Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Blended Authentication (AKA "Granular Access Control")
[written as I take a moment's break from working on a HIPAA compliance
issue . . .]
David Frenkel wrote:
> I didn't see the beginning of this thread but your healthcare medical
> records are now covered by federal regulations called HIPAA. For HIPAA
> related reasons it might be difficult to use a web based system for
> medical records unless the access was very limited.
Rich Salz wrote:
> So how does the college healthcare system determine if the URL -- my
> medical records -- should be given to the client?
I never said that the URL--or more exactly the document published at the
URL--was your medical record, and in assuming that it is you are expecting
just the sort of shared semantics between that node as data publisher and
you as data consumer which is anathema in the architecture which I
advocate. Under that architecture there probably should not exist a
durable, single 'medical record' (these are specifically not ACID
transactions, but what I call SALT [specificity, autonomy, locality and
terminality]). For particular purposes on a particular occasion and expert
process ('Joe' in our ongoing example) should access sources from which it
is authorized to retrieve with which it can instantiate the input it
requires to execute its own particular function. The outcome of that
function is output data which may be published and accessible through
RESTful mechanisms. What downstream processes might make subsequent use of
that data and what semantics they might attach to it in their own
processing is outside of any upstream process' control, or knowledge.
Respectfully,
Walter Perry
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
