RBW improves record security and privacy by orders-of-magnitude. In many cases, RBW has potential for a thousandfold+ improvement in record security. It works by restricting access to records based on need-to-know as determined by stage in a case management workflow. It solves the problem of overly broad access to information that is associated with traditional role-based access control.
An Example
To better understand – imagine a “secure” healthcare application that restricts access so that only doctors can see patient records. At 3:00 AM one morning while treating a patient with a broken arm, Doctor Joe inappropriately accesses the college football coach’s record. Or worse, imagine a federal contractor inappropriately accessing sensitive defense information.
RBW prevents this breach from happening. With RBW, Joe’s access is restricted to the patient’s record that is assigned to him in the workflow. Instead of being able to access (for example) 10,000 patient records 24/7, Joe is restricted to one patient’s record for one hour. In this example, RBW would provide a 240,000 times improvement in record security!
SBIR History
The RBW engine was created in response to a NIST SBIR Phase I award and subsequent Phase II commercialization project. The project commercialized the National Institute of Technology’s formerly patented invention, informally referred to as role-based workflow. The end result included:
Low-code workflow designer
XML-based workflow definitions
Web services API
Furthermore, RBW was integrated into the SaaS Maker low-code platform to demonstrate its effectiveness for managing a record privacy for a healthcare organization in Pittsburgh, PA.