The program, an algorithm that can be placed in larger software, controls access to information systems and has been looked into by a company operating in the health care field.
“We think this software will provide dramatically improved security and privacy to patients,“ said John Barkley, the algorithm's creator and now retired from NIST's Software and Systems Division. “It solves the problem of overly broad access to patient information, which is widespread.“
The invention was part of a larger NIST effort to systematize and standardize Role-Based Access Control (RBAC).
“We didn't invent RBAC, but we wanted to systematize it and standardize it,“ said Richard Kuhn of NIST's Computer Security Division and Barkley's former supervisor. “While we were working on this, John [Barkley] came up with a way to control access by using RBAC within the context of a lengthy, multistep task, and I suggested he patent it.“
The technology would keep medical workers compartmentalized so they could only access health records when they need to, rather than whenever they want.
“Once you've been admitted to the hospital, the admissions staff doesn't necessarily need access to your records anymore. But in many hospitals, those staff members nonetheless continue to have access to every record on file,“ Barkley explained. “Using the algorithm we patented, those staffers would only be able to access your record during admission processing. After that, they would find your information unavailable“”though the doctor who was treating you would still have access to it.“