ABSTRACT
'Access controls' is an element of a comprehensive security policy. In order to protect patient confidentiality and privacy it is essential that access to confidential information is controlled, limiting it to authorised persons only. This chapter explains how to control physical and logical access to confidential material. All central processors/file servers, and any other confidential material should be located in secure areas with restricted access through a physical barrier. Access control also requires the determination of who should be allowed access to confidential material/data and to which level. Before giving staff members access to confidential information they should be properly trained and certain principles should be observed which form the basis for granting access to these confidential material/data. To ensure that only authorised persons can gain access to information management and technology (IM&T) system, access should be controlled via a log-on process, which is designed to minimise unauthorised access.
