As your medical practice grows, so does your team of employees so that you, as the healthcare practitioner, can focus on your patients and perform your routine duties. Without a proper access control system in place employing new employees will only increase security risks. 

But by introducing a role-based access control model, or RBAC, you will be able to define roles and limit access to functions and information accordingly. 

The GoodX Web App has predefined roles with predefined user access setup to make it easy for practices to get going on the system without too much consultation.

We will be explaining what RBAC is and how it can improve your security and control, to ensure that you run a successful practice. An example will be shown to show you the bigger picture of what a basic RBAC model can look like for a medical practice.  

Table of Contents

  1. What is Role-Based Access Control?
  2. Why is RBAC Important?
  3. 6 Benefits of RBAC 
  4. Example of RBAC for a Medical Practice

What is Role-Based Access Control? 

Role-based access control (RBAC) is a security approach that restricts network access based on a person’s role within the healthcare facility. The role in RBAC refers to the different levels of access that employees have to the network.

Employees are granted access to information that is necessary to effectively perform their duties. Thus, the role that the employee has in the practice and their responsibilities are the deciding factors when giving access to certain information. 

Why is RBAC Important?

This type of access control is vital in the healthcare industry. Vast amounts of sensitive information is created during a treatment process and the access to this information is important for the continued care of the patient. 

Confidentiality is the main concern when it comes to patients clinical information. It’s of the utmost importance that such information is protected from unauthorised access and, therefore, misuse. 

The risks are high when an employee is given wrongful access to a system, however, a non-employee gaining access due to a lack of security measures is a higher risk altogether. 

6 Benefits of RBAC 

Security is easily maintained by limiting unnecessary access to sensitive information based on each user’s role within the facility. Other advantages include: 

  1. Compliance – All organisations are subject to rules and regulations, and with RBAC, companies can meet with these rules and regulations on privacy and confidentiality with more ease. 
  2. Access Control – Owners will be able to better manage and control the access that their employees have to sensitive and confidential information. 
  3. Role Definition – A RBAC system might assist in proper role definition and responsibility clarification. Thus, users/employees will be able to perform better knowing what their responsibilities are and what role they have to play. 
  4. Time Management – Superusers can quickly add and/or change roles and implement them globally across the system, given that this is approved by the owner. 
  5. Administrative Tasks – The benefit mentioned above can branch out into the reduction of human error and thus, the reduction in time spent on administrative tasks. A bonus is the reduction of paperwork. 
  6. IT Support – Less support is needed from IT when a proper RBAC system is introduced into a company that can be easily implemented and regulated.  

Example of RBAC in a Medical Practice

As we have mentioned before, the GoodX Web App has predefined roles with predefined user access to make it easy for a practice to get going on the system without too much consultation. 

If a user fulfils more than one role in a practice, more than one role can be linked to the user and all the user’s access will compound to give the user access to all of the access linked to the roles that they are linked to.

In the Web App:

  • Users can be linked to one or more Entities;
  • Users can be linked to one or more system Roles per Entity (the default roles are described below) and they can be directly linked to Groups. This means that one user can have different system roles/access for each entity.
  • Roles can be linked to one or more Groups, which are the basic system access items that provide access to functions/actions and information in the software.

Here follows an example of how Entities, Users, Roles and Groups (actions) can be linked in the Web App:

In this example, Doctor A and Doctor B have their own practices but share one reception area: 

  • User 1 – Doctor A is working in Practice A as a Practitioner in Entity 1. His access is set to the Practitioner role.
  • User 3 – Doctor B is working in Practice B as a Practitioner in Entity 2. His access is set to the Practitioner role.
  • User 2 – User 2 works in the reception area. She fulfils the role of Practice Manager for Practice A with all the access available to fulfil her duties as a practice manager. However, she works only as Receptionist and Cashier for Practice B, with the added ability to reverse the receipts that she captures for her role as Cashier.

Click here to read more about the type of roles that exist in a practice and what responsibilities are associated with each. 


In this post, we learned what a RBAC system is, why it’s important, the benefits thereof as well as an example that one can use in a medical practice. A pro-tip that we can provide you is to invest in a proper system to ensure adequate practice, employee, and patient security and privacy. Click here to learn more about GoodX Web and what type of access we can offer.