• 系統編號 RN9611-0715
• 計畫中文名稱 整合以角色為基礎之醫療通訊存取與憑證控制之研究
• 計畫英文名稱 A Study of Role Based Access and Certificate Control for Medical Information Communication
• 主管機關 行政院國家科學委員會 • 計畫編號 NSC94-2213-E038-002
• 執行機構 台北醫學大學醫學資訊研究所
• 本期期間 9408 ~ 9507
• 報告頁數 6 頁 • 使用語言 中文
• 研究人員 劉立; 吳啟誠; 吳志雄 Liu, Li; Wu, Chih-Hsiung; Wu, Chih-Hsiung
• 中文關鍵字 電子病歷
• 英文關鍵字 Electronic medical record; PKI; HCA; RBAC; RBCC
• 中文摘要
由於醫療資訊系統不斷進步,各種醫療記錄之數位化程度日增,對於病患就醫流程之便利性具有正面效益,但病患就醫資料安全性則更顯重要。為 了符合安全需求,衛生署建立以公開金鑰(Public Key Infrastructure, PKI)為基礎的醫療電子認證機制,並已完成建置「醫療憑證管理中心」,配合推
廣使用『醫事機構』及『醫事人員』憑證IC 卡。然電子病歷需要由不同角色的醫事人員填寫不同部分,如醫師填寫醫囑、檢驗技師填寫檢驗報告,醫
事人員有權存取自身負責之電子病歷區塊,利用PKI 憑證可確保醫事人員身份正確性與電子病歷的不可否認性,若進一步把 Role based 觀念結合
憑證應用在電子病歷之中。利用RBAC 將角色事先授與特定使用者,並對角色授以符合該角色的權限,與制定適當的存取控制政策,如此使用者就
可依被授予的角色來進行電子病歷區塊的存取活動。本研究預期整合Role Based Access Control 和 Role Based Certificate Control 機制,使憑證與角
色授權能整合應用在電子病歷之製作、使用、擷取、交換與儲存的過程。利用PKI 與 HCA 機制整合 RBAC 完成 RBCC 機制來確保每個醫事人員的存
取權並將活動過程完整紀錄,提昇電子病歷的完整性與安全性,更能為以後醫療院所間的電子病歷交換奠定基礎。
• 英文摘要 In recent years, the digitized information has been gradually increased that makes clinical procedure more effective for patients who need medical services.
Though digitization enhances medical process, it also brings another security issue for data communication and transmission. To meet the secure requirement for data transmission, Department of Health has established the PKI (Public Key Infrastructure) based mechanism for medical electronic verification and authentication. Further, the "Medical Certificate Management Center" has been completed to promote the Healthcare Institutional Card and Healthcare Professional Card. The electronic medical record is completed by different medical professionals during different clinical process. The PKI certificate ensures the identification of medical professional and the non-repudiation of electronic medical record during process. If the role-based concept could be integrated with certificate and applied in electronic medical record, system can then define and authorize in advance different medical professionals for data access and
retrieval according to role-based access control (RBAC). This project expects to integrate the mechanism for both Role Based Access Control (RBAC) and Role Based Certificate Control (RBCC) ; this effort will enhance the integration of certificate and role authorization during data production, usage, retrieval, exchange and storage for electronic medical records. The other side, by applying the PKI and HCA, integrating RBAC to achieve RBCC, all activities of data access, retrieval and storage during medical process can be then well recorded and managed.
