We own and maintain a national database of roles and permissions for healthcare workers called the national RBAC database.
The database consists of:
Job Roles (‘R’ codes) - the set of roles that can be assigned to users, for example Clinical Practitioner (R8000)
Activities (‘B’ codes) - the set of activities that users can perform, for example Amend Patient Demographics (B0825)
Baseline Policy - the default mapping of roles to activities, for example a Clinical Practitioner can perform the Amend Patient Demographics activity
Activities can include other activities. For example, Amend Patient Demographics (B0825) includes View Patient Demographics (B0820). When checking activities, you must also consider any included activities.
Accessing the national RBAC database
To access the national RBAC database, you can:
The database doesn’t change that often, so using a snapshot is fine in most cases.
User accounts and roles
To use national RBAC, users must:
This is done by their Registration Authority (RA). The RA then issues the user with a form of identification - a smartcard and PIN or a modern alternative.
Directly assigned activities
Normally, users are assigned roles, and roles are associated with activities. Everyone with a given role can perform all the activities for that role.
However, it is also possible to assign activities directly to users.
In particular, this approach must be used for the e-Referral Service (e-RS), which has activities but no associated roles.