://www.bradymd.com/OpenEMR-2-8-1-Appliance-1.torrent (If need a torrent software client, then try: http://azureus.sourceforge.net/ )

Start the OpenEMR Appliance

Main TOC Link

Windows

Main TOC Link

1. Unpackage the OpenEMR-2-8-1-Appliance-1.tgz file (Use WinZip, WinRAR, or 7-Zip).

2. Run VMware Player.

3. Start up the OpenEMR Appliance by opening the OpenEMR-2-8-1-Appliance-1.vmx file in the VMware Player.

4. If this is your first time starting the OpenEMR Appliance, then a window will pop up explaining some nonsense about the changing location of a configuration file. Just click 'Create'.

5. Several windows will pop up explaining that /dev/hdc, /dev/hdd, and sound drivers are not gonna work. Just click 'ok' several times and continue.

6. Mandriva will now boot up, just give it some time. After boot up you will see the following login screen:

This is the login screen. To log in, proceed to the 'Log In to Appliance' section below.

Linux

Main TOC Link

1. Unpackage the OpenEMR-2-8-1-Appliance-1.tgz file.

2. Run VMware Player.

3. Start the OpenEMR appliance by opening the OpenEMR-2-8-1-Appliance-1.vmx file in the VMware Player.

4. If this is your first time starting the OpenEMR Appliance, then the below window will pop up:

You will only see this window the first time you start the appliance. Click 'Create'.

5. Several windows may pop up explaining that /dev/hdc, /dev/hdd, and/or sound drivers are not gonna work. Just click 'ok' several times and continue.

6. Mandriva will now boot up, just give it some time. After boot up you will see the following login screen:

This is the login screen. To log in, proceed to the 'Log In to Appliance' section below.

Using the OpenEMR Appliance

Main TOC Link

Log In to Appliance

Main TOC Link

1. The first time you use the appliance, you will login with user 'openemr' and password 'openemr'. You will be forced to change the password during your first login (detailed instructions below):

Enter 'Username' -> 'openemr'. Enter 'Password' -> 'openemr'(NOTE that this password will be changed after your first login). When done, hit the ENTER key.

If this is your first login, then you will be prompted to change your password:

Click 'OK'.

Enter and confirm a new password. This will be your new 'openemr' user password. REMEMBER this password!

Congratulations. You successfully logged in.

Using OpenEMR in Appliance

Main TOC Link

1. Use OpenEMR with the user name 'admin' and default password 'pass' via web browser at: https://localhost/openemr
2. Use SQL-Ledger with the user name 'openemr' and password 'openemr' via web browser at: https://localhost/sql-ledger
3. Use php-GACL with user name 'admin' and password 'admin' via web browser at: https://localhost/phpgacl/admin
4. Note that the full list of application login names and passwords can be found in the 'Login Name and Password' section below.

Using OpenEMR from another/virtual computer

Main TOC Link

1. Networking with the Virtual computer over a LAN. You can get the current IP address thru Mandriva settings, and then use that IP address as the web address on another computers(including virtual) web browser.
   1. First, get your virtual server IP address:

Click 'System' -> 'Configuration' -> 'Configure Your Computer'.

Enter 'root' user password. Then click 'OK'.

IMPORTANT, if you have not created a new 'root' user password, you need to proceed to Appendix B. 'Change Mandriva's expired 'root' user password' NOW. (The default 'root' password is expired and will no longer work) When your done updating the password, then type your new password here.

Click 'Network & Internet'.

Click 'Reconfigure a network interface'.

The circled number above is your Your_Current_IP_address.

2. Then you can use below links to connect to your virtual server
   1. OpenEMR at https://Your_Current_IP_address/openemr
   2. SQL-Ledger at https://Your_Current_IP_address/sql-ledger
   3. php-GACL at https://Your_Current_IP_address/phpgacl/admin
   4. For the list of application login names and passwords go to the 'Login Name and Password' section below.

2. You can also change your IP address to a static one, so it doesn't change after your virtual server is turned off or re-started. I'm out of time, so can't go thru it. You'll have to Google this one (Quickly, it can be changed in above window by clicking on the Protocol toggle and selecting static, then you can choose an IP address. However, you then need to type in DNS servers and you need to ensure your router does not assign any other computers your chosen static IP address)

OpenEMR User Training

Main TOC Link

1. There is an excellent web site for learning how to use all of the components of OpenEMR at: http://www.sunsetsystems.com/node/8
2. The above link is also mirrored at the following wiki site, which means it could theoretically contain updates: http://www.oemr.org/modules/cjaycontent/index.php?id=2
3. There is also an older user manual in the /var/www/html/openemr/Documentation directory which can be helpful.
4. You can ask question at the SourceForge OpenEMR forum at: http://sourceforge.net/forum/?group_id=60081
5. The OpenEMR home page is here with a wiki: http://www.oemr.org/
6. The most current version of this appliance user manual will hopefully always be available at: http://www.bradymd.com/appliance

Helpful Tips

Main TOC Link

1. NEED to mark bills as 'cleared' (even after hfca processing) on the billing menu to send data to sql-ledger.
2. NEED to leave the the 'Prior Authorization Form' installed and disabled for the hfca form printing to work.
3. NEED to also create your new OpenEMR users in php-GACL or strange things will happen. (I refer you to above OpenEMR User Training section on how to do this.)
4. NEED to ensure clock is set correctly (Virtual computer time should not differ from the host computers, or there will be cron scheduling and sql-ledger problems)
5. NEED to ensure your provider is authorized or you won't be able to send bills to sql-ledger. It's confusing because there are two different separate authorization options. Screenshots below go thru the process:

Click 'Administration'.

Click 'edit' for the user.

Ensure the 'Authorized:' toggle is on. Ensure the 'See Authorizations:' is set to 'All' or 'only mine'. Then click 'Save Changes'.

List of Login Names and Passwords

Main TOC Link

1. Mandriva2006 user -> user: 'openemr' password: 'openemr' (this password will be changed during first login)
2. Mandriva2006 admin -> user: 'root' password: 'rootroot' (this password will be changed by user also)
3. OpenEMR -> user: 'admin' password: 'pass'
4. SQL-Ledger user -> user: 'openemr' password: 'openemr'
5. SQL-Ledger admin -> password: 'admin'
6. php-GACL -> user: 'admin' password: 'admin'
7. PostgreSQL -> user: 'sql-ledger' password: 'sqlledger'
8. MySQL user -> user: 'openemr' password: 'openemr'
9. MySQL admin -> user: 'root' NO PASSWORD

Configuration of the OpenEMR Appliance

Main TOC Link

Printer Setup

Main TOC Link

1. For USB printers, you will need to connect the device by clicking on printer on top of window. Your host computer may no longer be able to see the printer after this step(not permanent, but can be a pain).

In my case I click on the 'Hewlett-Packard...' button at top of VMware window.

This is just to demonstrate that the 'Hewlett-Packard...' button is now shaded.

2. Then install software and printer via Mandriva Control Center, which will first install CUPS, and then look for printers. If your lucky, Mandriva will see your printer.

Click 'System' -> 'Configuration' -> 'Configure Your Computer'.

Enter 'root' user password. Then click 'OK'.

IMPORTANT, if you have not created a new 'root' user password, you need to proceed to Appendix A. 'Change Mandriva's expired 'root' user password' NOW. (The default 'root' password is expired and will no longer work) When your done updating the password, then type your new password here.

Click 'Hardware'

Click 'Set up the printer(s)...'.

Click 'Yes'.

Select 'Local CUPS printing system'. Then click 'Ok'.

Click 'Yes'.

Just twiddle your thumbs and wait, it takes a while.

Click 'Add Printer'.

Select both auto-detect options. Then Click 'Next'.

No big deal. Close the windows and we will install the printer below thru CUPS.

3. If the above step found your printer, then you can skip to the section below which will have you place the name of the printer into the openemr config file (this will allow printing while creating billing forms via freeb). If Mandriva can't find the printer, don't worry, we will install it via CUPS directly at: http://localhost:631/

Click 'Manage Printers'.

Click 'Add Printer'.

Enter 'User Name' -> 'root'. Enter the root password. Then click 'OK'.

Fill in form, and then click 'Continue'. The only important field is the 'Name'. This will be used later when configuring printer for freeb/openemr.

In my case I am selecting the 'USB Printer #1'. If your using a USB printer, this will likely work.

Click 'Continue'.

Select the make of your printer. Then click 'Continue'.

Select the model of your printer. Then click 'Continue'.

It Worked!! Click printer name to see more specifics on your newly added printer.

Done installing printer. I'd rec. testing it with 'Print Test Page'.

4. Confirm that your printer is seen by Mandriva and get your printer name:

Your printer name is underlined with red line. This will be typed into the below freeb/openemr configuration file.

5. Enter below bolded instructions on command line as root user:

#log into root

su

#edit file /var/www/html/openemr/includes/config.php:

mcedit /var/www/html/openemr/includes/config.php

#change bolded variable to the name of your printer

$GLOBALS['oer_config']['freeb']['printer_name'] = "YourPrinterName";

TEXT EDITOR SAVE AND EXIT

Email Server Setup

Main TOC Link

1. This will allow only locally produced emails (such as “status” emails during the below 'backup script', or emails originating from OpenEMR) to be sent over the internet.

2. Need to update a package called 'msec' if you want to avoid an error email every minute(not exaggerating)
   1. Enter below bolded instructions on command line as root user:

#log into root

su

#Start MandrivaUpdate

MandrivaUpdate

Click 'Yes'.

Click 'Yes'.

Click 'Ok'. (just select the default mirror)

Type 'msec' and click 'Search'.

Select 'msec-0.49.1-...'. Then click 'Install'.

Your done. Close the window.

3. Enter below bolded instructions on command line as root user:

#log into root

su

#This will allow outgoing mail from server.

# Just made up virtual.org, this can be

# anything since this is only an outgoing

# email server. (It does not need to match

# your domain or server name.)

#edit config file /etc/postfix/main.cf:

mcedit /etc/postfix/main.cf

#add to end of file

mydomain = virtual.org

myhostname = $mydomain

myorigin = $mydomain

relayhost = YourOutgoingSMTPMailServerHere

#This will forward the root's email to

# the below email address (needed to

# monitor server emails such as below

# backup script status)

#edit aliases file /etc/postfix/aliases:

mcedit /etc/postfix/aliases

#edit near end of file:

root: YourFullEmailAddressHere

#start postfix service and configure to start on computer boot up

service postfix start

chkconfig --add postfix

Automatic Backup Setup

Main TOC Link

1. This will enable a full daily backup of the MySQL server, PostGreSQL server, OpenEMR patient documents directory, and FreeB billing documents directory. The script will place a non-encrypted backup in the local hard drive secured /backup directory, and will also copy an encrypted backup to a DVD. The DVD copy works via multi-session, so you basically just need to leave one DVD in the DVD writer until it fills up. Do NOT use RW DVD. This script will work and should be used with R only DVD's. The output of the automated backup script will be emailed to the person's email entered in above email server setup.
   1. The local /backup directory will have to be manually cleaned up occasionally. I'd recommend deleting old backup sub-directories on a monthly basis or so. (of course, a script could be written for this)
   2. There is no restore script yet, will have to be done manually.
   3. The MySQL and PostGreSQL are gzipped. The ...openemr/documents and .../freeb/public backups are compressed via DAR (NOT tar).

2. Download the script file fullbackup.sh. File can be found at: http://bradymd.com/fullbackup.sh (to download file, you may need to Right-Click the link and select 'Save Link As...')

3. Configure file encryption package:
   1. Enter below bolded instructions on command line as root user:

#log into root

su

#Configure file encryption. If you want to be able to decrypt your encrypted files you need to remember (case sensitive) the passphrase that you type below. I'd also remember all the other info you type below.

gpg --gen-key

-'ENTER' to default of 1 for key selection

-'ENTER' to default 2048 keysize bits

-'ENTER' to default '0' so key does not expires

-Type 'Y' to confirm above

-Type your real full name

-Type your real email address

-Type 'openemr secure backup key'

-Type 'O' to confirm

-Type a very secure and long 'passphrase' (the longer your passphrase is the more secure, go for at least 15 characters with numbers, different cases, and strange characters)

#IMPORTANT!!! You NEED to backup the entire contents of directory /root/.gnupg on the most indestructible disk(s) you can find and then keep in a secure place. This directory contains your secret key file, and without this you will be unable to restore from your encrypted data backup!!! You also need to remember your passphrase, or you won't be able to restore your backed up data.

#The decrypt command, in case you need at some point:

#gpg -o OutputFilename -d InputFilename

4. Configure backup script and automate it:
   1. Enter below bolded instructions on command line as root user:

#log into root

su

#install the DAR backup package

urpmi dar

-yes to packages

#create a secure backup directory

mkdir /backup

chown root:root /backup

chmod 700 /backup

#move the backup script to /root , secure it, and allow execution

mv /location/to/file/fullbackup.sh /root

chown root:root /root/fullbackup.sh

chmod 700 /root/fullbackup.sh

#edit file /root/dailybackup.sh:

mcedit /root/fullbackup.sh

#edit the below DVDDEVICE line to what the

#device for the DVD writer is. It is likely going to

#be /dev/hda , /dev/hdb , /dev/hdc ... A very

#non-scientific way to figure this out is to put

#a DVD with files in the DVD writer, go to root

#command line and then use the

#'mount /dev/hda /mnt/cdrom1'

#command then 'ls /mnt/cdrom1', and continue

#this until you get the right device,

#don't forgot to 'umount /mnt/cdrom1':

DVDDEVICE=/dev/hdb

#edit full name you entered above for encryption key:

YOURFULLNAME='Brady Miller'

TEXT EDITOR SAVE AND EXIT

#Automate script to cron for a daily run at 1:02 AM. WARNING: This script needs to finish and start on the same day since it plays around with file names using the date command. Basically, don't start this script before midnight unless you are sure it will finish before midnight. This is why I have it set for 1:02AM.

export EDITOR=/usr/bin/mcedit

crontab -e

#paste below into empty file:

02 1 * * * . /root/fullbackup.sh

TEXT EDITOR SAVE AND EXIT

Instructions for Building the OpenEMR Appliance

Main TOC Link

LINK TO MANUAL IN PDF FORMAT

Required Software

Main TOC Link

Chapter Index Link

1. Apache (2.0.54), MySQL (4.1.12), and PHP (4.4.0)
2. OpenEMR (2.8.1)
3. FreeB (0.11) – Insurance billing software
4. PostgreSQL (8.0.3) – Database program required by SQL-ledger
5. SQL-Ledger (2.6.3) – Billing, Accounting, and Inventory software
6. php-GACL (3.3.6) – Access Control software

Important Issues

Main TOC Link

Chapter Index Link

1. Complete all of the steps before entering any data into OpenEMR. The SQL-Ledger and OpenEMR software may communicate in strange ways if you enter data into OpenEMR before installing SQL-Ledger.
2. Passwords can be confusing during the SQL-Ledger installation. To avoid any confusion it is helpful to know that during the installation you will create a PostGreSQL user called 'sql-ledger' with a password. This user/password combination will be used frequently, and the password will be referred to as 'sql-ledger-password' throughout this document to avoid confusion.

Install the Mandriva 2006 Virtual Computer

Main TOC Link

Chapter Index Link

1. You can use either VMware Workstation or VMware Server to build the Mandriva 2006 Virtual Computer.
2. VMware Workstation Configuration:

Click 'New Virtual Machine'.

Select 'typical'. Then click 'Next'.

Select 'Linux' and 'Mandrake Linux'. Then click 'Next'.

Select 'Use bridged networking'. Then click 'Next'.

Enter 'Disk Size'->'20 GB'. Select 'Split disk into 2GB files'. Then click 'Finish'.

1. Insert the Mandriva2006 DVD/CD.
1. Click 'Power On' via Vmware.
1. Install Mandriva2006:

Change 'Security Level' -> 'Higher'. Type in an administrator log in name. Then click 'Next'.

Select 'Use free space'. Then click 'Next'.

Click 'Next'.

Click 'Ok'.

Select 'Office Workstation', 'Multimedia Station', 'Internet Station', 'Network Computer(client)', 'Configuration', 'Console Tools', 'Development', 'Documentation', 'KDE Workstation'. Do NOT select any Server selections. Then click 'Next'.

Enter a secure password. Then click 'Next'.

Type in a 'Name', 'Login name', and 'Password'. Toggle ON 'xgrp', 'rtools', and 'wheel'. Then click 'Accept user'.

Click 'Next'.

At 'Graphical Interface', click 'Configure'.

Select 'VMware virtual video card'. Then click 'Next'.

Select '1024x768'. Then click 'Next'.

Select '800x600'. Then click 'OK'.

Select 'Yes'. Then click 'Next'.

Click 'Next'.

Select 'No'. Then click 'Next'.

Click 'Reboot'.

6. Install VMtools (Required by VMware software)
   1. This will require installation of kernel source/headers files
   2. Re-insert the Mandriva2006 CD/DVD
   3. Install kernel source/headers files:
      1. Enter below bolded instructions on command line as root user

#log into root

su

#install the kernel header/source files

urpmi kernel-source

4. Set up Vmware:

Click above 'Install Vmware Tools'.

Click 'Install'.

5. Install the VMTools on Mandriva
6. Enter below bolded instructions on command line as root user:

#log into root

su

#if below doesn't work, try replacing /dev/hda with /dev/cdrom, /dev/hdb, /dev/hdc etc.

mount /dev/hda /mnt/cdrom

#unpack and move file

cd /tmp

tar zxpf /mnt/cdrom/VMwareTools-5.5.0-*.tar.gz

umount /mnt/cdrom

cd vmware-tools-distrib

#install the software

./vmware-install.pl

-answered all questions with defaults

-answered 3 for video mode(“1024x768”)

#need to re-boot or else weird stuff happens

shutdown -r now

8. Enable software package installation over internet:

Click 'System' -> 'Configuration' -> 'Packaging' -> 'Software Media Manager'.

Enter 'root' user password. Then click 'OK'.

Click 'Add...'.

Click 'Distribution sources'.

Select as above. Then click 'Ok'.

8. Disable the screensaver(it's annoying).

Install Apache, MySQL, and PHP4

Main TOC Link

Chapter Index Link

1. OpenMed requires PHP4. You shouldn't of installed PHP5, since you should not of selected any server packages during the Mandriva install(then you can disregard this, and skip to step 2). However if you have PHP5 on your system, then remove it using below bolded instructions on command line as root user:

#log into root

su

#list all the php5 packages

urpme php

#remove them all by pasting in all of the php5 packages below

urpme (paste)

2. Enter below bolded instructions on command line as root user :

#log into root

su

#Install apache, php, mysql

urpmi apache php4-cli apache-mod_php4 apache-mod_ssl php4-mysql php4-xml php4-xmlrpc htmldoc mysql

-I chose 1- apache-mpm-prefork-2.0.54-13mdk.i586

-I chose 1- MySQL-4.1.12-3mdk.i586

-choose Yes to packages

#start apache and mysql

service httpd start

service mysqld start

#enables apache and mysql to start during boot-up

chkconfig --add httpd

chkconfig --add mysqld

3. Open the firewall for the web server:

Click 'System' -> 'Configuration' -> 'Configure Your Computer'.

Enter 'root' user password. Then click 'OK'.

Click 'Security'.

Click 'Set up a personal firewall...'.

Select 'Web Server'. Then click 'OK'.

Click 'OK'.

Click 'Ok'. Keep defaults.

You are done. Close the window.

Install OpenEMR

Main TOC Link

Chapter Index Link

1. Download openemr-2.8.1.tar.gz (version 2.8.1) from sourceforge at : http://sourceforge.net/project/showfiles.php?group_id=60081

2. Enter below bolded instructions on command line as root user:

#log into root

su

#edit file /etc/php4.ini:

mcedit /etc/php4.ini

#edit following variables:

post_max_size = 30M

upload_max_filesize = 30M

memory_limit = 128M

max_execution_time = 45

magic_quotes_gpc = off

PLEASE NOTE THAT IN THE RELEASED OPENEMR 2.8.1 APPLIANCE, register_globals is ON, however for security it should be turned OFF as below (see Appendix A. SECURITY PATCHES for reason)

register_globals = off

TEXT EDITOR SAVE AND EXIT

#Ensure the following lines are included at the end of the /etc/httpd/conf/httpd.conf file (This was not in original OpenEMR Appliance and has been listed as a security patch; it is required to not allow unauthorized access to confidential patient medical records).

mcedit /etc/httpd/conf/httpd.conf

#Ensure below is included at end of file (if not found, then paste below into end of file)

<Directory "/var/www/html/openemr/documents">

order deny,allow

Deny from all

</Directory>

<Directory "/var/www/html/openemr/edi">

order deny,allow

Deny from all

</Directory>

TEXT EDITOR SAVE AND EXIT

#restart httpd

service httpd restart

#put the OpenEMR program in its place

cd /var/www/html

tar pxzvf /location/to/tar/openemr-*.tar.gz

mv openemr-* /var/www/html/openemr

chown -Rf root:root openemr

#Prepare for install

chmod 666 /var/www/html/openemr/library/sqlconf.php

3. Then use Auto-installer at: http://localhost/openemr/setup.php

Click 'Continue'.

Select 'Have setup create the databases'. Then click 'Continue'.

In SERVER section: enter 'Password' -> secure password, otherwise keep defaults. In CLIENT section: keep defaults. In USER section: enter 'Initial User' -> new user login name, Enter 'Initial User's Name' ->new user name, enter 'Initial Group' -> name of practice. (I would recommend keeping the 'Initial User' -> 'admin' and the 'Initial User's Name' -> 'Administrator' to ensure easy installation of the php-GACL software.) Then Click 'Continue'.

Click 'Continue'. (Don't worry, we have already made the mentioned file world-writeable)

Click 'Continue'. (Don't worry, we will 'restore secure permissions' of file later)

This page list some additional instructions. Again, don't worry, we will do all of this stuff in next section below. You can close your browser window now and move onto the next section.

3. Enter below bolded instructions on command line as root user:

#log into root

su

#Re-secure the sqlconf.php file

chmod 644 /var/www/html/openemr/library/sqlconf.php

#Need to change some file/folder ownerships

chown apache:apache -R /var/www/html/openemr/interface/main/calendar/modules/PostCalendar/pntemplates/cache

chown apache:apache -R /var/www/html/openemr/interface/main/calendar/modules/PostCalendar/pntemplates/compiled

chown apache:apache -R /var/www/html/openemr/documents

Install FreeB

Main TOC Link

Chapter Index Link

1. Download freeb-0.11.tar.gz (version 0.11) from sourceforge: http://sourceforge.net/project/showfiles.php?group_id=60081

2. Enter below bolded instructions on command line as root user :

#log into root

su

#put the program in its place

cd /usr/share

tar xzvf /location/to/tar/freeb-*.tar.gz

mv freeb-* /usr/share/freeb

#secure it

chown root:root -R /usr/share/freeb

#install the necessary packages

urpmi perl-Config-General perl-Date-Calc

-choose yes to packages

#need to install several PERL modules

perl -MCPAN -e shell

-Answer NO to first question, and then it will be auto-configured.

At cpan> prompt type:

install PDF::Create

install ConfigFile

install Frontier::Daemon

exit

#create a directory that apache can write to

mkdir /usr/share/freeb/public

chown apache:apache -R /usr/share/freeb/public

#change ownership of following directory

chown apache:apache -R /var/www/html/openemr/library/freeb

#this will allow the user to use freeb while in openemr

cp /usr/bin/php4 /usr/bin/php

3. Configure FreeB as a service
   1. Download freeb file, which is an init.d script. I wrote this file, and it seems to work alright. But I have to say, please use at your own risk. File can be found at: http://bradymd.com/freeb (to download file, you may need to Right-Click the link and select 'Save Link As...')

   2. Enter below bolded instructions on command line as root user :

#log into root

su

#move file and change ownership/permissions

mv /location/to/file/freeb /etc/init.d/

chown root:adm /etc/init.d/freeb

chmod 740 /etc/init.d/freeb

#start service

service freeb start

-After 'before server setup', just hit 'enter' key once to get back to the prompt. If you saw 'before server setup', then it worked.

#configure freeb to start automatically during computer startup

chkconfig --add freeb

#You are done installing service, it will now start

#up automatically during computer start up.

#If the above service is not working, you can

#manually start the FreeB server by typing:

#'/usr/share/freeb/bin/FreeB_Server.pl &'

3. Next, need to do below “work-around”(Bug in OpenEMR) in order for HCFA billing to work.

Log in to OpenEMR with previously created username and default password 'pass' at http://localhost/openemr:

Click 'Administration'.

Click 'Forms'.

Click 'register' at 'prior_auth' entry.

Click 'Install DB' at 'Prior Authorization Form' entry.

WARNING!! Do NOT click anything on screen below, read below the screenshot first.

Do NOT click the disabled button. You are done with OpenEMR for now. Basically this 'prior_auth' form has to be in the database and disabled for program to function normally. Log out and move on to the next section.(continue to research)

lnstall PostgreSQL

Main TOC Link

Chapter Index Link

1. Enter below bolded instructions on command line as root user :

#log into root

su

#install postgresql and needed packages

urpmi postgresql postgresql-devel postgresql-server postgresql-docs postgresql-pl php4-pg

-yes to packages

#start service and also have it start at computer boot-up

service postgresql start

chkconfig --add postgresql

Install SQL-Ledger

Main TOC Link

Chapter Index Link

1. We will do a manual install with version 2.6.3. I'd recommend installing this version also, since we know it works.
2. Download sql-ledger-2.6.3.tar.gz file from: http://sourceforge.net/project/showfiles.php?group_id=4320

3. Enter below bolded instructions on command line as root user :

#log into root

su

#install the needed dependencies

urpmi perl-DBD-Pg LaTeX perl-DBI

-yes to packages

#put the SQL-Ledger program in its place

cd /usr/local

tar xzvf /location/to/file/sql-ledger-2.6.3.tar.gz

mv sql-ledger/sql-ledger.conf.default sql-ledger/sql-ledger.conf

#edit file /usr/local/sql-ledger/sql-ledger.conf:

mcedit /usr/local/sql-ledger/sql-ledger.conf

#add the following to the vars section on first line of file (you must place this within the first line) For example: 'use vars qw($oemr_ar_acc ...)':

$oemr_ar_acc $oemr_cash_acc $oemr_due_days $oemr_username $oemr_services_partnumber

#Paste the entire section below into file:

#Some constants relevant to OpenEMR import.

#sql-ledger user

$oemr_username = 'openemr';

#acc num for acc receivable

$oemr_ar_acc = '1200';

# acc num for check/copay

$oemr_cash_acc = '1060';

# creating a services item for medical services

# OpenEMR billing "part number" here:

$oemr_services_partnumber = 'MS';

# Num of days added to OpenEMR transaction date to

# create the invoice due date when insurance. This affects the

# pat. portion of outstanding balance shown in OpenEMR

# summary, and also SQL-Ledger reports and statements.

$oemr_due_days = 40;

TEXT EDITOR SAVE AND EXIT

#create and edit file /etc/httpd/conf/sql-ledger-httpd.conf:

mcedit /etc/httpd/conf/sql-ledger-httpd.conf

#Paste the entire section below into empty file:

Alias /sql-ledger /usr/local/sql-ledger/

<Directory /usr/local/sql-ledger>

AllowOverride All

AddHandler cgi-script .pl

AddDefaultCharset On

Options ExecCGI Includes FollowSymlinks

Order Allow,Deny

Allow from All

</Directory>

<Directory /usr/local/sql-ledger/users>

Order Deny,Allow

Deny from All

</Directory>

TEXT EDITOR SAVE AND EXIT

#edit file /etc/httpd/conf/httpd.conf:

mcedit /etc/httpd/conf/httpd.conf

#add following line to bottom of file

include /etc/httpd/conf/sql-ledger-httpd.conf

TEXT EDITOR SAVE AND EXIT

#change permissions

cd /usr/local/sql-ledger

chown -hR apache:apache users templates css spool

#restart httpd service

service httpd restart

#Set up PostgreSQL user( use 'sql-ledger'), password, and database

su postgres

createuser -d -P sql-ledger

-type a good password for the sql-ledger user on PostgreSQL

(this password is IMPORTANT and to avoid any severe confusion it will be referred to as the 'sql-ledger-password' during the rest of the install documentation. I mean it, this is important to remember. This password will be typed in many times during instructions below.)

-type y to allow user to make more users

createlang plpgsql template1

exit

1. Load your web browser and connect to: http://localhost/sql-ledger/admin.pl

There is no default password. Just click 'Login'.

Click 'Change Admin Password'.

Enter a secure password. Then click 'Change Password'.

Click 'Pg Database Administration'.

Enter 'User' -> 'sql-ledger'. Enter 'Password' -> 'sql-ledger-password''. Otherwise keep above defaults. Then click 'Create Dataset'.

Enter 'Create Dataset' -> 'openemr'. Toggle 'Create Chart of Accounts' -> 'Default'. Then click 'Continue'.

Click 'Continue'.

Click 'Add User'.

Enter 'Login' ->'openemr'. Enter a secure 'Password'->'openemrpassword'. Enter 'Name'-> 'openemr'. At the 'Database' section: ensure the 'Driver Pg' is toggled to ON , set 'Dataset'->'openemr', set 'User'->'sql-ledger', set 'Password'->'sql-ledger-password'. Keep above defaults for other above entries. Scroll to bottom of page and click 'Save'.

Click 'Logout' and continue below.

1. Enter below bolded instructions on command line as root user:

#log into root

su

#Copy and rename openemr perl script to sql-ledger directory

cp /var/www/html/openemr/accounting/ws_server_26.pl /usr/local/sql-ledger/ws_server.pl

#edit file /usr/local/sql-ledger/ws_server.pl:

mcedit /usr/local/sql-ledger/ws_server.pl

#edit the following bolded path:

use lib qw (/usr/local/sql-ledger);

TEXT EDITOR SAVE AND EXIT

#edit file /var/www/html/openemr/interface/globals.php

mcedit /var/www/html/openemr/interface/globals.php

#edit the following bolded variables :

$sl_income_acc = '4320';

$sl_services_id = 'MS';

$sl_dbname = 'openemr';

$sl_dbuser = 'sql-ledger';

$sl_dbpass = 'sql-ledger-password';

TEXT EDITOR SAVE AND EXIT

#edit file /var/www/html/openemr/includes/config.php:

mcedit /var/www/html/openemr/includes/config.php

#edit the following bolded variables:

$GLOBALS['oer_config']['ws_accounting']['enabled'] = true;

$GLOBALS['oer_config']['ws_accounting']['username'] = "openemr";

$GLOBALS['oer_config']['ws_accounting']['password'] = "openemrpassword";

$GLOBALS['oer_config']['ws_accounting']['income_acct'] = "4320";

TEXT EDITOR SAVE AND EXIT

1. Finish up SQL-Ledger install, go to: http://localhost/sql-ledger/

Enter 'Name' -> 'openemr'. Enter password then click 'Login'.

Click 'Goods & Services'.

Click 'Add Services'.

Enter 'Number' -> 'MS'. Enter 'Description' -> 'Medical Service'. Choose 'Income' -> '4320—Consulting'. Remove checks on the three tax toggles. Otherwise, keep defaults. Then click 'Save'. Your done with SQL-Ledger install, you can log-out now.

Install php-GACL

Main TOC Link

Chapter Index Link

1. Download phpgacl-3.3.6.tar.gz file from: http://sourceforge.net/project/showfiles.php?group_id=57103

2. Enter below bolded instructions on command line as root user:

#log into root

su

#unpack and place program in its proper place

cd /var/www/html

tar xvzf /location/to/file/phpgacl-3.3.6.tar.gz

mv phpgacl-* phpgacl

#create the mySQL database

mysql

At mysql> prompt type:

CREATE DATABASE gacl;

exit

3. Start phpGACL Installer via : http://localhost/phpgacl/setup.php

Close the window. (Don't worry, we will make the 'Important' directory below.)

4. Enter below bolded instructions on command line as root user:

#log into root

su

#make a phpgacl/admin/templates_c directory, and change owner

mkdir /var/www/html/phpgacl/admin/templates_c

chown -R apache:apache /var/www/html/phpgacl/admin/templates_c

#edit file /var/www/html/openemr/library/acl.inc:

mcedit /var/www/html/openemr/library/acl.inc

#uncomment and edit following line:

$phpgacl_location = "/var/www/html/phpgacl";

TEXT EDITOR SAVE AND EXIT

#Password protect the /var/www/html/phpgacl/admin directory. Will need to: FIRST add entry to apache2 config file, SECOND create a password file, and THIRD re-start apache.

#FIRST, edit file /etc/httpd/conf/httpd.conf:

mcedit /etc/httpd/conf/httpd.conf

#paste following section at end of file:

<Directory "/var/www/html/phpgacl/admin">

AuthType Basic

AuthName "ACL Administrators"

AuthUserFile /var/www/html/phpgacl/admin/.htpasswd

Require valid-user

</Directory>

TEXT EDITOR SAVE AND EXIT

#SECOND, create the password file(file is .htpasswd and user is admin)

cd /var/www/html/phpgacl/admin

htpasswd -c /var/www/html/phpgacl/admin/.htpasswd admin

-Type in a secure password

#THIRD, Re-start apache

service httpd restart

5. Configure phpGACL to use OpenEMR via: http://localhost/openemr/acl_setup.php

Close window.

6. Start phpGACL via: http://localhost/phpgacl/admin/acl_admin.php

Log in as 'admin', and with password created by the above htpasswd command.

Close window. Learn how to use later. (Your OpenEMR 'admin' user is already configured as an administrator).

Configure SSL

Main TOC Link

Chapter Index Link

1. SSL is very important, and will ensure encryption of all network traffic. This will allow safe use of a laptop over a wireless network. The protocol uses https instead of http and utilizes port 443 instead of 80. Only two configuration files will need changing. We will also firewall port 80 to ensure that the only available option will be an encrypted connection.

2. Enter below bolded instructions on command line as root user:

#log into root

su

#Edit file /var/www/html/openemr/includes/config.php. This will fix the SQL-Ledger link in the OpenEMR billing page.

mcedit /var/www/html/openemr/includes/config.php

#edit following line (yes, you're just adding an 's'):

$GLOBALS['oer_config']['ws_accounting']['url_path'] = "https://" .

$_SERVER["SERVER_NAME"] . "/sql-ledger/login.pl";

TEXT EDITOR SAVE AND EXIT

#Edit file /etc/httpd/modules.d/41_mod_ssl.default-vhost.conf.

This will ensure only high level secure encryption is used.

mcedit /etc/httpd/modules.d/41_mod_ssl.default-vhost.conf

#REMOVE the entire line below:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

#PASTE all of below in place of the above removed line:

SSLOptions +StrictRequire

<Directory />

SSLRequireSSL

</Directory>

SSLProtocol -all +TLSv1 +SSLv3

SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM

TEXT EDITOR SAVE AND EXIT

#Re-start apache

service httpd restart

1. Firewall port 80

Click 'System' -> 'Configuration' -> 'Configure Your Computer'.

Enter 'root' user password. Then click 'OK'.

Click 'Security'.

Click 'Set up a personal...'

Ensure 'Web Server' is NOT selected. Then Click on 'Advanced'.

Enter 'Other ports' -> '443/tcp 443/udp'. Then click 'Ok'.

Click 'Ok'. Keep defaults.

Click 'Ok'. Keep defaults.

You are done. Close the window.

Appendix

Main TOC Link

A. SECURITY PATCHES

Main TOC Link

1. register_globals FIX
   1. This OpenEMR Appliance has register_globals (this is a PHP configuration) turned ON by default. This is a huge security risk, and needs to be turned OFF (of course, if you're only using the appliance for demo purposes, then don't worry about it). Instructions on how to change register_globals to OFF is below.
      1. Enter below bolded instructions on command line as root user:

#log into root

su

#edit file /etc/php4.ini:

mcedit /etc/php4.ini

#EDIT the following variable:

register_globals = off

TEXT EDITOR SAVE AND EXIT

#restart httpd

service httpd restart

2. FIX patient medical information directory security

1. The OpenEMR Appliance contains several directories(one in 2.8.1 and two in 2.8.2+), which contain confidential patient medical information. The below fix is to not allow unauthorized entry to these directories.

2. Enter below bolded instructions on command line as root user:

#log into root

su

#Ensure the following lines are included at the end of the /etc/httpd/conf/httpd.conf file).

mcedit /etc/httpd/conf/httpd.conf

#Ensure below is included at end of file (if not found, then paste below into end of file)

<Directory "/var/www/html/openemr/documents">

order deny,allow

Deny from all

</Directory>

<Directory "/var/www/html/openemr/edi">

order deny,allow

Deny from all