NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Distributed Communication Methods and Role-Based Access Control for Use in Health Care Applications

Published

Author(s)

Joseph P. Poole, John Barkley, Kevin G. Brady, Anthony V. Cincotta, Wayne J. Salamon

Abstract

The use of software in the health care industry is becoming of increasing importance. One of the major roadblocks to efficient health care is the fact that important information is distributed across many sites. These sites can be located across a significant area. The problem is to provide a uniform mechanism to integrate this information. This paper documents the results of an investigation into the suitability of several different distributed access mechanisms. Five methods were examined: the Common Object Request Broker (CORBA), Object Linking and Embedding (OLE), remote procedure call (RPC), remote database access (SQL/RDA) and Protocol Independent Interfaces (PII, we specifically examined sockets). These mechanisms were compared with regard for use in health care applications. In particular, the following capabilities were compared: ease of use by the developer; class of applications for which the technology is particularly effective in developing; security capabilities; protocols utilized; and performance of the transport mechanism. A second goal was to explore the use of role-based access control (RBAC). RBAC is a security mechanism that is more flexible than Mandatory Access Control, but easier to use than just plain access control lists. Every user is assigned to one or more roles. Each role can perform some operations but not others. A demonstration application was constructed that used the distributed communication methods to implement a patient record database. This report discusses how these mechanisms were used in the demonstration project and the results found. Not unsurprisingly, we discovered that each of the mechanisms were effective for different purposes. These findings are discussed in detail in this report. One component of the demonstration project also implemented role-based access control and is detailed in this report.
Citation
NIST Interagency/Internal Report (NISTIR) - 5820
Report Number
5820
NIST Pub Series
NIST Interagency/Internal Report (NISTIR)
Pub Type
NIST Pubs

Download Paper

DOI Link

Keywords

access control, CORBA, distributed, health care, OLE, PII, RBAC, role-based, RPC, security, SQL/RDA, transport
Cybersecurity and privacy and Health IT

Citation

Poole, J. , Barkley, J. , Brady, K. , Cincotta, A. and Salamon, W. (1996), Distributed Communication Methods and Role-Based Access Control for Use in Health Care Applications, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.5820 (Accessed October 12, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created April 1, 1996, Updated November 10, 2018
Was this page helpful?