A Patient Summary-CA solution should, where feasible, segregate duties and areas of responsibility to reduce opportunities for unauthorized modification or misuse of PHI based on jurisdictional standards. Note: For example, appropriate access-controls should be put in place to segregate duties for authorized actors who have access and or can view hosted components of the Patient Summary in order to reduce opportunities for unauthorized modification or misuse of PHI and security-critical system data according to jurisdictional standards. |