Access Control

Owned by Laura Bright (Unlicensed)
Last updated: Oct 26, 2016
2 min read

The Access Control Service provides "gate-keeping" to protected resources and information, in accordance with the governing policies.

Basic Functional Requirements

  • Control access to clinical records based on user role
  • Control access to clinical records based on content type
  • Generate security audit records
  • Provide "Break the Glass" functionality
  • Increased auditing in the event of "Break the Glass"
  • Emergency access
  • Specification of roles, content types and policy rules

Scenarios

Record Access by Role

A patient has recently started attending a drug abuse clinic at the local hospital. He does not want the records and information from these encounters to be available to his GP. The doctor in charge of the clinic agrees, and adds a rule to the access control policy that restricts access to drug abuse related information to clinicians affiliated with the clinic. The next time the patient visits his GP, and the GP accesses the patients records, the drug abuse clinic records are not returned.

Record Access by Type

A local hospital has a patient portal that allows patients to access their lab results on line. However, the hospital has a policy that certain lab results that have serious implications, such as HIV results, should be disclosed only by a professional, in an environment that can offer support and education. When these lab results are returned and entered in the EMR, they are visible to the hospital clinicians, but are marked as not to be disclosed to the patient. When the patient logs in to the portal, these results are not returned. 

Break The Glass

An HIV positive patient is transported to the emergency room, unconcious. The patient has previously blocked access to results relating to his status and HIV medications from everyone except his GP. The ER doctor determines that he has to know what medications the patient is on, so that he doesn't give him a contraindicated drug and, as the patient is unconcious and can't respond to questions, he uses the break the glass function. He records the reason for the break, and the hidden results can now be accessed. Breaking the glass triggers an elevated level of auditing.

Candidate Standards

HSSP-PASS Access Control

Implementations

  • None known

HL7 Healthcare Access Control Catalogue, version 3

Implementations (Claimed by HL7 - check on these?)

  • Department of Veterans Affairs (VA)
  • Department of Defense (DoD)
  • SAMHSA