As the privacy officer of your facility, you have been charged with developing policies and procedures for protecting the confidentiality and security of the clinical data collected in your computerized system. One of the first steps you will take is to judge the value of information processed by your system and classify it. Another step you will need to take is to
A. authorize access to information collected based on level of data sensitivity
B. prevent all non-clinicians' access to any confidential information in the system
C. establish firewalls to protect aggregate data collected within your facility
D. establish passwords for all customers, both internal and external, who request access to the information in your system

As a key component of data security, access control requires authentication to authorize individuals to access the information they are allowed to see and use according to their authorized access to information, needs, and data management. The authorization, needs, and data management have been stated in the developed policies and procedures for protecting the confidentiality and security of the clinical data collected.