How to stop reinventing role based access control (RBAC) in medical/clinical apps

Every useful medical and clinical application has security requirements and most programmers end up implementing some sort of Role-Based Access Control (RBAC). Every couple of months I’m called in to do a code review or architecture assessment for the security components and it surprises me that everyone keeps reinventing the wheel when there is good thought leadership in the area. If you’re writing secured applications and you need help with role based access control, please do yourself and your programmers a favor and review the NIST Role-based Access Control research materials and standards guidelines. The documents are not healthcare-specific but they are healthcare-applicable for sure.

Role-Based Access Control

Oh, and buy the book, too.


Shahid N. Shah

Shahid Shah is an internationally recognized enterprise software guru that specializes in digital health with an emphasis on e-health, EHR/EMR, big data, iOT, data interoperability, med device connectivity, and bioinformatics.