An information system that limits the access that NHS staff as a UK facility have to patient care records, including what information can be accessed, how a system user can access it and the system user’s role.
[10.] NIST Computer Security Research Center, "HL7 Role-Based Access Control (RBAC) Role Engineering Process," http://csrc.nist.gov/groups/SNS/rbac/documents/hl7_role-based_access_control_(rbac).pdf accessed Sep.
ABAC is different from other access control models like RBAC because it controls access to information by evaluating rules against attributes of the user and the information, actions allowed, and environmental factors affecting those actions.
There are different types of access control models, including: Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC) and Cryptographic Access Control (CAC) (Blobel & Pharow 2007; Bouhaddou et al.