RBAC Case Studies

The following RBAC case studies and experience reports may be useful in planning for RBAC implementations. We will add to this collection as more reports become available. (Please note that the authors and organizations below are not affiliated with NIST or any other agency of the US Government, unless otherwise noted, and NIST cannot endorse or comment on these publications.)

Submit comments or suggestions on this collection to the Project Contacts.

• A Case Study in Access Control Requirements for a Health Information System - "a detailed examination of the access constraints for a small real-world Health Information System with the aim of achieving minimal access rights for each of the involved principals,"
• Kindred Health Care - compliance with HIPAA regulations using RBAC
• Electronic Medical Billing Software, HIPAA Compliance, and Role Based Access Control - an integrated approach to compliance for billing vendors using RBAC
• Role Based Access Control in Kidney Dialysis Information System - illustrates RBAC in medical devices
• Lighthouse International - non-profit organization for vision loss
• St. Bartholomew Hospital, London - RBAC for a medical database
• Univ. of North Carolina School of Medicine - RBAC in a medical curriculum management system
• Kentucky Health Alert Network - statewide emergency alert system integrated with CDC, Homeland Security and other networks
• Mental Health Care Patient Management System - British regional health care authority
• Los Angeles County Health Alert System - RBAC in a messenging system serving population of 10 million