Bill Walton wrote: > The "Health Care Facility Nominated Trusted Clinician" section on page 5 > contains the sentence "This access will be on a 'need to know' basis." Here > in the U.S., HIPAA has specifically rejected "need to know" as a valid basis > for access. A user of the EHR may only access information the patient has > granted them the right to access. This complicates Access Control > considerably since it requires not only control of levels of information but > also specific health care episodes.
Yet a patient may typically grant relatively broad access to their information (e.g. all physicians of an entire group, all staff of an entire health care provider organization) under HIPAA. Within that subgroup, it is still very likely appropriate to stratify access on a need-to-know basis. david - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
