Every useful medical and clinical application has security requirements and most programmers end up implementing some sort of Role-Based Access Control (RBAC). Every couple of months I’m called in to do a code review or architecture assessment for the security components and it surprises me that everyone keeps reinventing the wheel when there is good thought leadership in the area. If you’re writing secured applications and you need help with role based access control, please do yourself and your programmers a favor and review the NIST Role-based Access Control research materials and standards guidelines. The documents are not healthcare-specific but they are healthcare-applicable for sure.
Oh, and buy the book, too.