Authorization and Access Control

Authorization is the function of specifying access rights/privileges to resources related to information security and computer security in general and access control in particular (HHS, 2020). Ideally, it is any mechanism by which a system grants or revokes the right to access some data or perform some action. Often, a user must log in to a system by using some form of authentication. On the other hand, access control provides subject-to-object segregation according to a security policy implementation at a given healthcare system (De Carvalho Junior & Bandiera-Paiva, 2018). Access control mechanisms determine which operations the user can or cannot do by comparing the user s identity to an access control list (ACL). It mainly controls encompass file permissions (the right to create, read, edit or delete a file), program permissions (the right to execute a program), and data permissions (the right to retrieve or update information in a database).

According to AHIMA Position Statement (2007), HIM professionals establish and maintain organizational privacy policies and procedures, develop processes for appropriate access to PHI, author and present confidentiality education and training programs, and develop compliant authorization processes and practices that respond to individual privacy and security concerns.