Problem
Role-based Security in a Healthcare Environment
In a typical healthcare environment in which users include providers (of varying levels), administrative, technical and clerical staff, how would you set up RBAC (Role-Based Access Control) for a healthcare application? For example, should business office staff be able to view the clinical data? If so, what portions? Should a provider be able to access the financial systems to determine whether a patient is current for payments?
Submit a short list or table (at least 3 roles in a healthcare organization) outlining high-level privileges required to perform the job role as well as data that would have restricted access. Explain your reasoning.