Dr. Peel on Role-based access to electronic medical records and BIDMC
Role-based access controls do not protect privacy. The longstanding definition of privacy in American and international law is that ‘privacy’ means the individual’s right to control the acquisition, use, and disclosure of personal information.
The BIDMC role-based access controls are determined by the staff and help to improve the security and confidentiality of patient data, but do not ensure privacy or consumer control over who can see and use personal data. Consumers don’t have a say in setting role-based access to PHI at this institution.