A Patient Summary-CA solution should, where feasible, segregate duties and areas of responsibility to reduce opportunities for unauthorized modification or misuse of PHI based on jurisdictional standards. Note: For example, appropriate access-controls should be put in place to segregate duties for authorized actors who have access and/or can view hosted components of the Patient Summary in order to reduce opportunities for unauthorized modification or misuse of PHI and security-critical system data according to jurisdictional standards. |