Skip to content

Boundaries

Overview

Tenant Administrators manage healthcare organizations, but only within the tenant they are assigned to.

Tenant isolation is one of the most important boundaries enforced by the platform.

Tenant Boundary

flowchart LR

    ADMIN["Tenant Administrator"]

    OWN["Assigned Tenant"]

    OTHER["Other Tenant"]

    ADMIN --> OWN

    ADMIN -. Access Denied .-> OTHER
Hold "Alt" / "Option" to enable pan & zoom

A Tenant Administrator may never access resources belonging to another tenant.

Organizational Boundary

flowchart TB

    TENANT["Tenant"]

    ADMIN["Tenant Administrator"]

    PROVIDERS["Providers"]

    PATIENTS["Patients"]

    TENANT --> ADMIN

    TENANT --> PROVIDERS

    TENANT --> PATIENTS
Hold "Alt" / "Option" to enable pan & zoom

All resources managed by the administrator must belong to the same tenant.

Clinical Boundary

Tenant Administrators support operations but do not provide healthcare services.

flowchart TB

    ADMIN["Tenant Administrator"]

    PROVIDER["Provider"]

    CONSULTATION["Consultation"]

    ADMIN -. No Clinical Access .-> CONSULTATION

    PROVIDER --> CONSULTATION
Hold "Alt" / "Option" to enable pan & zoom

Clinical responsibilities belong to providers.

Patient Boundary

Tenant Administrators may manage patient records operationally but should not act on behalf of patients.

flowchart LR

    ADMIN["Tenant Administrator"]

    PATIENT["Patient Account"]

    ADMIN -. Limited Administrative Access .-> PATIENT
Hold "Alt" / "Option" to enable pan & zoom

Patient-owned actions remain the responsibility of the patient.

Platform Boundary

flowchart LR

    ADMIN["Tenant Administrator"]

    TENANT["Assigned Tenant"]

    PLATFORM["Platform Administration"]

    ADMIN --> TENANT

    ADMIN -. Access Denied .-> PLATFORM
Hold "Alt" / "Option" to enable pan & zoom

Platform administration remains the responsibility of Super Administrators.

Separation of Responsibilities

flowchart TB

    SUPER["Super Administrator"]

    ADMIN["Tenant Administrator"]

    PROVIDER["Provider"]

    PATIENT["Patient"]

    SUPER -->|"Platform Governance"| SUPER

    ADMIN -->|"Organization Operations"| ADMIN

    PROVIDER -->|"Clinical Operations"| PROVIDER

    PATIENT -->|"Healthcare Participation"| PATIENT
Hold "Alt" / "Option" to enable pan & zoom

Each role has a clearly defined scope of responsibility.

Architectural Principles

The Tenant Administrator role follows:

Tenant Ownership

All operations are restricted to the assigned tenant.

Operational Management

Focus on organizational operations rather than platform administration.

Clinical Separation

Healthcare delivery remains the responsibility of providers.

Least Privilege

Access is limited to resources required for organizational management.

These boundaries ensure secure and predictable tenant operations.