Role-Based Access Control (RBAC)

The following use cases are based on the RBAC specification.

Each type of user in a healthcare organization has a specified "role" which consists of "permissions" to perform certain functions and access specific data. While the set of permissions assigned to each role is based on local policy (enterprise-wide, jurisdiction-wide, etc.), the operation and the functions/information to which they apply, are standardized by HL7 as a normative specification. The functional roles for healthcare users are specified as an informative specification.

• Sample permissions:
  • "read, M.A.R. (medication administration record)" allows the user the see the medication administered to a patient.
  • "create, Registration" allows a clerk to register a patient by creating a registration/encounter record

Benefits RBAC for Patient Privacy

• Even though it does not take into account specific patient preferences, RBAC ensures that only specific user roles have access to patient information and clinical functionality (e.g. admission clerks cannot view pharmacy prescriptions).

Mask Functionality

Based on the functional role of the user logged in, the healthcare information system will limit access only to those operations (e.g. append, create, read, update, delete, execute) and functions (identified using an object id) that are allowed for that role.

Basic scenario

A user logs in, the application identifies the functional group or role for the user. Based on the user's role, the application interrogates the security systems for the functions allowed for the role. The security system stores the permissions associated with the role and it can specify whether the user can access specific functionality. Based on the results provided by the security system, the application displays to the users only those are of functionality that their functional role in the allows them to have. This use case would apply to a situation where both the application and the security systems are in the same organization or in different organizations.

Actors

• User
• Healthcare Application
• Security System

Mask Information

Based on their functional role, users can view(read),create, update, delete, or act (execute) on information contained in a patient's record. While the role of the user may limit their access to specific patient record information - limiting it to the information required to perform the job as specified by the role -

Basic Scenario

The user inquires the Personal Health Record system, based on the role the system provides the information specified by the permissions assigned to the user's role.

Actors

• User
• Healthcare Information System
• Security System

Consumer Preferences

The following use cases provide a consumer-centric rather than user-centric view to consent. These use cases reuse the functional role, operation, and object id concepts introduced by RBAC but it adds the consumer license, purpose, relationship to consumer (e.g.

License Medical Information

Pre-condition

The right/license to control one's medical information is assigned by jurisdiction to the patient/consumer.

Basic Scenario

Actors

• Jurisdiction
• Consumer
• Substitute Decision Maker

Consumer Manages Consent Directives

This use case assumes that the consumer has access to a Personal Health Record system through some type of portal (e.g. web) and manages a single data consent intended to be shared with a variety of providers, payers, etc.

Pre-condition

Basic Scenario

Actors

• Consumer
• Substitute Decision Maker
• Personal Health Record System/Portal

Provider Requests Consent Directives for a Patient

Pre-condition

The patient has completed the consent directive and persisted in in the Personal Health Record.

Basic Scenario

The patient receives ..

Actors

• Provider's Clerk
• Provider's Information System
• Personal Health Record

Provider Looks up the Personal Health Record information

Pre-condition

• The patient has completed the consent directive and persisted in in the Personal Health Record.
• The patient needs healthcare services a healthcare organization that has never treated the patient in the past or has treated the patient prior to introduction of consent directives and PHRs.

Basic Scenario

The patient provides the clerk with a reference to the consent directive maintained with the patient's PHR. The reference may be a URL that contains a set of readable rules and executable rules

Actors

• Provider's Clerk
• Provider's Information System
• Personal Health Record

Consent Directives Filter Health Information

Restricted access filters, or "masking", may be applied to a category of health information (e.g., all HIV related information), or a particular data element may be filtered (e.g., all instances of a provider's name). The granularity will require filtering mechanisms and algorithms that apply consent directive rules to an individual's health records.

Pre-condition

• The patient has completed entry of consent directive rules.

Basic Scenario

Depending on whether the information is structured or unstructured, masking may be applied at the record or document level, or on subsections. Structured information, which is encoded data, can be masked at the data element level. Unstructured information, which is unencoded data that may be transmitted, e.g., as an image or bit map, can only be masked at the document or document section level.

Actors

• Consent Manager
• EHR System

Back to CBCC Main Page