Assignment:
Adding Access Controls to a paper records system
Making decisions regarding proper access controls does not always require a detailed understanding of information technology. As a matter of fact, some of the most important opportunities for improving access controls are non-technology-based systems such as paper medical records.
Requirements:
Consider a paper medical records system that might be in use by a small doctor's office. Access to these medical records must be protected just as access to electronic health information must be protected. Based on your understanding of access controls do the following:
• Describe in detail the nature of paper medical records so that it is clear what an access control policy would be protecting.
• Choose and describe two physical access control rules which should be implemented for paper medical records.
• Choose and describe two user access controls which could be implemented for paper medical records. Note that in this context such access controls would likely be implemented in the form of an office policy.
• Comment on two ways that user access controls for paper medical records are similar to user access controls for electronic health records.
Your paper should include the following criteria:
• 2- pages in length, double-spaced.
• Free of spelling, grammar, and punctuation errors.
• We will be discussing Access Controls. This means ensuring that the correct employee in the correct role has access only to that data which they need to do their job. However, it also means that they must have access to ALL of the data they need to do their job. Just as it is not good if someone has too much access, it is also not good if they do not have enough access.
• The first Written Assignment is regarding access controls to a paper records system. Although this class is titled Electronic Data Security, almost every organization still does have paper records of some type, and those records must be protected as well.
Requirement
Described in detail the nature of such paper records so that it is clear what an access control policy would be protecting.
Chose and described two physical access control rules which should be implemented for such paper records.
Chose and described two user access controls which could be implemented for paper records.
Comment on two ways that user access controls for paper medical records are similar to user access controls for electronic health records.