Security and Privacy Ontology Use Cases
Access Control Based on Category of Action
This use case illustrates an example of how an EHR system would control access to an object in a medical record based on the type of action to be performed on it. A number of access control actions are attempted on a medical record object for which the system grants or denies access privileges.
- Shady Grove Hospital – Provider Organization in which the use case takes place.
- Shady Grove Hospital’s EHR System – the EHR system which is accessed in the use case.
- Shady Grove Hospital’s security policy – the policy that determines how objects are accessed in the hospital’s EHR.
- Sam Jones – Patient at Shady Grove Hospital
- Dr. Bob – Physician at Shady Grove Hospital, primary physician for Sam Jones.
- Dr. Dan – Physician at Shady Grove Hospital, who also treats Sam Jones.
Shady Grove hospital has developed an access control system that implements decisions made in its security policy on its EHR system. This access control system can grant or deny the ability to perform certain actions on objects in the system. The actions have been categorized hierarchically so that if a user has been granted access to a category of actions, he or she is granted access to all actions categorized by that action. The security policy grants the primary physician access to create and update a patient’s progress note. The system does not explicitly grant the primary physician the privilege to append a patient’s progress note, however, append is categorized as an access control action under update.
Dr. Bob examines Mr. Jones as part of an episode of care. Dr. Bob opens Mr. Jones’ medical record and reads his medical history. Dr. Bob notices a transcription error in a progress note he had made for Mr. Jones’ last hospital visit. Dr. Bob corrects the error and updates the progress note. Dr. Bob opens a new progress note, enters his observations of Mr. Jones’ condition and appends the results of a recent blood test to the progress note.
A progress note regarding a past visit Mr. Jones’ made to the hospital has been updated and a new progress note has been created and appended to. This updated progress note becomes a part of his medical record.
Shady Grove Hospital’s security policy grants the primary physician access to create and update a patient’s progress note. The append action is categorized by the system as an update operation thus granting the primary physician the privilege to append the object.
Dr. Bob examines Mr. Jones as part of an episode of care. Dr. Bob opens Mr. Jones’ medical record and reads his medical history. Dr. Bob notices a transcription error in a progress note Dr. Dan had made for Mr. Jones’ last hospital visit. Dr. Bob attempts to correct the error but is denied this privilege by the EHR system.
The progress note regarding Mr. Jones’ last hospital visit remains unchanged.
Shady Grove Hospital’s security policy denies a physician the ability to update a progress note if he or she is not the author of that progress note without additional authority.