Summa will be presenting “Modernizing Integration to Achieve Meaningful Use” at the annual meeting of the Virginia chapter of HIMSS at the end of October. We’ll be discussing:

• The “meaningful use” criteria of the ARRA HITECH legislation that is related to systems integration
• The fact that many hospitals have interoperability infrastructures that are not well suited to some new integration patterns that will be necessary for achieving meaningful use
• Options to consider when modernizing integration in hospital / IDN environments

Continue Reading Add comment

It takes real effort for a consulting organization to develop and retain a group identity. Consultants often work at client sites and are surrounded by clients who aren’t coworkers. We can get caught up in our clients’ problems and successes. It’s important for Summa as an organization that our consultants periodically renew their connection to the “home base.”

One way that Summa employees stay connected to one another is through our annual Summa Summit and anniversary party. In the fall of 2000, then-CEO Ed Engler gathered together all of Summa’s staff for a “Summit,” which has been repeated almost every year since then. The Summit has become one of the most important times in the Summa calendar, and it helps us all reconnect, share success stories, and plan for the year to come.

We also throw a big party.

Continue Reading Add comment

When we think about authorization, we often think users, roles, and permissions. Essentially, what a user can do in a system usually boils down to a simple formula:

And while this role-based model is effective, intuitive, and easy to implement, unfortunately, in most enterprise applications, it isn’t enough – there are some portion of authorization requirements that can’t be neatly codified in simple user-role-permission relationships.

In this post, I’d like to take a stab at defining some of the tricky (but common) authorization requirements that stretch the boundaries of basic role-based access control. My hope is that by identifying (and putting a name to!) these different types of authorization rules, we’ll be in a better position to determine the authorization solution that best fits our needs – whether it’s a simple role-based approach or a complex policy engine (e.g Oracle Entitlements Server, Cisco’s Policy Manager, etc.).

Ok, here goes…

Continue Reading Add comment