Multilevel Data Confidentiality
Simple RBAC is not sufficient in healthcare simply because the information has so many rules applied to it that there is no simple classification scheme that can be applied. There is a set of classes of data that requires more than the typical (normal) access control protections. These classes of data are called out in regulations such as USA 42-CFR-Part 2,28 which defines special handling for things such as drug-abuse and alcohol-abuse information when it is captured as part of a federally funded program. Individual states interpret these federal regulations in different ways. These are complex regulations that give us complex rules.
Some of these especially sensitive health topics are easier to handle than others. ...
Get Healthcare Information Technology Exam Guide for CompTIA Healthcare IT Technician and HIT Pro Certifications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
