Difference between revisions of "Authentication, access control, and authorization (MU2)"
From OpenEMR Project Wiki
Bradymiller (talk | contribs) (Created page with "==Overview== ==MU Requirements== ===Per ONC=== :Taken from [http://www.ofr.gov/OFRUpload/OFRData/2012-20982_PI.pdf ONC Final Rule] <pre> </pre> ==Status== ==Proposal== ==Own...") |
Bradymiller (talk | contribs) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
==MU Requirements== | ==MU Requirements== | ||
===Per ONC=== | ===Per ONC=== | ||
:Taken from [ | :Taken from ONC Final Rule:[[File:2014_Edition_Cert_Federal_Register.pdf]] | ||
<pre> | <pre> | ||
(1) Authentication, access control, and authorization. (i) Verify against | |||
a unique identifier(s) (e.g., username or number) that a person seeking access to electronic health | |||
information is the one claimed; and | |||
(ii) Establish the type of access to electronic health information a user is permitted based on | |||
the unique identifier(s) provided in paragraph (d)(1)(i) of this section, and the actions the user | |||
is permitted to perform with the EHR technology. | |||
</pre> | </pre> | ||
===Per ONC/NIST Final Test Methods=== | |||
:See here: http://www.healthit.gov/policy-researchers-implementers/2014-edition-final-test-method | |||
==Status== | ==Status== | ||
Line 15: | Line 22: | ||
==Links== | ==Links== | ||
:*[[OpenEMR Certification Stage II Meaningful Use|OpenEMR Certification Stage II Meaningful Use Main Project Page]] | |||
:*[[User Authentication|User Authentication wiki page for stage I certification]] | |||
:*[[Controlling Access|Controlling Access wiki page for stage I certification]] | |||
[[Category:Certification]][[Category:Certification Stage II]] | [[Category:Certification]][[Category:Certification Stage II]] |
Latest revision as of 01:20, 26 January 2013
Overview
MU Requirements
Per ONC
- Taken from ONC Final Rule:File:2014 Edition Cert Federal Register.pdf
(1) Authentication, access control, and authorization. (i) Verify against a unique identifier(s) (e.g., username or number) that a person seeking access to electronic health information is the one claimed; and (ii) Establish the type of access to electronic health information a user is permitted based on the unique identifier(s) provided in paragraph (d)(1)(i) of this section, and the actions the user is permitted to perform with the EHR technology.