D.14.1 - Access to care
Access to Care focuses on the access to appropriate care.
This includes streamlining efforts to receive care; ensuring care is appropriate in terms of type, care, intensity, location and availability; providing seamless access to health knowledge, enrolling providers; performing eligibility determination, and managing patient movement. The recommended provisional security categorization for access to care information is as follows:
Security category
Confidentiality Low
The confidentiality impact level is the effect of unauthorized disclosure of access to care information on the ability of responsible agencies to focus on the access to appropriate care. This includes streamlining efforts to receive care; ensuring care is appropriate in terms of type, care, intensity, location and availability; providing seamless access to health knowledge, enrolling providers; performing eligibility determination, and managing patient movement will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Some information associated with health care involves confidential patient information subject to the Privacy Act and to HIPAA. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Other information (e.g., information proprietary to hospitals, pharmaceutical companies, insurers, and care givers) must be protected under rules governing proprietary information and procurement management. In some cases, unauthorized disclosure of this information such as privacy-protected medical records can have serious consequences for agency operations. In such cases, the confidentiality impact level may be moderate. Recommended Confidentiality Impact Level: The provisional confidentiality impact level recommended for disclosure of access to care information is low.
Integrity Moderate
The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Many activities associated with access to care information are not time critical and the adverse effects of unauthorized modification or destruction of health care information on agency mission functions and/or public confidence in the agency will be limited. However, the consequences of unauthorized modification or destruction of health care information may result in incorrect, inappropriate, or excessively delayed treatment of patients. In these cases, serious adverse effects can include legal actions and danger to human life. Unauthorized modification or destruction of information affecting external communications that contain health care information (e.g., web pages, electronic mail) may adversely affect operations and public confidence in the agency and the agency mission. Recommended Integrity Impact Level: The provisional integrity impact level recommended for access to care information is moderate.
Availability Low
The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to care. Access to care is generally tolerant of delay. Typically, disruption of access to care information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Some access to care information could be deemed time-critical and is dependent on the severity of the health issue requiring immediate access to care, patient movements, etc.. Delays in the communication of specific situations may cause serious impacts to the patient or care provide. This can result in assignment of a moderate impact level to such information. Recommended Availability Impact Level: The provisional availability impact level recommended for access to care information is low.