跳到主要內容

簡易檢索 / 詳目顯示

回結果列表
研究生: 盧書毅
Shu-yi Lu
論文名稱: 醫療雲端的資料存取控管機制之研究—以電子病歷為例
Data Access Control Mechanism Study for Medical Cloud - A Case of Electronic Medical Records
指導教授: 陳仲儼
Chung-yang Chen
口試委員:
學位類別: 碩士
Master
系所名稱: 管理學院 - 資訊管理學系
Department of Information Management
論文出版年: 2013
畢業學年度: 101
語文別: 中文
論文頁數: 78
中文關鍵詞: 雲端服務醫療雲電子病歷存取控管工作流
相關次數: 點閱:10下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 隨著資訊科技的進展,電子化病歷已成為各家醫療院所不可避免的趨勢。藉由電子病歷的推廣不但能夠避免實體病歷於管理與維護上的不易,更能夠減少紙張的消耗以達到無紙化病歷的目標。相對的,各醫療院所必須付出資訊系統導入與建置的成本,且電子病歷將隨著時間的進展而不斷增加,醫療院所也必須持續擴建儲存設備與機房空間,在資訊設備所需供電量龐大的情況下,很容易因為過度擴充而導致資源的浪費。除此之外,規模或資金不足的醫療院所若沒有足夠的資訊化,將成為電子病歷推廣的阻礙。
    因此,本研究首先針對相關文獻,分析透過受信任第三方所提供的雲端電子病歷服務之可行性。然而,病歷資料屬於病患的個人隱私,若將其儲存於一個使用者眾多的存取環境下,病患隱私勢必遭受威脅。為此,本研究進一步建立一個在電子病歷於雲端共享訴求下,能夠兼顧病患資料安全的方法。具體而言,本研究嘗試透過以病患為中心的事件觸發授權機制,提出一個Patient-Physician flow的設計,來管理雲端電子病歷存取權限的控制。藉由此機制的控管,除了協助確保病患存在於雲端的病歷資料受到隱私保障之外,亦能夠將醫療人員對雲端電子病歷的存取控制在一個最適當的時間範圍內,以減少雲端資源的消耗。

    With the advance of information technology, implementing electronic medical records (EMRs) have become an inevitable trend of every hospital. The spread of EMRs not only avoid the difficulty in managing and maintenance of paper-based medical records, but also cut down the consumption of paper. However, it will invest high implementation cost on information system and hospital will need to increasingly extend storage device and facility space in order to keep up with the ever growing EMRs. Resources will be wasted due to overextending in this situation. Furthermore, the hospital that has insufficient scale and capital to implement information system could hold back the spread of EMRs.
    In this study, we analyze the feasibility of cloud medical records services provided by a trusted third party. Nevertheless, patients’ privacy will be threatened if the EMRs are stored in a multi-tenancy access environment. Therefore, we design a method that is patient-centric event triggered authorization mechanism called Patient-Physician flow to manage the security access control of the cloud medical records. With this mechanism, we not only assure patient’s EMRs privacy on cloud, but also preserving the physicians’ access session within an appropriate period of time to reduce the consumption of cloud resource.

    摘要 i Abstract ii 誌謝 iii 目錄 iv 圖目錄 vi 表目錄 vii 公式目錄 viii 第一章 緒論 1 1-1 研究背景 1 1-2 研究動機與問題 2 1-3 研究目的 4 1-4 研究假設 5 1-5 論文架構 6 第二章 文獻探討 7 2-1 雲端運算與醫療雲 8 2-1-1 雲端運算定義 8 2-1-2 醫療雲概況 11 2-2 電子病歷 12 2-2-1 EMR vs. EHR 12 2-2-2 HL7 CDA R2 14 2-3 雲端資訊安全 16 2-3-1 雲端安全探討 16 2-3-2 醫療雲存取控管現有的作法 18 2-4 工作流 19 第三章 研究方法 21 3-1 概念說明 21 3-2 方法設計 23 3-2-1 授權表述式 23 3-2-2 Patient flow 控制存取權限 25 3-2-3 Physician flow 控制存取權限 26 3-2-4 Structural Design 27 3-2-5 Functional Design 29 3-3 Patient-Physician flow vs. Workflow 34 第四章 系統展示 35 4-1 個案情境條件設定 35 4-2 病患掛號 36 4-3 醫生新增用藥紀錄 40 4-4 病患置入佇列區 42 4-5 醫生委派病患 44 第五章 專家驗證 50 5-1 問卷說明 50 5-2 信度分析 52 5-3 結果探討 54 第六章 結論 57 6-1 研究貢獻 57 6-2 研究限制 57 參考文獻 59 附錄 64

    中文部分
    [1] 行政院衛生署電子病歷推動專區,http://emr.doh.gov.tw/introduction.aspx
    [2] 行政院衛生署電子病歷交換中心,http://eec.doh.gov.tw/
    [3] 行政院衛生署,民國100年醫療機構現況及醫院醫療服務量統計分析。
    [4] 楊沛墩、陳彥臣、黃援傑,2011,電子病歷推動現況及檢討建言,病歷資訊管理,10(2),3-13。
    [5] 梁德昭、梁煌達,2012,可交換性電子病歷之完整性探討,電腦稽核,25,18-31。
    [6] 徐嫦娥,簡郁沛,2010,電子病歷之發展及法規政策,病歷資訊管理,9(2),1-18。
    [7] 楊文誌,雲端運算Cloud Computing技術指南,台北:松崗,2010。
    [8] 潘天佑,2008,資訊安全概論與實務,台北市:碁峰資訊。
    [9] Mather, T., Kumaraswamy, S., and Latif, S. (2012),胡為君譯,雲端資安與隱私:企業應對風險之道,台北市:碁峰資訊。

    英文部分
    [1] Amrhein, D. and Quint S. (2009). Cloud computing for the enterprise: Part 1: Capturing the cloud. Available:
    http://www.ibm.com/developerworks/websphere/techjournal/0904_amrhein/0904_amrhein.html
    [2] Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., and Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
    [3] Bertino, E., Paci, F., Ferrini, R., and Shang, N. (2009). Privacy-preserving digital identity management for cloud computing. Data Engineering, 32(1).
    [4] Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., and Brandic, I. (2009). Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation computer systems, 25(6), 599-616.
    [5] Clavister’s new dimension in network security reaches the Cloud, Clavister White Paper, Oct. 2009.
    [6] Colpaert, K., Vanbelleghem, S., Danneels, C., Benoit, D., Steurbaut, K., Van Hoecke, S., De Turck, F., and Decruyenaere, J. (2010). Has information technology finally been adopted in Flemish intensive care units? BMC medical informatics and decision making, 10(1), 62.
    [7] Cronbach, L. J. (1951). Coefficient alpha and the internal structure of tests. Psychometrika, 16(3), 297-334.
    [8] Dolin, R. H., Alschuler, L., Beebe, C., Biron, P. V., Boyer, S. L., Essin, D., Kimber, E., Lincoln, T., and Mattison, J. E. (2001). The HL7 clinical document architecture. Journal of the American Medical Informatics Association, 8(6), 552-569.
    [9] Dolin, R. H., Alschuler, L., Boyer, S., Beebe, C., Behlen, F. M., Biron, P. V., and Shvo, A. S. (2006). HL7 clinical document architecture, release 2. Journal of the American Medical Informatics Association, 13(1), 30-39.
    [10] Doukas, C., Pliakas, T., and Maglogiannis, I. (2010, August). Mobile healthcare information management utilizing cloud computing and android OS. InEngineering in Medicine and Biology Society (EMBC), 2010 Annual International Conference of the IEEE (pp. 1037-1040).
    [11] Garets, D., and Davis, M. (2006). Electronic medical records vs. electronic health records: Yes, there is a difference. HIMSS Analytics, 2-14.
    [12] Garner IT Glossary, Available:
    http://www.gartner.com/it-glossary/cloud-computing/
    [13] Geelan, J. Twenty-One Experts Define Cloud Computing. Cloud Computing Journal (2009).
    [14] Georgakopoulos, D., Hornick, M., & Sheth, A. (1995). An overview of workflow management: from process modeling to workflow automation infrastructure.Distributed and parallel Databases, 3(2), 119-153.
    [15] Guo, L., Chen, F., Chen, L., and Tang, X. (2010, April). The building of cloud computing environment for e-health. In E-Health Networking, Digital Ecosystems and Technologies (EDT), 2010 International Conference on (Vol. 1, pp. 89-92).
    [16] Guo, Y., Kuo, M. H., and Sahama, T. (2012, December). Cloud computing for healthcare research information sharing. In Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th International Conference on (pp. 889-894).
    [17] Hair, J. F., Black, W. C., Babin, B. J., Anderson, R. E., & Tatham, R. L. (2010). Multivariate data analysis (Vol. 7). Upper Saddle River, NJ: Prentice Hall.
    [18] Haughton, J. (2011). Year of the underdog: Cloud-based EHRs. Health Manag Technol, 32(1), 9.
    [19] Health Insurance Portability and Accountability Act of 1996 (U.S.), Pub. L. No. 104-191, 110 Stat. 1936.
    [20] Hoang, D. B., and Chen, L. (2010, December). Mobile cloud for assistive healthcare (MoCAsH). In Services Computing Conference (APSCC), 2010 IEEE Asia-Pacific (pp. 325-332).
    [21] Hollingsworth, D., and Hampshire, U. K. (1993). Workflow management coalition the workflow reference model. Workflow Management Coalition, 68.
    [22] Hsu, J. T., Hsieh, S. H., Lo, C. C., Hsu, C. H., Cheng, P. H., Chen, S. J., and Lai, F. P. (2011, November). Ubiquitous mobile personal health system based on cloud computing. In TENCON 2011-2011 IEEE Region 10 Conference (pp. 1387-1390).
    [23] Jha, A. K., DesRoches, C. M., Campbell, E. G., Donelan, K., Rao, S. R., Ferris, T. G., Shields, A., Rosenbaum, S., and Blumenthal, D. (2009). Use of electronic health records in US hospitals. New England Journal of Medicine, 360(16), 1628-1638.
    [24] Kuo, A. M. H. (2011). Opportunities and challenges of cloud computing to improve health care services. Journal of Medical Internet Research, 13(3).
    [25] Kuo, M. H. (2012). A Healthcare Cloud Computing Strategic Planning Model. Computer Science and Convergence, 114, 769-775.
    [26] Li, M., Yu, S., Ren, K., and Lou, W. (2010). Securing personal health records in cloud computing: Patient-centric and fine-grained data access control in multi-owner settings. In Security and Privacy in Communication Networks (pp. 89-106). Springer Berlin Heidelberg.
    [27] Maus, H. (2001). Workflow context as a means for intelligent information support. In Modeling and Using Context (pp. 261-274). Springer Berlin Heidelberg.
    [28] Medina-Mora, R., Winograd, T., Flores, R., & Flores, F. (1992, December). The action workflow approach to workflow management technology. In Proceedings of the 1992 ACM conference on Computer-supported cooperative work (pp. 281-288). ACM.
    [29] Mell, P. and Grance, T. (2011). The nist definition of cloud computing. Special publication 800-145, National Institute of Standards and Technology. Information Technology Laboratory, September, 800-145.
    [30] Popovic, K. and Hocenski, Z. (2010, May). Cloud computing security issues and challenges. In MIPRO, 2010 Proceedings of the 33rd International Convention (pp. 344-349).
    [31] Rolim, C. O., Koch, F. L., Westphall, C. B., Werner, J., Fracalossi, A., and Salvador, G. S. (2010, February). A cloud computing solution for patient's data collection in health care institutions. In eHealth, Telemedicine, and Social Medicine, 2010. ETELEMED'10. Second International Conference on (pp. 95-99).
    [32] Ross, J. W., and Westerman, G. (2004). Preparing for utility computing: The role of IT architecture and relationship management. IBM systems journal, 43(1), 5-19.
    [33] Schweitzer, E. J. (2012). Reconciliation of the cloud computing model with US federal electronic health record regulations. Journal of the American Medical Informatics Association, 19(2), 161-165.
    [34] Stallings, W. (2009). Network security essentials: applications and standards 3rd edition. Pearson Education, Inc.
    [35] Subashini, S. and Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1-11.
    [36] Takabi, H., Joshi, J. B., and Ahn, G. J. (2010). Security and privacy challenges in cloud computing environments. Security & Privacy, IEEE, 8(6), 24-31.
    [37] Teng, C. C., Mitchell, J., Walker, C., Swan, A., Davila, C., Howard, D., and Needham, T. (2010, July). A medical image archive solution in the cloud. InSoftware Engineering and Service Sciences (ICSESS), 2010 IEEE International Conference on (pp. 431-434).
    [38] van der Linden, H., Kalra, D., Hasman, A., and Talmon, J. (2009). Inter-organizational future proof EHR systems: A review of the security and privacy related issues. International journal of medical informatics, 78(3), 141-160.
    [39] Wang, X., and Tan, Y. (2010, October). Application of cloud computing in the health information system. In Computer Application and System Modeling (ICCASM), 2010 International Conference on (Vol. 1, pp. V1-179).
    [40] Weiss, A. (2007). Computing in the clouds. Computing, 16.
    [41] What is cloud computing? Available:
    http://aws.amazon.com/what-is-cloud-computing/
    [42] Workflow Management Coalition, 2013. http://www.wfmc.org/
    [43] Yang, C. M., Lin, H. C., Chang, P., and Jian, W. S. (2006). Taiwan's perspective on electronic medical records' security and privacy protection: Lessons learned from HIPAA. Computer methods and programs in biomedicine, 82(3), 277-282.
    [44] Zhang, R., and Liu, L. (2010, July). Security models and requirements for healthcare application clouds. In Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on (pp. 268-275).
    [45] Zhou, M., Zhang, R., Xie, W., Qian, W., and Zhou, A. (2010, November). Security and privacy in cloud computing: A survey. In Semantics Knowledge and Grid (SKG), 2010 Sixth International Conference on (pp. 105-112).
    [46] Zissis, D. and Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation Computer Systems, 28(3), 583-592.

    QR CODE
    :::