| Policy Models (6) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| • | The
HIPAA model (1998) |
||||||||||||
| – | The
patient controls the right to access |
||||||||||||
| “personally
identifiable health information” |
|||||||||||||
| – | Access
is granted to any clinician or facility |
||||||||||||
| staff
participating in the care of the patient |
|||||||||||||
| – | Patient
must be notified of all breaches |
||||||||||||
| – | Deletions
are not allowed |
||||||||||||
| – | All
access must be logged and auditable |
||||||||||||
| – | Privileges
may be revoked |
||||||||||||
