Multi-Tier Role Based Access for Secure and Flexible Syndromic Surveillance


NC DETECT receives data on at least a daily basis from five data sources: emergency departments (ED), the statewide poison center (CPC), the statewide EMS data collection system, a regional wildlife center and laboratories from the NC State College of Veterinary Medicine.  A Web portal is available to users at state, regional and local levels and provides syndromic surveillance reports as well as reports for broader public health surveillance such as injury, occupational health, and post-disaster.  The current portal is built on access controls initially designed in 2002 for hospital-based users only.  The role-based access was modified slightly in 2004 to accommodate public health epidemiologists (PHEs) at the local, regional and state levels who wanted county-based report access.  The design used, however, was shortsighted and limited.  For example, the controls cannot accommodate certain users’ access to non-ED data sources as well as the ability to retrieve protected health information (PHI) via the portal when needed for investigation.  These evolving user needs have led to a full system redesign with a much more robust security model.


This paper describes the role-based access used in the North Carolina Disease Event Tracking and Epidemiologic Collection Tool (NC DETECT) Web portal for early event detection and timely public health surveillance.

Primary Topic Areas: 
Original Publication Year: 
Event/Publication Date: 
October, 2006

July 30, 2018

Contact Us

NSSP Community of Practice



This website is supported by Cooperative Agreement # 6NU38OT000297-02-01 Strengthening Public Health Systems and Services through National Partnerships to Improve and Protect the Nation's Health between the Centers for Disease Control and Prevention (CDC) and the Council of State and Territorial Epidemiologists. Its contents are solely the responsibility of the authors and do not necessarily represent the official views of CDC. CDC is not responsible for Section 508 compliance (accessibility) on private websites.

Site created by Fusani Applications