Authorization and Access Control
Authorization is the function of specifying access rights/privileges to resources related to information security and computer security in general and access control in particular (HHS, 2020). Ideally, it is any mechanism by which a system grants or revokes the right to access some data or perform some action. Often, a user must log in to a system by using some form of authentication. On the other hand, access control provides subject-to-object segregation according to a security policy implementation at a given healthcare system (De Carvalho Junior & Bandiera-Paiva, 2018). Access control mechanisms determine which operations the user can or cannot do by comparing the user s identity to an access control list (ACL). It mainly controls encompass file permissions (the right to create, read, edit or delete a file), program permissions (the right to execute a program), and data permissions (the right to retrieve or update information in a database).
to AHIMA Position Statement (2007), HIM professionals establish and maintain
organizational privacy policies and procedures, develop processes for
appropriate access to PHI, author and present confidentiality education and
training programs, and develop compliant authorization processes and practices
that respond to individual privacy and security concerns.
Click to view the full document!View Document