Describe in detail the nature of paper medical records so that it is clear what an access control policy would be protecting.

Making decisions regarding proper access controls does not always require a detailed understanding of information technology. As a matter of fact, some of the most important opportunities for improving access controls are non-technology-based systems such as paper medical records.

Requirements:

Consider a paper medical records system that might be in use by a small doctor’s office. Access to these medical records must be protected just as access to electronic health information must be protected.  Based on your understanding of access controls do the following:

  • Describe in detail the nature of paper medical records so that it is clear what an access control policy would be protecting.
  • Choose and describe two physical access control rules which should be implemented for paper medical records.
  • Choose and describe two user access controls which could be implemented for paper medical records.  Note that in this context such access controls would likely be implemented in the form of an office policy.
  • Comment on two ways that user access controls for paper medical records are similar to user access controls for electronic health records.

Your paper should include the following criteria:

  • 1 page or more in length, double-spaced.
  • Free of spelling, grammar, and punctuation errors.