# Integrated Care & Digital Records - A Maturity Model - Ripple OSI

**Category:** [Ripple OSI](https://openhealthhub.org/c/ripple-osi/16)
**Created:** 2016-05-05 18:22 UTC
**Views:** 1402
**Replies:** 1
**URL:** https://openhealthhub.org/t/integrated-care-digital-records-a-maturity-model-ripple-osi/409

---

## Post #1 by @ripple-osi

http://rippleosi.org/integrated-care-digital-records-maturity-model/
<hr>
<small>This is a companion discussion topic for the original entry at <a href="http://rippleosi.org/integrated-care-digital-records-maturity-model/">http://rippleosi.org/integrated-care-digital-records-maturity-model/</a></small>

---

## Post #2 by @mayfield.g.kev

I've worked on a level 4 system in Edniburgh Did you look at incorporating IG/access controls into the API calls?

I believe the best approach is to use REST API (either JSON or XML) and OAuth2. Using Oauth2 would allow the API to check the user originating/making the call has permission to view the data (combo of patient consent, organisation consent and role based access)

We didn't get this far, adding user management system was adding a bit too much to the project but SMART looked like a way forward or similar OAuth2 extensions.

We also tried to implement a canonical model across organisations to simplify to integration.

---


**Canonical:** https://openhealthhub.org/t/integrated-care-digital-records-a-maturity-model-ripple-osi/409
**Original content:** https://openhealthhub.org/t/integrated-care-digital-records-a-maturity-model-ripple-osi/409