Pharmacy Site

[Xalor 0]

Hey I just got a domain and some hosting to work on a site, its called Frost Pharmacy:

http://forums.xisto.com/no_longer_exists/

I basically decided to do a simple image-less design too see how far I could go with pure HTML/CSS, and some PHP backend stuff, I saw that cu3er thing over at progressivered.com, and decided it would be a great addition, I'm planning on removing it and doing a simple jquery gallery, I really don't like using flash too much, since it gets in the way of making a universal site. Next I'm gonna work on a mobile version of the site specifically for the iPhone and iPod Touch, just cause it seems that might be the next platform, and it seems that Android also responds to the same sites built for the Touch and iPhone.

Basically you can just right click and view source and check out the contact.php, and the refill.php, both pretty simply done. Oh and the CSS is there too, if you could check that for me. I tried making it as clean as I could, but in the end, I thought a simple one-page design would be the best, instead of spreading the meager content over several pages. If I did that I thought it would look a bit empty, and I would have nothing to work with.

There isn't much content since its not a online sales company, there's not much that people can do the on the site, other than leave a message or ask for a refill request. Any suggestion? I would love some CnC (Comments and criticism).

[BuffaloHelp 24]

Queens! My home town! I grew up in Flushing.It's a simple site and really does not feel like a medical or pharmaceutical related. And I don't know if this pharmacy wanted to have this kind of feel, but if someone is able to renew or order to pharmacy via webpage, chances are the person is very savvy with the internet. Therefore, you should make it more personable, clear and better to place order, like having individual input box for prescription number, DOB, and other information. This way the user can tab through the fields. The problem with the textbox is that required field cannot be "controlled" and verified. A user can place extra back space and delete the whole line. And I noticed that your site was designed for screen bigger than 1024x768. Although this is alright, people with netbooks or smaller screen will have some difficulty with your design layout. And furthermore, Xisto is not HIPAA certified. So if you are hosting this website using any of Xisto service(s) you will have to be HIPAA compliant. Furthermore, any patient information related to the pharmacy must be HIPAA compliant. You as a programmer must be HIPAA compliant as well. If this was an oversight I strongly suggest you look into immediate compliance.

[Xalor 0]

Queens! My home town! I grew up in Flushing.
It's a simple site and really does not feel like a medical or pharmaceutical related. And I don't know if this pharmacy wanted to have this kind of feel, but if someone is able to renew or order to pharmacy via webpage, chances are the person is very savvy with the internet. Therefore, you should make it more personable, clear and better to place order, like having individual input box for prescription number, DOB, and other information. This way the user can tab through the fields. The problem with the textbox is that required field cannot be "controlled" and verified. A user can place extra back space and delete the whole line. And I noticed that your site was designed for screen bigger than 1024x768. Although this is alright, people with netbooks or smaller screen will have some difficulty with your design layout.

And furthermore, Xisto is not HIPAA certified. So if you are hosting this website using any of Xisto service(s) you will have to be HIPAA compliant. Furthermore, any patient information related to the pharmacy must be HIPAA compliant. You as a programmer must be HIPAA compliant as well. If this was an oversight I strongly suggest you look into immediate compliance.

Oh my God I completely forgot about that! I just did the Accredation, by the way its my dad's pharmacy not mine. I just completed the accredation to renew his medicaid license from the government. It took a long time, and I don't want it to ruin that and mess up that. Any reccomendations on how to make the website HIPAA client? I know that my uncle's site was designed by a pharmaceutical programming company, they make the database programs for recording patient information, but this was a homespun product. The Refill and section was sorta half-assed. More like I just wanted to get into there to show him, I don't know any php, so basically I have no idea how to work the forms, I just copied and pasted the code from About.com and changed the names to my usage, I'm gonna try adding to the $sent() thing and see if that works? I just add the proper names to the inputs and add it? Sorry if I'm bothering you on, this but I would want it to be HIPAA compliant.

I assume I need SSL certification, and yea the site was designed for a higher resolution, mostly because I based it off my laptop, I'm working on design 2.0 going to be done in photoshop, and more fluid than this one, since its basically only works at like higher resolutions, and probably the best at my resolution. I need to work on creating sites that work on more than one resolution.

Well Thanks for the review, I really didn't want to use images too much since I'm not good at using them in CSS/HTML. I don't know tables very well, just barely, and I'm probably better at CSS than tables, even then not skilled at conditional statements.

Oh most of my dad's customers are the older folk, so this is just for them and those customers who still come but live farther away and don't actually come and pick it up, they get deliveries. Still most of the them are not computer savvy, and I just want a small presence on the internet for people to see.
Edited December 29, 2009 by Xalor (see edit history)

[BuffaloHelp 24]

To learn more about HIPAA, visit http://www.hhs.gov/hipaa/index.html

HIPAA for computer programmers are very complex. The basic rule is that who is programming and who can access the information?

As a programmer, your codes are designed to have fail safe? Do your servers have redundant (clustered) services so that it is efficient and trouble free? Who has the access to data and who can retrieve it? When you code, do you code in HIPAA environment (or basically you work off of your laptop at a cafe)? Well, you get the idea. It sounds elementary but you wouldn't believe how many programmers are breaking simple rule as, who else has access to your code/data?

Secondly, to be truly HIPAA compliant, you have to use HTTPS a secure connection when transmitting any patient's private information. And encrypt with strong enough password or hash that only the intended recipient is allowed to open. And the server tech, the programmer and all others who are not HIPAA compliant cannot open the data. And the data is not stored off site for later viewing by non-HIPAA compliant personals. While there's argument prescription's number/account can be obtained publicly by submitting prescription to a database that can retrieve the information is not your job. That is, unless you manage that end as well. For example, you design the delivery of a prescription number. And then you also design the retrieval of a prescription number and search the database to pull the patient record. Then you must be compliant with sending and sorting portion as well. But, if you send prescription information only--well, let's just say that it's gray area for now.

Third is who is receiving the information and by which media? If it's fax form where is the fax located--open area where everyone can access and incoming fax paper sitting there for everyone to see, or personals room where only the pharmacist and pharmacist related personals? If it's email form, is the email company HIPAA compliant, how is it secured throughout the transmission (hash key encryption or password protected)? Who can log into this email account and which computer access it? Does this computer ONLY used for accessing HIPAA compliant email or is used for other purpose as well--like general surfing and running non HIPAA programs.

To bypass the compliance, you can do a simple submit of name and phone number to be contacted by the pharmacist. So that the pharmacist calls the patient for refill which eliminates the transmission of sensitive data with your programming. You can design the recipient end by creating visual flag or alert when this contact is received.

[Xalor 0]

Wow that was pretty indepth, thanks for the help BuffaloHELP, I told me Dad about HIPAA compliance yesterday, he said to leave it up though, but I will try to see and get a https connection, I assume thats SSL right? I wonder Xisto provides it, I know it provides SSL but thats a bit expensive, I want to know HTTPS and SSL are different or the same. I'll remove it once I setup a new template, since I'm rather annoyed by that bit anyway. HIPAA compliance is only needed when I need to use patient information?

http://valleypharmacy.com/

That's my uncle's site and it was developed and hosted by a HIPAA complaint company, yet it doesn't have HTTPs, and I'll just provide a fax number for the people to send their refill request to, as well as a couple of non-sensitive information, maybe such as email/name/number/ perhaps drug, but I'll read the manual to see if thats possible.

Either way thanks for the help man, I really appreciate it.

[BuffaloHelp 24]

I'm going to meet with a consultant tomorrow on my own HIPAA compliant programming. I'll ask and see if Rx is or is not part of HIPAA.I've been programming my own script trying to cater to smaller pharmacies across the country. Basically web to IP fax using equipments they already have. I hope to bust these expensive programmers who are charging ridiculous prices to doctors and pharmacies. And I met so many resistances along the way I feel like I can write a book just on what I cannot do

[inverse_bloom 0]

Regarding the background for the site i think you should definitely discard it in favor of something else (I'm not sure if that was your original intention). The texture reminds me of a toned down moire effect, see the bottom of this link to get an indication of what i mean -

 

https://en.wikipedia.org/wiki/Moiré_pattern

 

I briefly looked at that topic when i was studying 3d and television, its an effect you should try to avoid especially because pharmaceuticals are part of the health business! (think epilepsy, although i don't think it is a strong enough effect to solicit such a reaction)

 

For instance my dad once encountered this kind of effect when he was walking over pattern tiles in a shopping centre. The way the black and white square tiles where configured created a strong optical effect ,which resulted in him becoming disorientated and falling into a set of tables and chairs. The same spot had a disorientating effect on me too.

Edited December 31, 2009 by inverse_bloom (see edit history)

[Xalor 0]

I'm going to meet with a consultant tomorrow on my own HIPAA compliant programming. I'll ask and see if Rx is or is not part of HIPAA.
I've been programming my own script trying to cater to smaller pharmacies across the country. Basically web to IP fax using equipments they already have. I hope to bust these expensive programmers who are charging ridiculous prices to doctors and pharmacies. And I met so many resistances along the way I feel like I can write a book just on what I cannot do

RX is definetally a part of HIPAA requirements. I know for a fact, since I did do the Accredation for the same pharmacy. There so many rules and these smaller pharmacies are barely able to keep up with the ridiculous requirements. What small store with 3 employees can give training for racial bounderies or be able to maintain these things. Its completely and utterly pointless. However the government sees these small pharmacies as a threat to their domain. What happens is that people buy patient lists (on medicare/medicaid) and then they setup fake pharmacies out of storage spots which happen to have addresses and then they start billing like chairs and other non-medical items but can still be charged to medicare, and they collect the money, patient never recieves anything and most likely has no idea about it. So in order to crack down on these fake companies they made anyone who wants to sell medicare items needs to go through accredation. However it is difficult and the rules make smaller pharmacies quiver, because they never had to do this before, and they don't know how to make the same methodology to larger chain pharmacies.

And I seriously hope that you break down those programmers as well, most of them design poorly built sites or actually ask us for the design and they provide the hosting, btw which is useless because they give us no access, since I'm not HIPAA approved, only my dad is, he can only check it. Its really made it difficult to get a site for a non-sales pharmacy. As in they don't sell online, but refill scripts is really useful however, and so is building databases for research on who comes to the site and who doesn't

[jlhaslip 4]

The white text on dark background looks good, but the older folks might not be able to read it easily.Also, the font could be a bit larger. Using "control +" to increase the font blows the design out of shape.For the contact form, add the respondent's name as well as the email address to make the connection between "lovergal34@aol.com" and your granny type gal who you might know as Mrs Smith.

[Xalor 0]

The white text on dark background looks good, but the older folks might not be able to read it easily.Also, the font could be a bit larger. Using "control +" to increase the font blows the design out of shape.
For the contact form, add the respondent's name as well as the email address to make the connection between "lovergal34@aol.com" and your granny type gal who you might know as Mrs Smith.

Thanks for the suggestions, I'm just gonna leave it up as is as a filler for now, I'm working on a multipage design I just wanted something up for now, now that I see there's more to it than just a simple design with HTML I might have to actually think more about security and all of that stuff =( Good idea on the name on the form, would make more sense, although I don't expect people to contact us via that method.