Understanding Data Authorization in ROOK
In the ROOK platform, granting permission to access health data is a fundamental step in the data integration process. This article explains when and how end-users provide permission to their data within the ROOK ecosystem.
Permission at Connection
Permission is granted when the connection between the user's data source and the ROOK platform is established. Without this permission, the necessary data extraction and synchronization processes cannot occur.
The Authorization Screen
The permission request is presented to the end-user through an authorization screen. This screen serves to inform the user about:
The specific data that will be accessed.
How the data will be used.
Who will be responsible for managing the data.
It is important to note that the appearance of the authorization screen may differ depending on the user's operating system and the specific data source being connected. Regardless of these variations, the primary goal of the authorization screen is to provide clear and accurate information to the user, enabling them to make an informed decision regarding their data.
OAuth Flow and Security
To establish the connection and ensure an additional layer of security, ROOK uses an OAuth flow. This authentication method empowers users by giving them control over the data they share. Users also have the option to revoke these permissions at any time, if they change their mind or no longer want their data to be accessible by ROOK.
Permission Renewal
In some instances, certain data sources may require periodic permission renewal. It is important to clarify that these renewals are imposed by the data sources themselves and are not a requirement of ROOK. If a user does not renew their permissions within the specified timeframe, access to their data will be restricted until the renewal is completed. This could lead to interruptions in certain services.
Commitment to Transparency
ROOK is committed to obtaining the necessary permissions to access user data while also respecting user privacy and preferences. Transparency and clarity are essential in every permission request method. This ensures that end-users have a comprehensive understanding of how their data will be managed, allowing them to make well-informed decisions and have confidence that their data is being handled in accordance with their expectations and privacy rights.