You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We can't use the CRUX UI equivalent, because users would be able to see patient records from outside their organization. So we will have to make a new, restricted UI for viewing matched clients which were added already by their organization, or which were shared from another organization. Some HIE implementations may allow the Client Registry participating member organizations to see all identifiers across all organizations, but we can't have that for our human services purposes.
I think this could be implemented by allowing an external ACL system (OAuth 2 implementation) to determine if the user requesting access to CRUX for a given person/patient id should be granted access, based on group "ownership" or sharing permissions, for that record. In our system, the ACL uses a combination of client consent, agency internal roles, and inter-agency sharing rules, to determine whether access should be granted. I imagine every system using Open CR will use a different ACL regime, so Open CR could just rely on that external ACL system's "accept" or "reject" response.
The text was updated successfully, but these errors were encountered:
@ashaban: The company I work for, hslynk.com, is open source, and we use OpenCR, so we would be happy to test this with you, as you develop it. We use OAuth2.
We can't use the CRUX UI equivalent, because users would be able to see patient records from outside their organization. So we will have to make a new, restricted UI for viewing matched clients which were added already by their organization, or which were shared from another organization. Some HIE implementations may allow the Client Registry participating member organizations to see all identifiers across all organizations, but we can't have that for our human services purposes.
I think this could be implemented by allowing an external ACL system (OAuth 2 implementation) to determine if the user requesting access to CRUX for a given person/patient id should be granted access, based on group "ownership" or sharing permissions, for that record. In our system, the ACL uses a combination of client consent, agency internal roles, and inter-agency sharing rules, to determine whether access should be granted. I imagine every system using Open CR will use a different ACL regime, so Open CR could just rely on that external ACL system's "accept" or "reject" response.
The text was updated successfully, but these errors were encountered: