Yes. All individuals and organizations with some form of access to the computerized data bases, and the level of access permitted, should be specifically identified in advance. Full disclosure of this information to the patient is necessary in obtaining informed consent to treatment. Patient data should be assigned a security level appropriate for the data's degree of sensitivity, which should be used to control who has access to the information.