Developers and HIPAA

EHR Role-Based Controls

What kind of limitations on role-based access does an EHR have to provide in order to comply with the “minimum necessary” standard? For example, if an employee only needs demographic or scheduling information to fulfill their job, does the EHR have to include mechanisms to prevent that employee from accessing other clinical information, or is having audit capability (combined with staff training and written policies) sufficient?

Tags (If you have a multi-word tag, add a hyphen (-) between the words.)


1 vote
1 up votes
0 down votes
Question No. 53