Patient Privacy

The biggest deviation from simple RBAC is that the information in an EHR is about a human subject and that human subject has rights and expectations about how the information is to be used. In many cases, these rights and expectations are well aligned, and there is little impact on the RBAC rules. In other cases, the deviations can be more difficult. Privacy rights are different around the globe. In some locations, they are very strict and powerful. Generally, the privacy rights fall into seven domains:

• The purpose for the data collection should be known, limited, and stated.

• The policies and practices for handling the data should be open and transparent.

• There is a limit on the collection of information to the minimally ...

Get Healthcare Information Technology Exam Guide for CompTIA Healthcare IT Technician and HIT Pro Certifications now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.