Integrated Care & Digital Records - A Maturity Model - Ripple OSI
This is a companion discussion topic for the original entry at

I’ve worked on a level 4 system in Edniburgh Did you look at incorporating IG/access controls into the API calls?

I believe the best approach is to use REST API (either JSON or XML) and OAuth2. Using Oauth2 would allow the API to check the user originating/making the call has permission to view the data (combo of patient consent, organisation consent and role based access)

We didn’t get this far, adding user management system was adding a bit too much to the project but SMART looked like a way forward or similar OAuth2 extensions.

We also tried to implement a canonical model across organisations to simplify to integration.