8. Authorization
1. Patient has an
existing relationship
to CPMC.
2. Patient’s primary
doctor was
credentialed.
3.Patient’s NCM was
an employee.
9. Access control
The system supports
access controls by
patient, patient list,
patient class and
data type. Patient
can be flagged as
“VIP” which is done
for celebrities and
employees.
10. Auditing
Audit logs of
computer access
to clinical data.
Record
information
includes ; User, IP
address, patient,
data type,
access type and
time of access.
11. Physical Security
All servers containing
clinical and evaluation
data are housed in the
main computer facility.
It is physically secured
with biometric access
controlled locks.
12. Computer security is
never absolute. It is
always a matter of
relative risk and relative
benefit. As clinical
computing continues to
move out of the hospital
and into the home,
security solution will
need to continue to
evolve.