Tables containing patient personal information.

[ForrestGumpDDS]

Hi guys,
I am setting up the access for the service that will get me statistics reports. Something like a dashboard where I can see office performance.
For the access, I would like to exclude the tables, that will or may contain patient sensitive information so this information would not get on such report by accident or purposely.
Is there any known list of such tables?

[cmcgehee]

There are many tables that might include personally identifiable information, and many that one might not realize (such as ehrsummaryccd or smsfrommobile). Creating a list will likely omit one or more tables that need to be included. Instead of blacklisting the tables that you allow access to your reporting service, I would recommend whitelisting a few tables and looking closely at the fields on those table to ensure there is no sensitive patient information. However, there still may be the problem that tables important for performance metrics may have personally identifiable information contained in them; for example, the appointment.Note field may have an entry like, "Little Susie was very frightened, so her parents Greg and Linda sat in with her for the appointment."

[jsalmon]

Do not recommend!!

It is not secure to expose the MySQL service to the internet (World Wide Web). Do not open the MySQL port (default is port 3306) on your routers and do not allow incoming traffic for that port

http://www.opendental.com/manual/securitymysql.html

[ForrestGumpDDS]

There are many tables that might include personally identifiable information, and many that one might not realize

It's funny you mentioned it, I was just thinking how I can accidentally expose the data and came up with "notes" too.
I think we are looking to work with insurance carriers, their fees, find most commonly done procedure, time per procedure, $$ per procedure etc.
Basically, same as custom queries, but also make it visual and being able to monitor changes in stats over time after making adjustments.

Do not recommend!!

It is not secure to expose the MySQL service to the internet (World Wide Web). Do not open the MySQL port (default is port 3306) on your routers and do not allow incoming traffic for that port

http://www.opendental.com/manual/securitymysql.html

No, I do not mean opening the mysql port to outside.
Regardless of the permissions set for this job user, I will not be knowingly creating a security breach.
Most likely I'll set him up with ssh access with authorization by key (that's what I usually do for other gigs on my server). Once I see the offered scope of work, I will decide what permissions to issue the user. Probably restriction to home dir, adding appropriate permissions to its mysql user, etc.
The service will be hosted inside the office network, physically inside the office, no web exposure.
BTW, so far my outside interface is compliant with credit card processing standards. Passed the clearance that my merchant service provider (former), required us to go through

[cmcgehee]

I do commend you for wanting to limit the amount of information that a vendor has access to. Even if you trust the vendor, it is safer to just not give them the ability to breach your trust.

I think we are looking to work with insurance carriers, their fees, find most commonly done procedure, time per procedure, $$ per procedure etc.

Here are some tables you would probably want to give access to: carrier, insplan, inssub, patplan, fee, feesched, procedurelog, procedurecode, claimproc, adjustment, appointment, payplan, payplancharge, payment, paysplit, claimpayment. These are all the tables that affect P&I and a few others relating to insurance.