locked
Application authorization RRS feed

  • Question

  • Hi,
      I have a question regarding access rights granted to applications. If the application changes its behavior, will the client be informed of the change and asked to re-authenticate the application?
      Further, another orthogonal question is if applications can send requests to clients to procure data for the purpose of obtaining statistics? As in, is their a data search tool that would allow for data access to 3rd party applications (similar to the live search provided for clients to search for applications).

    Thank You,
    Raghu Ganti
    Wednesday, May 7, 2008 3:54 AM

Answers

  • John is somewhat correct.

     

    It is correct that if applications store *documents* in HealthVault, there is no organization around the documents, though I'm not sure how well you could combine documents into a uniform format - at best I think you can do grouping.

     

    We generally expect that applications will store information such as medications, conditions, or allergies using the specific HealthVault types.

     

    I'm not sure what "semantic interoperability" is, so I can't comment on that part.

    Wednesday, May 7, 2008 4:45 PM
  • Raghu,

     

    I'm not exactly sure what you mean by "application changes its behavior". Any change to the data types and specific access desired by an application requires authorization by the user.

     

    If the base authorization (the data types/access that an application requests by default) changes, all the users of the application will be required to re-authorize the application's access.

     

    If the application changes/adds access in the optional authorization section, its a bit more complicated. The application keeps the initial level of authorization, and if it wants to use the expanded/modified authorization, it will have to send the user to the appropriate optional auth page to complete the new authorization.

     

    I don't understand what you are asking in your second question. Can you give me a specific example?

     

     

    Wednesday, May 7, 2008 4:52 PM

All replies

  •  

    John Halamka provided a partial answer to your question on his Life As A Healthcare CIO blog yesterday:

     

    For example, at present, Microsoft Health Vault enables documents and photos to be sent from a hospital, clinic, lab or pharmacy to a secure personal health record. Once there, they are viewable by the patient. However, at present, Microsoft Health Vault cannot combine multiple documents together to create a single uniform medication list, problem list and allergy list for the patient. Health Vault supports technical interoperability but not semantic interoperability.

     

    By contrast, Halamka writes that "Google Health supports semantic interoperability for problems, medications, allergies and laboratories."


     

    Wednesday, May 7, 2008 6:03 AM
  • John is somewhat correct.

     

    It is correct that if applications store *documents* in HealthVault, there is no organization around the documents, though I'm not sure how well you could combine documents into a uniform format - at best I think you can do grouping.

     

    We generally expect that applications will store information such as medications, conditions, or allergies using the specific HealthVault types.

     

    I'm not sure what "semantic interoperability" is, so I can't comment on that part.

    Wednesday, May 7, 2008 4:45 PM
  • Raghu,

     

    I'm not exactly sure what you mean by "application changes its behavior". Any change to the data types and specific access desired by an application requires authorization by the user.

     

    If the base authorization (the data types/access that an application requests by default) changes, all the users of the application will be required to re-authorize the application's access.

     

    If the application changes/adds access in the optional authorization section, its a bit more complicated. The application keeps the initial level of authorization, and if it wants to use the expanded/modified authorization, it will have to send the user to the appropriate optional auth page to complete the new authorization.

     

    I don't understand what you are asking in your second question. Can you give me a specific example?

     

     

    Wednesday, May 7, 2008 4:52 PM