隨著資訊科技的進展,電子化病歷已成為各家醫療院所不可避免的趨勢。藉由電子病歷的推廣不但能夠避免實體病歷於管理與維護上的不易,更能夠減少紙張的消耗以達到無紙化病歷的目標。相對的,各醫療院所必須付出資訊系統導入與建置的成本,且電子病歷將隨著時間的進展而不斷增加,醫療院所也必須持續擴建儲存設備與機房空間,在資訊設備所需供電量龐大的情況下,很容易因為過度擴充而導致資源的浪費。除此之外,規模或資金不足的醫療院所若沒有足夠的資訊化,將成為電子病歷推廣的阻礙。 因此,本研究首先針對相關文獻,分析透過受信任第三方所提供的雲端電子病歷服務之可行性。然而,病歷資料屬於病患的個人隱私,若將其儲存於一個使用者眾多的存取環境下,病患隱私勢必遭受威脅。為此,本研究進一步建立一個在電子病歷於雲端共享訴求下,能夠兼顧病患資料安全的方法。具體而言,本研究嘗試透過以病患為中心的事件觸發授權機制,提出一個Patient-Physician flow的設計,來管理雲端電子病歷存取權限的控制。藉由此機制的控管,除了協助確保病患存在於雲端的病歷資料受到隱私保障之外,亦能夠將醫療人員對雲端電子病歷的存取控制在一個最適當的時間範圍內,以減少雲端資源的消耗。 With the advance of information technology, implementing electronic medical records (EMRs) have become an inevitable trend of every hospital. The spread of EMRs not only avoid the difficulty in managing and maintenance of paper-based medical records, but also cut down the consumption of paper. However, it will invest high implementation cost on information system and hospital will need to increasingly extend storage device and facility space in order to keep up with the ever growing EMRs. Resources will be wasted due to overextending in this situation. Furthermore, the hospital that has insufficient scale and capital to implement information system could hold back the spread of EMRs. In this study, we analyze the feasibility of cloud medical records services provided by a trusted third party. Nevertheless, patients’ privacy will be threatened if the EMRs are stored in a multi-tenancy access environment. Therefore, we design a method that is patient-centric event triggered authorization mechanism called Patient-Physician flow to manage the security access control of the cloud medical records. With this mechanism, we not only assure patient’s EMRs privacy on cloud, but also preserving the physicians’ access session within an appropriate period of time to reduce the consumption of cloud resource.