There was discussion of the unique access management issues for campuses with a medical school.
- Medical centers are often more centralized in managing access to systems that have to do with patients/clinical issues. It's far from the often-used academic model of "let the guy who is running it decide."
- Audit needs are substantial.
- involvement of patients as the source of authority for release of their clinical data.
- Multiple sources of authority, with high degree of complexity
- Issues of who has permission to perform certain procedures. Involves liability.
- Rob said that he is getting more engaged with the Duke health system around IdM (not priv mgmt yet). They use an entirely separate model for identity that includes a credentialing system that handles doctors' privileges with regard to the hospital.