適用於醫療資訊之個人健康紀錄的安全存取控制系統

Abstract

資訊科技在臨床的應用已行之有年，醫療資訊系統不僅能減少醫護人員之醫療疏失、即時提供個人就醫紀錄史，還能提高就醫品質。維護醫療資訊需仰賴醫療資訊系統服務，避免洩漏重要個資和不當使用。現今越來越多的醫療組織需要強大且完善的醫療資訊管理系統，以提供優質的醫療服務，進而提升客戶滿意度，因此資訊管理者的任務就在於建立醫療組織可靠資料儲存平台。 已開發國家建立相關組織規範電子病歷的準則，有助於個人健康紀錄的推展。結合網際網路以及可攜式媒體發展出新興型態之個人健康紀錄，以提供完整且無誤的個人健康與醫療歷史資訊。當智慧型行動裝置愈加普及，其衍伸出的資訊安全防護需求也開始於市場醞釀，為防範網路上的惡意攻擊，必需建立一個有效且安全的存取機制。其中檔案管理機制成為資訊分享過程的關鍵。 本論文使用存取控制和Lagrange插值法以提出一個存取控制機制，來確保醫療資訊分享的安全性與機密性。個人健康紀錄 (PHR) 為患者相當隱私的健康醫療資訊，其隱私設定及存取權限必須嚴格控管。此外，個人健康紀錄系統讓合法使用者存取以外，也必須避免無權限或外部使用者非法存取。 因此，本論文是以攻擊者的角度進行安全性分析；本論文所提出的存取控制與金鑰管理機制可有效且全面性地保護各醫療院所分享的醫療資訊。

As information technology has been applied to clinics for years, medical information systems have revolutionized medical matters to instantly provide a history of personal medical records, which brings a new breakthrough in avoiding mistakes and also improves the quality of medical services at the same time. Well-designed medical information systems are required by a lot of health care institutions than before for providing high-quality health care services and enhancing customer satisfaction. Therefore, information managers are entrusted to build reliable data storage platforms for health care institutions. Many developed countries establish relevant organizations with electronic medical record standards that help the development of personal health records. Personal health records are patients’ health care information, which can integrate health records from various sources and provide complete personal health information through the Internet or portable media. Along with the popularity of smart mobile devices, the need for information security protection emerges in medical application. Secure access control promotes the effectiveness of information sharing under secure conditions. A secure access control system plays a major role in the process of sharing data. Through controlling access based on lagrange interpolation, a mechanism suitable for clinic is proposed to ensure the security and confidentiality of health care information mentioned. To protect private information, privacy settings and access authority are strictly controlled. Aside from providing users with access authority for reasonable access, the personal health record system should be able to avoid illegal access from external users or any others without authority. his study reaches the security mechanism from the perspective of hackers. According to the analysis results, the access control management mechanism proposed in this study can protect presonal health record information efficiently and share among different medical institutions.