Access control

Access control is the ability to permit or deny the use of a particular resource by a particular entity. When applied to electronic medical records, access control defines the amount of electronic data the user is limited to within the system. It serves as a safety measure to keep various protected health information from individuals with different levels of access.

Controlling access to electronic data is often interchanged with providing user authorization and it can be divided into three categories: user-based, role-based and context-based access control.