This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Security and Privacy Ontology Use Cases

From HL7Wiki
Revision as of 20:37, 16 April 2010 by Sconnolly (talk | contribs)
Jump to navigation Jump to search

Back to Security and Privacy Ontology Main Page

Access Control Based on Category of Action

This use case illustrates an example of how an EHR system would control access to an object in a medical record based on the type of action to be performed on it. A number of access control actions are attempted on a medical record object for which the system grants or denies access privileges.

Actors

  • Shady Grove Hospital – Provider Organization in which the use case takes place.
  • Shady Grove Hospital’s EHR System – the EHR system which is accessed in the use case.
  • Shady Grove Hospital’s security policy – the policy that determines how objects are accessed in the hospital’s EHR.
  • Sam Jones – Patient at Shady Grove Hospital.
  • Dr. Bob – Physician at Shady Grove Hospital, primary physician for Sam Jones.
  • Dr. Dan – Physician at Shady Grove Hospital, who also treats Sam Jones.

Precondition

Shady Grove hospital has developed an access control system that implements decisions made in its security policy on its EHR system. This access control system can grant or deny the ability to perform certain actions on objects in the system. The actions have been categorized hierarchically so that if a user has been granted access to a category of actions, he or she is granted access to all actions categorized by that action. The security policy grants the primary physician access to create and update a patient’s progress note. The system does not explicitly grant the primary physician the privilege to append a patient’s progress note, however, append is categorized as an access control action under update.

Basic Scenario

Dr. Bob examines Mr. Jones as part of an episode of care. Dr. Bob opens Mr. Jones’ medical record and reads his medical history. Dr. Bob notices a transcription error in a progress note he had made for Mr. Jones’ last hospital visit. Dr. Bob corrects the error and updates the progress note. Dr. Bob opens a new progress note, enters his observations of Mr. Jones’ condition and appends the results of a recent blood test to the progress note.

Post-Condition

A progress note regarding a past visit Mr. Jones’ made to the hospital has been updated and a new progress note has been created and appended to. This updated progress note becomes a part of his medical record.

Analysis

Shady Grove Hospital’s security policy grants the primary physician access to create and update a patient’s progress note. The append action is categorized by the system as an update operation thus granting the primary physician the privilege to append the object.

Alternative Scenario

Dr. Bob examines Mr. Jones as part of an episode of care. Dr. Bob opens Mr. Jones’ medical record and reads his medical history. Dr. Bob notices a transcription error in a progress note Dr. Dan had made for Mr. Jones’ last hospital visit. Dr. Bob attempts to correct the error but is denied this privilege by the EHR system.

Post-Condition

The progress note regarding Mr. Jones’ last hospital visit remains unchanged.

Analysis

Shady Grove Hospital’s security policy denies a physician the ability to update a progress note if he or she is not the author of that progress note without additional authority.


Access Control Based on Category of Object

This use case illustrates how an EHR system would control access to an object in a medical record based on the type of object it is. A user attempts to access a number of objects in a medical record for which the system grants or denies access privileges based on the category of object.

Actors

  • Shady Grove Hospital – Provider Organization in which the use case takes place.
  • Shady Grove Hospital’s EHR System – the EHR system which is accessed in the use case.
  • Shady Grove Hospital’s security policy – the policy that determines how objects are allowed to be accessed in the hospital’s EHR.
  • Sam Jones – Patient at Shady Grove Hospital.
  • Dr. Bob – Physician at Shady Grove Hospital, primary physician for Sam Jones.
  • Dr. Dan – Physician at Shady Grove Hospital, who also treats Sam Jones.


Precondition

Shady Grove hospital has developed an access control system that implements decisions made in its security policy on its EHR system. This access control system can grant or deny the ability to access certain objects in the system. The objects have been categorized hierarchically so that if a user has been granted access to a category of objects, he or she is granted access to all objects in that category. For example, an initial assessment is categorized as an assessment which in turn is categorized as a clinical report, while payment history is categorized as an administrative report.

The security policy grants the primary physician access to create and read a patient’s assessment. The system does not explicitly grant the primary physician the privilege to access a patient’s initial assessment, however, as initial assessment is categorized as an assessment, access to the initial assessment would be inherited from assessment. Dr. Bob has previously completed assessments of Mr. Jones’ health.

Basic Scenario

Dr. Bob interviews Mr. Jones upon his admission into the hospital. Dr. Bob creates an initial assessment on Mr. Jones’ health after the interview.

Post-Condition

An initial assessment on Mr. Jones’ health has been entered into the system.

Analysis

Shady Grove Hospital’s security policy grants the primary physician access to create a patient’s assessment. The initial assessment is categorized by the system as an assessment thus granting the primary physician the privilege to create an initial assessment on the patient.

Alternative Scenario

Dr. Bob interviews Mr. Jones upon his admission into the hospital. Dr. Bob reviews Mr. Jones’ medical history for relevant clinical information. Dr. Bob then attempts to access Mr. Jones’ payment history with Shady Grove Hospital and is denied access.

Post-Condition

Dr. Bob can read Mr. Jones’ medical history but he cannot access Mr. Jones’ payment history.

Analysis

Shady Grove Hospital’s security policy allows the primary physician the ability to access clinical reports. Medical history is categorized as a clinical report and thus Dr. Bob can access it. The security policy does not allow a primary physician access to administrative reports without additional authorization. Since a payment history is categorized under administrative reports, Dr. Bob is denied access to it.

Retrieved from "https://wiki.hl7.org/w/index.php?title=Security_and_Privacy_Ontology_Use_Cases&oldid=35709"