Skip to main content

Authorization and Access Control

The iEHR platform ensures compliance and seamless integration through its versatile authentication and authorization configurations. By leveraging multiple methods and tools, iEHR enables secure verification of user identity and fine-grained control over data access.

Authentication Methods

iEHR supports a variety of authentication methods designed to meet diverse integration scenarios while maintaining robust security. These methods include:

  • Google Authentication: Simplifies identity verification for users through secure integration with Google services.
  • Additional configurations enable flexibility and compatibility with existing systems.

For an in-depth exploration of user permissions, refer to the Authorization and Access Controls section.

Access Control Features

iEHR offers powerful authorization tools to manage and customize access to data and operations. These tools ensure precise control over user permissions and maintain security within healthcare environments.

Key Resources

  1. AccessPolicy

    • Restrict read and write access to FHIR® data, either at the resource type level or on specific fields.
    • Explore the basics of setting up AccessPolicies in the AccessPolicy guide for detailed instructions.

  2. IP Address Rules

    • Use AccessPolicies to limit access based on users' IP addresses.
    • For implementation details, refer to the IP Address Rules guide.

  3. SMART Scopes

    • iEHR supports SMART scopes for SMART-on-FHIR® applications, providing enhanced access controls tailored to specific app requirements.

Best Practices for Authorization and Access Control

To ensure effective and secure implementation, follow these recommendations:

  • Define Clear Policies: Establish comprehensive access control policies based on roles, resources, and operational needs.
  • Monitor Access Logs: Regularly review access logs and audit trails to detect and address unauthorized activity.
  • Leverage SMART Scopes: Use SMART scopes to refine access permissions for SMART-on-FHIR® applications, enhancing security and usability.
  • Integrate IP Rules: Deploy IP-based access restrictions to strengthen safeguards against unauthorized external access.

For more information on authentication methods and access controls, feel free to contact us.