I got an email today from a client that would like to have a page on their website where patients can transfer back and forth large files. I have never set anything up like this before and was wondering if anyone could point me in the right direction on getting started. Im using Dreamweaver 8 on this project. This is what the email said:

"Sometimes we have files to send to consultants etc that are too big for email. We have an FTP site but that can be tricky for people if any tweaking has to be done.
It was suggested that we set up an authentication page on our website where we could drop files and give people credentials to use to go pick them up. Is that something you can help us with?

Also if possible it would be great if we had it two way – i.e. people could send files to us that way too – but first it’s more important we can send files out."

www.yousendit.com. free ftp site, for your clients. And no, if you need to receive large files buy and maintain your own ftp site.

www.yousendit.com (http://www.yousendit.com). free ftp site, for your clients.

Not actually FTP. That's HTTP. :)

Neither is it free for the solution you're thinking of. It's free to use it as a file hosting site to simply send individual file links to people (up to 200MB or so). However, to integrate this into a business system for client usage would require a business account in order to create your own drop box. It won't easily integrate into a website, but that's the closest thing yousendit offers. It is a paid service though, which you'll need to pay for on a monthly basis.

There's a number of ways you can set up webform access to upload and download through FTP, using ActiveX. You'll need to learn some back end scripting to handle this though, unless you're using Actionscript in Flash.

Are you kidding? Your making it even harder to go to the doctor. Perhaps in Canada, but with the huge differences and rules and options with the insurers in the US that's impossible. Remember, in the US, the insurer diagnoses, not the doctor.

Are you kidding? Your making it even harder to go to the doctor. Perhaps in Canada, but with the huge differences and rules and options with the insurers in the US that's impossible. Remember, in the US, the insurer diagnoses, not the doctor.

Huh? What are you talking about? :confused:

Do you even know how webform-based FTP access works, or how yousendit works?

Ned, you're in Canada, it's easier there, you're much more civilized when it come to health insurance. And I only know my tiny part of the US, but for the amount of time I spend on just the English/Spanish/Brazilian forms, changing and editing it's surprising the things are even printed. Client FTPs for MDs can be a bit elitist. Not everyone has a computer. any MD that makes the internet mandatory for health care is wrong. And yea, I know how they work, but I think it wrong for health care. I really do.
Again, you're in Canada, much more civilized when it come to health insurance. You know, insurance companies that will pay when you're sick and stuff.

Ned, you're in Canada, it's easier there, you're much more civilized when it come to health insurance. And I only know my tiny part of the US, but for the amount of time I spend on just the English/Spanish/Brazilian forms, changing and editing it's surprising the things are even printed. Client FTPs for MDs can be a bit elitist. Not everyone has a computer. I'm not calling you elitist, but yes MDs.


Pointy... I've spent the large bulk of my adult life in the U.S. I know how the system works, and I understand those differences fine.

What I don't understand is the differences your thinking of between FTP access and yousendit. The needs of the OP is to allow his client, who has their own FTP site, to set up access through their website to allow the transfer of files too big for email. The easiest thing for usability on the patient's side is to set up access to their FTP server using a user-friendly webform system which is accessed on a page of their website, incorporating ActiveX controls. The least user-friendly thing would be to tell them to go through Yousendit, and make them figure it out for themselves.

Whether or not everybody has a computer is a completely moot point. If they're trying to send files too big for email, my guess is that they have a computer to send it from.

What I don't understand is the differences your thinking of between FTP access and yousendit.

Are we were talking regular patient clients? Sick people? I'm just saying the regular "man in the street/waiting room" will never figure out an FTP site. First they need the client, then the isp, then the user name, blah blah. It's too hard for them :D

I think the best thing is for the OP to get in touch with the host of the Dr's office website and the office itself, find out exactly what their needs are. Obviously DW8 can't host or ftp. They will need backend help. I'm only saying that a patient or any sort of client has a hard time with FTP sites. Hell, most of mine can barely work yousendit.

Are we were talking regular patient clients? Sick people? I'm just saying the regular "man in the street/waiting room" will Never figure out an FTP site. First they need the client, then the isp, then the user name, blah blah.
If we're discussing MD clients ie. drug vendors, law enforcement, other health care facilities, obviously if we're talking about an agency where there should be some sort of IT person to deal with any up/down system loads.

Again, I think you're not understanding the system implementation we're talking about here. We're not talking about accessing an FTP site through an FTP client. We're talking about setting up an HTTP webpage which activates the FTP functions for you, merely asking you for simple login information like username/password, then giving you form fields where you can press Browse and upload files from your computer, or it can give you a directory listing of the files available for you to download to your computer. The client already has the FTP site, all they need is to make it accessible through their website.

That's not easy to set up from the developer's side, but from the user's side it's as user-friendly as it gets on the web. I don't understand why you would say that directing them to send their files through Yousendit would be easier.

Who is actually going to be using this system makes no difference, whether it's a patient or MD. The needs of the user is that they will have to transfer large files through the website. Neither are computer techs, and you simply want to offer them the most user-friendly system you have. The hard work is on the developer's end, in order that anybody can use the system through the website.

So our answer to the OP is talk to the host of the website and find out what their capabilities are and then design the most user friendly page in DW8 or a .pdf form they can. Agreed?

Hang on, both of you.
This is medical information from patients.
YouSendIt is NOT the answer.
You need a secure, a very secure, localized FTP site and a pro to handle that security. I think the OP is in over his head on this one and should hire an outside consultant.

Malice: Ditto what PrintDriver said. I work for an IT company that specializes in network security and can assure you that you need an experienced security consultant when dealing with medical records as there are strict government guidelines regarding privacy standards in that regard. Failure to properly secure the transfer & storage of such information could land you & your client in hot water with the feds and potentially leave you both open to lawsuits.

Standards for Privacy of Individually Identifiable Health Information (http://www.google.com/search?hl=en&rlz=1B3GGGL_enUS291US291&q=Standards+for+Privacy+of+Individually+Identifiab le+Health+Information&btnG=Search)

P.S. I hope your client is aware that regular (unencrypted) email is far from being secure.

Digi

I got an email today from a client that would like to have a page on their website where patients can transfer back and forth large files. I have never set anything up like this before and was wondering if anyone could point me in the right direction on getting started. Im using Dreamweaver 8 on this project. This is what the email said:

"Sometimes we have files to send to consultants etc that are too big for email. We have an FTP site but that can be tricky for people if any tweaking has to be done.
It was suggested that we set up an authentication page on our website where we could drop files and give people credentials to use to go pick them up. Is that something you can help us with?

Also if possible it would be great if we had it two way – i.e. people could send files to us that way too – but first it’s more important we can send files out."

:confused::confused::confused::confused:

I'm confused, why is everybody talking about healthcare and insurance and medical files. :confused:

Yikes, I didn't even catch the part about 'files to big to email'.

this:
I got an email today from a client that would like to have a page on their website where patients can transfer back and forth large files.

Doh!

There I go again, skimming posts :D

Yikes, I didn't even catch the part about 'files to big to email'.

Yeah, I went a little green around the gills at the thought of sensitive emails/attachments sitting around on a shared sever somewhere. :eek:

Digi

Scary thought, huh?
Inexperienced designers doing medical office websites...
If that's what this situation is...doesn't bode well for the rest of the medical industry.
Though I gave up long ago any sense of privacy. Even secure sites get hacked.

I gave up long ago any sense of privacy. Even secure sites get hacked.

Amen to that—it's all about risk mitigation/response.

Inexperienced designers doing medical office websites...
If that's what this situation is...doesn't bode well for the rest of the medical industry.

I have to admit that only having done front-end coding & design up until a couple of years ago, I was pretty clueless myself. Like the time I needed to move a client to a new hosting company and went to the registrar to change the nameservers, not realizing that the MX records would also be modfied and render their in-house mail server useless. *cringe* Now that I've had experience with a wider range of server setups and have begun working in earnest with PHP/MySQL, I'm totally paranoid (and much humbler).

We once had a client whose shared MySQL server was running as user "root" with no password—you could install phpMyAdmin and browse other domains' databases to your heart's content, if you were so inclined. We informed them of the significance of that several times, but nothing changed. If that wasn't bad enough, the previous developer had named all of their includes with .inc extensions and placed them in a directory inside public root with no .htaccess protection and no directive to deny the serving up of .inc files (or at least parse them as PHP). At least that got fixed, but only after I explained to the person managing the server how to do it. *headdesk*

Okay, I've gone wayyy off topic now. Sorry everyone!

Digi

There's clueless and then there is CLUELESS.
Like medical illustrators, no one should be able to work on medical websites without certification. Crazy.

There's clueless and then there is CLUELESS.
Like medical illustrators, no one should be able to work on medical websites without certification. Crazy.

What kind of certification does a medical illustrator need? Just curious.

What kind of certification does a medical illustrator need? Just curious.

You must be as good as this guy (http://www.hybridmedicalanimation.com/). Then you get your diploma.:p

The best to accomplish this would be to designate one or two directories to be upload directories. These directories are where the uploaded files would go. For security purposes these two directories should be outside the site root. Then storing files is merely a matter of validating, storing the location path in a database and any related information about that file or patitent/person/doctor who uploaded the file. Its not a simple task and I advise you seek outside assistance if your not familiar with a server side language and a database such as mysql. You could also make your client aware that this falls outside the realm of a designers responsibilities based on your contract… hopefully. This is not something you want to half-ass because any failure to handle uploads vitally could result in someone being able to upload a hazardous file and compromise your entire site – like me. Not that I would, but I know how. So tread lightly when dealing with these issues. Probably the best direction to take is to your nearest back-end programmer. Somethings can be learned quickly and regardless won't really effect security – this is not one of those things. Furthermore, you will also need some type of login system otherwise everyone will be able to store files. So its not just a matter of uploading files, its also a matter of differentiating those who can from those who can't.

Tea, they don't absolutely need to be certified. It helps.
Check out the answers this studio gives:
http://fairmanstudios.com/faq.htm#faq04
Scroll up too. They seem to have a lot of good info if someone wants to get into the field

So I got in contact with my client and found out that I miss understood the need for the file exchange no medical records will be sent. They need a set up where the can have consultants access powerpoint files, images, and other files of that nature. Basically all the want is to have the files stores on their network with a simple log in for people to access these files. I never set a up a log in is this a difficult script to come up with?

You will need to use a database to store at least the user name and their password. You should also use a one way or two encryption on the password. Storing the the actual password for a user is terrible practice and prone to security issues. Once you have that set up its a matter of running query that matches the user name and password. It might be in your clients best interest to hire someone who is knowledgeable in this area. It may take you several days to implement where as someone who knows how to do this could probably set it up in a matter of a hour or two depending on the requirements.

Malice,
I was involved in setting up something like this a few years ago for a medical charity here.
It not only allows the user to upload the files, but it incorporates a built in reader for MRI's, CT's etc.... The specialist at the other end can then look at the pictures/x-rays and send his recommendations back.

Is this what you are looking for?

Malice,
I was involved in setting up something like this a few years ago for a medical charity here.
It not only allows the user to upload the files, but it incorporates a built in reader for MRI's, CT's etc.... The specialist at the other end can then look at the pictures/x-rays and send his recommendations back.

Is this what you are looking for?

What they want is an area on their page where consultants can log in and view certain PowerPoint files and images, and be able to have the consultants upload their own PowerPoint and image files. Kind of like a little secure area of the page to exchange files back and forth with out everyone that comes to the page having access to them.

So I got in contact with my client and found out that I miss understood the need for the file exchange no medical records will be sent. They need a set up where the can have consultants access powerpoint files, images, and other files of that nature. Basically all the want is to have the files stores on their network with a simple log in for people to access these files. I never set a up a log in is this a difficult script to come up with?

lol... Actually, that was how I was understanding it from the start. Mainly because medical records shouldn't come "too big for email". XD

Nonetheless, use of the client's FTP is still required. A third party would not be appropriate.

I wish I could help you more exactly, but I'm not involved with back-end scripting. You need to work with a developer to put this together. Webforms using ActiveX controls with Secure Socket Layers should do it - or something like that...

I doubt that it will be that simple as they suggest.
There are privacy issues that have to be addressed - I personally would refuse a job of this type without some safeguards and/or written instructions of what they want.

But if that is what they want, look at: http://sourceforge.net/projects/phpfileuploadto/ and download the zip file.
At http://www.hagstroms.eu/upload_script/upload.php you have a demo of how it works.

If doctors are trusting you guys to keep them secure it sounds like their trust and the privacy of their patient's data is misplaced.

Documents and images =Diagnoses and films/photos/xrays/ etc.?
And I thought the economy was tanked. It never occurred to me a physician's office wouldn't use a purchase-able secure service for such a thing but would go to a designer unskilled in backend web applications (let alone secure ones).

Make no mistake that this is not a simple thing to put together, especially considering your experience level. Either way its going to cost your client more in the end to have you do this. I highly recommend you hire someone – highly. Especially considering that security would be a up most concern for this type of site. Normally, when a lesser experienced person creates this type of system it is very unsecure although it may work. Its actually not that difficult to create a half-ass system like your talking about. The difficult part insuring security and confidentiality. If you care about your product then you should direct them to the nearest developer for this feature. This should not be left to a learn as you go experience because of the nature of the information on the site. In the end I totally agree with PrintDriver. I know you asked for help, but really the best advice anyone could give you with your experience level in backend programming is to find a developer/back-end programmer who could set the the appropriate database and forms.

On small thing to point out. Even if you set up a user login system that in itself will not limit those able to view certain uploads. What you would essentially need is a table that stores the users id and upload primary key. That would be the only logical way to restrict certain uploads to certain patients.

Furthermore, if consultants are only allowed to upload information to the site you would need to distinguish them from patients. So if a patient tries to upload something an error or something is throw and they are redirected. This could be as simple as a column in the users table named type that stores a string for patient or consultant or as complex as separate tables for patients and consultants depending on the exact requirements of the system.