Data access control is an important topic in Information Assurance (IA) curriculum. This paper presents a case study of the data access control for health information system. This case study is developed to enhance IA education by providing conceptual information that is relevant and parallel the materials that are learned in the classroom. The case study objective, materials and discussion questions are developed. Students will be able read the case study materials and answer questions based on their reading. The learning goal of this case study is to help students understand the need for data access control, the technologies that are proposed, and how they protect the data's confidentiality, integrity, authentication and non-repudiation. This case study materials can be used in Network Security, Web Security, Data Access Control related undergraduate courses.