Given some overall-policy (not to say this is the only overall-policy)
This exercise is to produce an Exemplar, so that others can see that they can use Permissions to define their overall-policy
Likely some Bundle of Permissions:
Permissions branch that covers classic RBAC (see Jose's page on RBAC)
Permissions covering Consent
Permissions that cover Patient as User access
Permissions that cover Patient requested corrections
Permissions that cover break-glass (safety vs privacy)
Permissions that cover normal operations, like audit-log analysis and database cleanup
Permissions that cover legal requests for data
Permissions that cover government reporting (e.g. SANER)
Permissions that cover business partners (e.g. HIE)
etc...
where each of these are likely themselves use-cases that are deeper analysis
Given some overall-policy (not to say this is the only overall-policy) This exercise is to produce an Exemplar, so that others can see that they can use Permissions to define their overall-policy
Likely some Bundle of Permissions:
where each of these are likely themselves use-cases that are deeper analysis