Acces-control authorization model for Health Information System (HIS) in Brazil

Marcelo Antonio de Carvalho Junior, Paulo Bandiera-Paiva


Objective: To report access-control implementations for authorization management in Health Information Systems (HIS) using opinion polls. Method: The selected target audience was Brazilian Society of Health Informatics (SBIS) members or participants in interest groups promoted by this association, totaling 1400 respondents. A 12 questions online survey was conducted using the REDCap tool, during the period of 30 days. Results: A total of 134 valid responses were collected. Most HIS currently implement RBAC, 82.7% report that this access-control model meets current demand, 23.8% stated that they did not adhere to the model recommended by the SBIS certification manual in version 4, 6.9%, 17.2% and 17.2% of the HIS’ developers respondents declared future intention to use this model in the short, medium and long term, respectively and 17.9% stated intention to change to hybrid models with RBAC or extensions. Conclusion: The conducted survey shows Brazilian HIS current implementations of access-control and future expectations.


Information systems; Information security; Gatekeeping; Standards

Texto completo: PDF

Journal of Health Informatics - ISSN 2175-4411
Rua Tenente Gomes Ribeiro, 57 - sala 33 CEP 04038-040 São Paulo - SP - Brasil
Tel./Fax: + 55 11 3791 3343 - E-mail: