Role-based access control
First Claim
Patent Images
1. A method of using a role-based access control (RBAC)system for controlling access rights to protected resources in a medical record keeping system, the method comprising the acts of:
- assigning role based policies to individual users of the record keeping system based on roles of the users, wherein a role based policy includes a set of predetermined access rights for a corresponding role to a medical record of a patient in the record keeping system, wherein the medical record keeping system stores medical records of multiple patients;
modifying the set of predetermined access rights to change access of an individual user to the medical record of the patient in accordance with an exception list related to the individual user and the medical record of the patient without changing the role of the individual user or modifying the role based policy assigned to the individual user;
authorizing access to the medical record based upon the modified set of predetermined access rights, wherein at least one of the acts is performed by a microprocessor;
determining if an exception applies to a majority of the users or a majority of the medical records; and
modifying the role based policy to include the exception if the exception applies to the majority of at least one of users or the medical records.
1 Assignment
0 Petitions
Accused Products
Abstract
A user interface and a processor coupled to the user interface wherein the processor receives access requests through the user interface and authorizes access through the user interface. The processor associates a rights request with a role based policy to determine access rights, modifies the determined access rights in accordance with an exception list related to particular users and records, and authorizes access to a record based upon the modified determined access rights.
-
Citations
20 Claims
-
1. A method of using a role-based access control (RBAC)system for controlling access rights to protected resources in a medical record keeping system, the method comprising the acts of:
-
assigning role based policies to individual users of the record keeping system based on roles of the users, wherein a role based policy includes a set of predetermined access rights for a corresponding role to a medical record of a patient in the record keeping system, wherein the medical record keeping system stores medical records of multiple patients; modifying the set of predetermined access rights to change access of an individual user to the medical record of the patient in accordance with an exception list related to the individual user and the medical record of the patient without changing the role of the individual user or modifying the role based policy assigned to the individual user; authorizing access to the medical record based upon the modified set of predetermined access rights, wherein at least one of the acts is performed by a microprocessor; determining if an exception applies to a majority of the users or a majority of the medical records; and modifying the role based policy to include the exception if the exception applies to the majority of at least one of users or the medical records. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A role-based access control (RBAC) system for controlling access to protected resources, the system comprising:
-
a user interface; and a processor operably coupled to the user interface, wherein the processor is configured to receive access requests through the user interface and is configured to authorize access through the user interface, wherein the processor is configured to associate a rights request of an individual user with a role based policy to determine access rights to a medical record of a patient, modify the determined access rights to change access of the individual user to the medical record of the patient without modifying the role based policy in accordance with an exception list related to particular users and medical records, and authorize access to the medical record based upon the modified determined access rights, wherein the processor is configured to determine if an exception applies to a majority of users, is configured to modify the role based policy to include the exception if the exception applies to the majority of users, and is configured to modify the exception list to apply to a minority. of users rights previously controlled by the role based policy. - View Dependent Claims (12, 13, 14)
-
-
15. An application embodied on a non-transitory computer readable medium configured to provide a role-based access control system (RBAC), the application comprising:
-
a portion configured to associate a rights request of an individual user with a role based policy to determine access rights for a corresponding role to a medical record of a patient in the RBAC system, wherein the RBAC system stores medical records of multiple patients; a portion configured to modify the determined access rights to change access of the individual user to the medical record of the patient in accordance with an exception list related to the individual user and a medical record of the patient without modifying the role based policy assigned to the individual user; a portion configured to authorize access to the medical record based upon the modified determined access rights; a portion configured to determine if an exception applies to a majority of atomic blocks that have the same policy; a portion configured to modify the role based policy to include the exception if the exception applies to the majority of atomic blocks; and a portion configured to modify the exception list to apply to a minority of atomic blocks previously controlled by the role based policy. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification