In an HIE, the access control information must come from the different parties in the HIE. This can be a challenge when communicating across organizational boundaries and with a competing organization. The interoperability standards used have been developed specifically with this in mind. The easiest way to describe this is through the example shown in Figure 28-2.
Figure 28-2 Simple HIE access control example
1. The user is authenticated, typically as part of their long-term session in the EHR.
2. At some point, the system queries the HIE and includes information about the user and context along with the query parameters ...