Putting the P back in HIPAA with Drupal

Technology can be used to extend pre-existing legacy systems without the need to rip and replace, and save enterprise healthcare delivery systems significant money.

How Steward Health Care's Digital Strategy Puts the Patient First

How can we make health IT systems more interoperable?

This blog will focus on the technology that can be used to extend pre-existing legacy systems without the need to rip and replace. This will save enterprise healthcare delivery systems significant money in IT disruption costs due to lost productivity and expensive new system implementations. After a massive EHR overhaul, The University of Arizona found themselves $32M in the red – we want to reverse this trend and we have the technology to do so.

Data Portability Through Superior Technology

Open source software offers a number of benefits that align very well with the needs of the Healthcare sector. Today I am going to focus on the capabilities of OSS that align well with Health IT interoperability.

Drupal is an open source development platform that has become the clear front-runner for commercial applications at the enterprise level. Drupal is a robust, flexible and highly extensible content management system that boasts one of the largest and most active development communities – supported by more than 1 million users. Drupal can claim some very high profile organizations to its growing domain within the 12 percent of the web’s top 100,000 most-trafficked sites, namely and

The main draw to Drupal as an enterprise application is its extensibility. Drupal can be much more than just a website. It can be leveraged to tie in disparate systems through integrations into one user-friendly platform, it can power award winning intranets, or it can be used as Content Distribution Network to pass data between multiple systems.

The possibilities are almost endless, and what is so promising about Drupal is the fact that it is already driving outcomes in the Healthcare industry. There are teams across the world that are using Drupal to extend the functionality of legacy IT systems to significantly improve their capabilities at a fraction of the cost of proprietary systems. Furthermore, there are a number of products currently on the market, which are community supported, that can provide a major boon to the healthcare sector such as, Acquia Cloud Site FactoryAcquia LiftOpen AtriumCoreCONNECT and a number of others.

EMRs and other systems like an Oracle ERP are complex engineering masterpieces. Under the hood (or in the database) they are great at storing, indexing, sorting and surfacing large amounts of data. Additionally, they are built with standardized, best-practice order sets and an integrated workflow and rules engine that is unmatched in any other piece of software. However, these systems are still very inflexible and lack interoperability between each other. We have no aspirations to create our own EMR built on Drupal.

Our mission is to extend these legacy IT systems by seamlessly integrating into their workflows, order sets and database to increase and improve functionality. This will allow enterprise healthcare delivery systems the ability to expand upon their pre-existing software rather than replacing it.

These propriety and expensive systems lack the capacity to communicate effectively and this limits the interoperability within the Healthcare delivery network. I am speaking of the over 450-plus complete and ambulatory EMR platforms available on the market . Imagine if you have to visit a specialty physician in your network and they use a separate EMR from your primary care physician. How do you get your PHI to the next physician? This is where the slippery slope of HIPAA violations can occur – non-secure emails, faxes, improper authorization between offices, yet the data is digital but it is not portable between systems.

Drupal has the capabilities to layer on top of numerous EMR systems within a medical group and aggregate the information into one physician portal. Drupal’s extensibility allows it to take on sophisticated integrations through a number of feeds from API calls, XML or JSON feeds and RESTful APIs. Most current EHRs output data in HL7 (Health Level 7) delimited text files, the industry standard. HL7 has upgraded to a new protocol Fast Healthcare Interoperability Resources (FHIR, pronounced Fire), which utilizes RESTful APIs and can make clinical modeling and system integrations much less complex.

Integration between a Drupal data-layer and an EMR through a RESTful API connection could drastically improve interoperability by unlocking the important data from the proprietary systems and their data silos. This will empower your staff to make use of critical and potentially life saving data. By breaking down the data silos healthcare delivery systems can evolve from a reactive diagnostic model to a proactive preventative model.


Through secure access management Drupal can be configured at a granular level to keep secure data secure but at the same time provide access to a user based on role. Through role-based provisioning Drupal can surface a focused view of your critical data that lives behind a firewall in a HIPAA secure environment.

access management

Users can be given access to, or restricted from, data based on a number of criteria.

Based on specific EHR authorization requirements Drupal can be engineered to tap into the database through web services integration while following strict user access permission controls. This keeps data protected at all times but still allows users the ability to interact with, view and input the information that is most relevant to their role.

Featured Resources

View More Resources