為醫療資訊系統建置可設定式資料存取控管之探討 Toward Configurable Access Control for Healthcare Information Systems

(1)

為醫療資訊系統建置可設定式資料存取控管之探討

Toward Configurable Access Control for Healthcare Information Systems

陳恭^a 王大為^b Kung Chen^a and Da-Wei Wang^b

a國立政治大學資訊科學系

aDepartment of Computer Science, National Chengchi University

b中央研究院資訊科學研究所

bInstitute of Information Science, Academia Sinica

Abstract

This paper examines the necessity and challenges of providing configurable access control for healthcare information systems (HIS). We discuss both technical issues of system development and non-technical issues specific to Taiwan. We present a framework based on granularity and implementation technology to compare different implementation approaches to access control. The shortcomings in current software practices are identified and aspect-oriented programming (AOP) is introduced as a promising alternative. We also highlight the directions for moving forward and advocate forming an information technology consortium to pool the resources for developing an advanced solution.

Keywords: access control, aspect-oriented programming, healthcare information systems, electronic health record

105