Demonstration of Patient Information Access

The following text introduces the demonstration. If you have seen the introduction before or just feel adventurous, then proceed to the demonstration.

This demonstration illustrates a distributed health care application which uses CORBA, SQL/RDA, and Role Based Access Control (RBAC). The demonstration presented here is part of a larger demonstration that resulted from the projects Software Engineering Environments for Distributed Applications in Health Care and The Use of Role Based Access Control in Health Care Information Security. These demonstrations were produced by Tony Cincotta, Wayne Salamon, and Joe Poole. Many thanks to Kevin Brady for allowing us to use his SQL/RDA client implementation and to access his SQL server.

For this demonstration, a patient record data base object (PRDBO) is defined. CORBA is used as a means of implementing the PRDBO. The methods in the object implementation access the data however and wherever the data is actually stored. RDA/SQL is used within the PRDBO methods to access the data.

The PRDBO organizes patient information into groups. The figure above shows the entity relationships between the information groups of the PRDBO. In the demonstration, access to patient information is controlled using the RBAC mechanism. To successfully log into the demonstration, one must choose a legal combination of username/role.

The legal combinations (<username>: <role1, role2, ... >) are:

jodoe: Patient, Organization Staff
smith: Patient
jones: Patient, Doctor, Epidemiologist, Voluntary Caring Agency
jadoe: Researcher, Environmental Health Officer

On the login screen, use the pulldown menus to select a username/role. No password is required. Once a successful login has been achieved, screens are presented which are associated with the role chosen at login. These screens are related to the level of access which is associated with the role. Access to HELP is available from each screen.

The table above shows the level of access for each role. The term clinical data in the table refers to all data within the Encounter, Encounter Notes, Diagnostic Data, and Data Annotations information groups.

The figure above shows architecturally how patient information is accessed over the World Wide Web (WWW) in this demonstration. A WWW browser, such as, mosaic, connects to the Web Server httpd. The Web Server initiates the WWW PRDBO Client as a Common Gateway Interface (CGI) script. The PRDBO Client makes requests to the PRDBO Implementation which accesses the data repositories using RDA/SQL. For more information about this demonstration, see the Paper from the 2'ed Annual CHIN Summit 1995.

Please note:

The people named in the patient information are fictitious as well as the clinical data. In addition, the clinical data is not intended to be medically correct.
The amount of data associated with each patient has been minimized for demonstration purposes. It is recognized that patient information consists of far more data items than are illustrated here.
The images were obtained as the result of exploring sites on the WWW. Unfortunately, a record was not kept of the sources of these images. If you recognize an image from your site and wish to have it referenced (or you would prefer we didn't use it), please contact us.
Some of the information in the demonstration is cached. Consequently, the performance associated with a particular request may not coincide with the amount of information transferred. In particular, entire patient records are cached but there is no caching associated with queries to individual information groups.

Proceed to the demonstration.

Contact: John Barkley - barkley@sst.ncsl.nist.gov, (301) 975-3346