System and method for managing security for a distributed healthcare application

摘要

A system and method for managing security for a distributed healthcare system, such as a system for placing laboratory orders and receiving test results. The network of healthcare businesses that use the system is referred to herein as a Health Data Network, or HDN. When the user log on to the system, the user connects to the system on behalf of a Health Data Network (HDN) Business. Through the user's user account, the user is linked with HDN Businesses. The user may be allowed to log on to the system on behalf of more than one HDN Business. If the user's practice has more than one location or business unit, and all orders and results are shared throughout the practice, the user's practice may be configured as a single HDN Business. In this case, the practice's data may be stored in a central location and can be accessed by all users who have the appropriate permissions. However, if the user's practice has more than one location or business unit, and the need exists to keep orders and results isolated within a location or business unit, the practice may be configured in a parent-child HDN Business relationship. In addition to the ability to log on to the system on behalf of an HDN Business, users also must have permission to actually use the many functions of the system, and need access to the data stored across the HDN. As part of creating the user's permission profile, the user is assigned a role that the user performs when working with the system. This includes information regarding the types of data the user needs to be able to access and the functions the user needs to carry out on that data. Types of data are referred to as objects and functions are referred to as operations. Patient records, lab requisitions, lab results, test codes, ICD-9 codes, lab profiles and physician profiles are examples of objects. An example of an operation is adding new objects. Viewing, modifying, printing, and deleting existing objects are also examples of operations. The process of searching for existing objects is also considered an operation. A role defines what objects a user can access and what operations a user is allowed to carry out on each of those objects.