In our last post we talked about identitification of a user at the access point: http://blog.emrian.com/?p=51#comments by use of passwords. Because of the sensitivity of patient data, users of any electronic records system who had not “proven” at the point of access that “they are who they are” must be prevented from access.

When the user had proved who he is now the question is “What can he do?” Can a valid user who had been authenticated, see EVERYTHING on EVERYONE? The users who do have authentification, must be determined by the system what data they are allowed to access and what functions can be performed by the user on that data, e.g., to view, copy, or update data. This is authorization issue. Though the differences among these questions are relatively simple, they are often confused in the literature. It is critical that any electronic health records system that implements health common framework addresses this issue.

Authorization could be user-based: that is authorization rights based on who an individual is so that he/she be associated with the audited actions; role-based; that is, the different operations available are tied to the role of the user, e.g. doctor vs. nurse vs. lab technologist vs administrative support, etc.; Context Based that is “Who you are (user) + What you are (role) + Where you are + When you are”.

System should not prevent doctors providing care. Authorization in many cases is based on relationship to the patient. Provider must be accountable for how that information is used or misused. Providers declare a relationship when a patient is accessed. Person-provider-activity is logged for audit.

This entry was posted on Tuesday, May 8th, 2007 at 11:24 am and is filed under Articles. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.