Skip to main content
. 2020 Oct 31;26(4):265–273. doi: 10.4258/hir.2020.26.4.265

Table 2.

Access request model and validation rules

Access request model Validation rules
In our system, the access request has simply two tuples
<Access-Purpose; Action>
  • - Access-Purpose: The data requestor’s purpose of using the data

  • - Action: The activity on the data. Examples are Copy, Read, etc., having access privilege levels the same as in the patient consent.

Whether a data access is allowed or not depends on the relationship between requestor’s Access Purpose (AP) and Intended- Purpose in the patient consent. The following is basic compliance rule to which access request is subject.
  • - If AP is included in Prohibited Descendant Purposes (PDP), the access request is rejected at all, i.e., APPDP

  • - Any of consent, which has Allowed Intended-Purposes (AIP) that is ancestor of AP, allows the access requests excluding PDP in the AIP, i.e. APAIP and APPDPAIP