One can implement HIPAA in a proprietary manner or use standards, in particular DICOM, and the profile definitions as described in IHE. To provide a homogeneous and consistent infrastructure that can facilitate different vendors, it makes sense to use standard solutions.
Security implementation on a device is typically divided into four categories. One of the four categories is Authorization.
After a system has determined a person's identity, the next step is to find out what information he or she has access to, based on a certain user profile or role. For example, a file room clerk will most likely have a different profile from a nurse. This is known as role based authorization.