I'm building a web service to access patient data within our EMR and would like to subscribe to RESTful design principles. However, the idea of including the patient MRN in a GET request makes me uneasy. I was thinking about just being "RESTfulesque" and relying exclusively on POSTS so that the MRN could be included within the body of the request.
For example Instead of
GET | http://ift.tt/1AklqJK
I would use
POST | http://ift.tt/1AklqJM
POST | /ServerName/PUT/MedicalHistory
PatientID, Type and UserID and Type would be request header properties.
It seems like most EMR vendors will use traditional REST verbs and expose IDs in the URL but this feels wrong. Am I being overly paranoid with my design? I want my services to be very developer friendly, so I don't want to break with REST design principles unless its necessary.
Am I risking a HIPAA violation by exposing patient MRNs within a request URL?
Aucun commentaire:
Enregistrer un commentaire