[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Blended Authentication (AKA "Granular Access Control")
[written as I take a moment's break from working on a HIPAA compliance issue . . .] David Frenkel wrote: > I didn't see the beginning of this thread but your healthcare medical > records are now covered by federal regulations called HIPAA. For HIPAA > related reasons it might be difficult to use a web based system for > medical records unless the access was very limited. Rich Salz wrote: > So how does the college healthcare system determine if the URL -- my > medical records -- should be given to the client? I never said that the URL--or more exactly the document published at the URL--was your medical record, and in assuming that it is you are expecting just the sort of shared semantics between that node as data publisher and you as data consumer which is anathema in the architecture which I advocate. Under that architecture there probably should not exist a durable, single 'medical record' (these are specifically not ACID transactions, but what I call SALT [specificity, autonomy, locality and terminality]). For particular purposes on a particular occasion and expert process ('Joe' in our ongoing example) should access sources from which it is authorized to retrieve with which it can instantiate the input it requires to execute its own particular function. The outcome of that function is output data which may be published and accessible through RESTful mechanisms. What downstream processes might make subsequent use of that data and what semantics they might attach to it in their own processing is outside of any upstream process' control, or knowledge. Respectfully, Walter Perry
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|