Role-based Workflow

Role-based Workflow is a patented NIST invention that can provide order-of-magnitude improvements in the privacy of electronic health records.

The problem being solved:  Most modern EHR/EMR software solutions do a poor job of controlling access to patient information. Even the best systems use Role-based Access Control (RBAC) to grant access to information based on “roles” (types of persons). The problem is that such systems are ‘all or nothing’ rather than being situational. For example, hospital workers with access have been known to look up irrelevant records at  – for example, their girlfriend’s or boyfriend’s records, coach’s records, governor’s record, etc.

The Solution:  With Role-based Workflow, a hospital worker’s access to records can be “turned off and on” based on a situational need.  For example, the hospital worker may be granted momentary access to a set of records for a single patient, as opposed to 24/7 access to records for 10,000 patients! The result is an order of magnitude improvement in record privacy.

Platform or Standalone:  Virtual Global has integrated Role-based Workflow into a special-purpose edition of its platform (HIT Platform) for applications related to Health IT. Role-based Workflow is also available as a standalone web services library.

The NIST SBIR contract with Virtual Global involved a Phase I project in 2008, a Phase II project in 2009.  In  2010, the SBIR project enters into a Phase III status, which will allow other federal organizations easier access to Virtual Global and its HealthCapsule™/Role-based Workflow related products.


For more information, see the Role-based Workflow web services user guide.