淡江大學機構典藏:Item 987654321/34122
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 62805/95882 (66%)
Visitors : 3946966      Online Users : 568
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/34122


    Title: 以HIPAA為基礎之強化隱私權保護的電子病歷安全管控
    Other Titles: A security management of electrical patient record based HIPAA with enhanced privacy protection
    Authors: 許桓碩;Hsu, Huan-shuo
    Contributors: 淡江大學資訊管理學系碩士班
    李鴻璋;Lee, Hung-chang
    Keywords: HIPAA;橢圓曲線;病患隱私權;HIPAA;Elliptic Curve Cryptography;patient’s privacy
    Date: 2008
    Issue Date: 2010-01-11 04:56:53 (UTC+8)
    Abstract: 現在越來越多的醫療院所利用資訊科技來提供醫療服務,如何保護極為隱私的病患資訊,也是各大醫療院所對於資訊安全管理上非常重要的課題。於是1996年8月在美國柯林頓總統任內所通過的重要醫療保險可攜性責任法案(HIPAA),此法案制定了在醫療方面的資訊安全規範,以提升整體醫療品質。其中隱私權條文規定了病患對個人的醫療資訊必須擁有更多的控制權利,以及醫療資料的使用與揭露都應該受到管制。
    本研究設計一個符合HIPAA 法案中規範的安全控管要件,滿足電子病歷會有其交流的必要性,同時也需考量到病患不需要將不相干的醫療資訊暴露在醫療人員面前。於是病患與院方之間為了將病歷作安全防護所建立的交談式金鑰,必須建立在病患與各醫科之間。當醫療人員有需要參考病患在其他醫科的病歷時,在應用存取控制的機制下,可透過院方取得該病歷。如果病患在別間醫院仍可以做跨院的病歷交流來取得病歷。
    另外在安全管控演算機制中,應用了橢圓曲線的優點,如執行效率快、安全度更高以及在相同安全度下具有較短的金鑰長度,以建立所需之基本金鑰,實驗數值[13]說明它比DSA演算機制快約30%。
    Nowadays, more and more healthcare providers use information systems to provide healthcare services. How to protect the private patient’s information is an important issue about security management of information to all healthcare providers. The Health Insurance Portability and Accountability Act enacted by the United State Congress in August, 1996, is the Federal Law which applies to the U.S healthcare industry. HIPAA specifies the guideline about health information security to enhance the healthcare quality. The regulations about patient’s privacy specifically indicate that the patients should have more power to control themselves’ health record, and the use and the disclosure of health information should be under the control safely.
    This research is to design a management of security to comply with HIPAA, to satisfy the necessity to exchange the electrical patient’s record, and to consider that the patients don’t need to disclosure the irrelevant health information to the healthcare workers. Therefore the session keys are made between the patient and each department of the hospital. If healthcare workers need to refer to the patient’s record in other department, they can get the record through the hospital using the mechanism of access control. Even the record is in other hospital, they are still able to get the record through the mechanism of interflow of electrical patient’s record between hospitals.
    Besides, the mechanism of security uses the advantage of elliptic curve cryptography, ex. better efficiency, stringer security, and shorter key length under the same security level. For the time cost establishing the key, the experiment result [13] shows that elliptic curve cryptography is quicker than DSA mechanism about 30%
    Appears in Collections:[Graduate Institute & Department of Information Management] Thesis

    Files in This Item:

    File SizeFormat
    0KbUnknown376View/Open

    All items in 機構典藏 are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback