Good day all,
I work as a clinical informatics specialists In Bermuda. We are in the process of implementing an Electronic Medical System in the very near future at our hospital. Would you be so kind and give me some input on; "Guidelines for Creating Security groups" or share some guidelines that you have used for your hospital.
I am working on developing guidelines the team should follow when building security groups for end users in the usage of clinical applications. For e.g. if you work in the perioperative department you can perhaps be assigned a scrub nurse, PACU/recovery. preoperative, anesthetists. Each of these roles I built a security group for and added individual privileges for each. Instead of giving each user access to the full application. This is what I came up with thus far.
"Creating guidelines for establishing security groups".
- The security group should/could be linked to the user's active directory
- All super users that manage security group privileges can add, edit or delete rules in a security group
- All security groups should have a standardized naming convention
- Limit users to one security group
- Users should strictly fall in the group that coincide with their workflow/job description
- Custom security groups might be necessary/limited but rare so should be applied as required.
- Policies should be put in place to enforce these guidelines.
------------------------------
Lima Hayward MSN BSc
Clinical Informatics Specialists
Hamilton HM 11
------------------------------