×

Role-based access control

  • US 8,448,240 B2
  • Filed: 01/30/2007
  • Issued: 05/21/2013
  • Est. Priority Date: 01/31/2006
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method of using a role-based access control (RBAC)system for controlling access rights to protected resources in a medical record keeping system, the method comprising the acts of:

  • assigning role based policies to individual users of the record keeping system based on roles of the users, wherein a role based policy includes a set of predetermined access rights for a corresponding role to a medical record of a patient in the record keeping system, wherein the medical record keeping system stores medical records of multiple patients;

    modifying the set of predetermined access rights to change access of an individual user to the medical record of the patient in accordance with an exception list related to the individual user and the medical record of the patient without changing the role of the individual user or modifying the role based policy assigned to the individual user;

    authorizing access to the medical record based upon the modified set of predetermined access rights, wherein at least one of the acts is performed by a microprocessor;

    determining if an exception applies to a majority of the users or a majority of the medical records; and

    modifying the role based policy to include the exception if the exception applies to the majority of at least one of users or the medical records.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×