醫療雲端的資料存取控管機制之研究—以電子病歷為例

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：64

、訪客IP：52.15.80.101

姓名

盧書毅(Shu-yi Lu) 查詢紙本館藏

畢業系所

資訊管理學系

論文名稱

醫療雲端的資料存取控管機制之研究—以電子病歷為例
(Data Access Control Mechanism Study for Medical Cloud - A Case of Electronic Medical Records)

相關論文

★ 專案管理的溝通關鍵路徑探討─以某企業軟體專案為例	★ 運用並探討會議流如何促進敏捷發展過程中團隊溝通與文件化：以T銀行系統開發為例
★ 專案化資訊服務中人力連續派遣決策模式之研究─以高鐵行控資訊設備維護為例	★ 以組織正義觀點介入案件指派決策之研究
★ 應用協調理論建立系統軟體測試中問題改善之協作流程	★ 應用案例式推理於問題管理系統之研究 -以筆記型電腦產品為例
★ 運用限制理論於多專案開發模式的人力資源配置之探討	★ 應用會議流方法於軟體專案開發之個案研究：以翰昇科技公司為例
★ 多重專案、多期再規劃的軟體開發接案決策模式：以南亞科技資訊部門為例	★ 會議導向敏捷軟體開發及系統設計：以大學畢業專題為例
★ 一種基於物件、屬性導向之變更影響分析方法於差異化產品設計	★ 會議流方法對大學畢業專題的團隊合作品質影響之實驗研究
★ 實施敏捷式發展法於大學部畢業專題之行動研究 – 以中央大學資管系為例	★ 建立一個用來評核自然語言需求品質的線上資訊系統
★ 結合本體論與模糊分析網路程序法於軟體測試之風險與風險關聯辨識	★ 在軟體反向工程中針對UML結構模型圖之線上品質評核系統

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

隨著資訊科技的進展，電子化病歷已成為各家醫療院所不可避免的趨勢。藉由電子病歷的推廣不但能夠避免實體病歷於管理與維護上的不易，更能夠減少紙張的消耗以達到無紙化病歷的目標。相對的，各醫療院所必須付出資訊系統導入與建置的成本，且電子病歷將隨著時間的進展而不斷增加，醫療院所也必須持續擴建儲存設備與機房空間，在資訊設備所需供電量龐大的情況下，很容易因為過度擴充而導致資源的浪費。除此之外，規模或資金不足的醫療院所若沒有足夠的資訊化，將成為電子病歷推廣的阻礙。
因此，本研究首先針對相關文獻，分析透過受信任第三方所提供的雲端電子病歷服務之可行性。然而，病歷資料屬於病患的個人隱私，若將其儲存於一個使用者眾多的存取環境下，病患隱私勢必遭受威脅。為此，本研究進一步建立一個在電子病歷於雲端共享訴求下，能夠兼顧病患資料安全的方法。具體而言，本研究嘗試透過以病患為中心的事件觸發授權機制，提出一個Patient-Physician flow的設計，來管理雲端電子病歷存取權限的控制。藉由此機制的控管，除了協助確保病患存在於雲端的病歷資料受到隱私保障之外，亦能夠將醫療人員對雲端電子病歷的存取控制在一個最適當的時間範圍內，以減少雲端資源的消耗。

摘要(英)

With the advance of information technology, implementing electronic medical records (EMRs) have become an inevitable trend of every hospital. The spread of EMRs not only avoid the difficulty in managing and maintenance of paper-based medical records, but also cut down the consumption of paper. However, it will invest high implementation cost on information system and hospital will need to increasingly extend storage device and facility space in order to keep up with the ever growing EMRs. Resources will be wasted due to overextending in this situation. Furthermore, the hospital that has insufficient scale and capital to implement information system could hold back the spread of EMRs.
In this study, we analyze the feasibility of cloud medical records services provided by a trusted third party. Nevertheless, patients’ privacy will be threatened if the EMRs are stored in a multi-tenancy access environment. Therefore, we design a method that is patient-centric event triggered authorization mechanism called Patient-Physician flow to manage the security access control of the cloud medical records. With this mechanism, we not only assure patient’s EMRs privacy on cloud, but also preserving the physicians’ access session within an appropriate period of time to reduce the consumption of cloud resource.

關鍵字(中)

★ 雲端服務
★ 醫療雲
★ 電子病歷
★ 存取控管
★ 工作流

關鍵字(英)

論文目次

摘要 i
Abstract ii
誌謝 iii
目錄 iv
圖目錄 vi
表目錄 vii
公式目錄 viii
第一章緒論 1
1-1 研究背景 1
1-2 研究動機與問題 2
1-3 研究目的 4
1-4 研究假設 5
1-5 論文架構 6
第二章文獻探討 7
2-1 雲端運算與醫療雲 8
2-1-1 雲端運算定義 8
2-1-2 醫療雲概況 11
2-2 電子病歷 12
2-2-1 EMR vs. EHR 12
2-2-2 HL7 CDA R2 14
2-3 雲端資訊安全 16
2-3-1 雲端安全探討 16
2-3-2 醫療雲存取控管現有的作法 18
2-4 工作流 19
第三章研究方法 21
3-1 概念說明 21
3-2 方法設計 23
3-2-1 授權表述式 23
3-2-2 Patient flow 控制存取權限 25
3-2-3 Physician flow 控制存取權限 26
3-2-4 Structural Design 27
3-2-5 Functional Design 29
3-3 Patient-Physician flow vs. Workflow 34
第四章系統展示 35
4-1 個案情境條件設定 35
4-2 病患掛號 36
4-3 醫生新增用藥紀錄 40
4-4 病患置入佇列區 42
4-5 醫生委派病患 44
第五章專家驗證 50
5-1 問卷說明 50
5-2 信度分析 52
5-3 結果探討 54
第六章結論 57
6-1 研究貢獻 57
6-2 研究限制 57
參考文獻 59
附錄 64

參考文獻

中文部分
[1] 行政院衛生署電子病歷推動專區，http://emr.doh.gov.tw/introduction.aspx
[2] 行政院衛生署電子病歷交換中心，http://eec.doh.gov.tw/
[3] 行政院衛生署，民國100年醫療機構現況及醫院醫療服務量統計分析。
[4] 楊沛墩、陳彥臣、黃援傑，2011，電子病歷推動現況及檢討建言，病歷資訊管理，10(2)，3-13。
[5] 梁德昭、梁煌達，2012，可交換性電子病歷之完整性探討，電腦稽核，25，18-31。
[6] 徐嫦娥，簡郁沛，2010，電子病歷之發展及法規政策，病歷資訊管理，9(2)，1-18。
[7] 楊文誌，雲端運算Cloud Computing技術指南，台北：松崗，2010。
[8] 潘天佑，2008，資訊安全概論與實務，台北市：碁峰資訊。
[9] Mather, T., Kumaraswamy, S., and Latif, S. (2012)，胡為君譯，雲端資安與隱私：企業應對風險之道，台北市：碁峰資訊。
英文部分
[1] Amrhein, D. and Quint S. (2009). Cloud computing for the enterprise: Part 1: Capturing the cloud. Available:
http://www.ibm.com/developerworks/websphere/techjournal/0904_amrhein/0904_amrhein.html
[2] Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., and Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
[3] Bertino, E., Paci, F., Ferrini, R., and Shang, N. (2009). Privacy-preserving digital identity management for cloud computing. Data Engineering, 32(1).
[4] Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., and Brandic, I. (2009). Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation computer systems, 25(6), 599-616.
[5] Clavister’s new dimension in network security reaches the Cloud, Clavister White Paper, Oct. 2009.
[6] Colpaert, K., Vanbelleghem, S., Danneels, C., Benoit, D., Steurbaut, K., Van Hoecke, S., De Turck, F., and Decruyenaere, J. (2010). Has information technology finally been adopted in Flemish intensive care units? BMC medical informatics and decision making, 10(1), 62.
[7] Cronbach, L. J. (1951). Coefficient alpha and the internal structure of tests. Psychometrika, 16(3), 297-334.
[8] Dolin, R. H., Alschuler, L., Beebe, C., Biron, P. V., Boyer, S. L., Essin, D., Kimber, E., Lincoln, T., and Mattison, J. E. (2001). The HL7 clinical document architecture. Journal of the American Medical Informatics Association, 8(6), 552-569.
[9] Dolin, R. H., Alschuler, L., Boyer, S., Beebe, C., Behlen, F. M., Biron, P. V., and Shvo, A. S. (2006). HL7 clinical document architecture, release 2. Journal of the American Medical Informatics Association, 13(1), 30-39.
[10] Doukas, C., Pliakas, T., and Maglogiannis, I. (2010, August). Mobile healthcare information management utilizing cloud computing and android OS. InEngineering in Medicine and Biology Society (EMBC), 2010 Annual International Conference of the IEEE (pp. 1037-1040).
[11] Garets, D., and Davis, M. (2006). Electronic medical records vs. electronic health records: Yes, there is a difference. HIMSS Analytics, 2-14.
[12] Garner IT Glossary, Available:
http://www.gartner.com/it-glossary/cloud-computing/
[13] Geelan, J. Twenty-One Experts Define Cloud Computing. Cloud Computing Journal (2009).
[14] Georgakopoulos, D., Hornick, M., & Sheth, A. (1995). An overview of workflow management: from process modeling to workflow automation infrastructure.Distributed and parallel Databases, 3(2), 119-153.
[15] Guo, L., Chen, F., Chen, L., and Tang, X. (2010, April). The building of cloud computing environment for e-health. In E-Health Networking, Digital Ecosystems and Technologies (EDT), 2010 International Conference on (Vol. 1, pp. 89-92).
[16] Guo, Y., Kuo, M. H., and Sahama, T. (2012, December). Cloud computing for healthcare research information sharing. In Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th International Conference on (pp. 889-894).
[17] Hair, J. F., Black, W. C., Babin, B. J., Anderson, R. E., & Tatham, R. L. (2010). Multivariate data analysis (Vol. 7). Upper Saddle River, NJ: Prentice Hall.
[18] Haughton, J. (2011). Year of the underdog: Cloud-based EHRs. Health Manag Technol, 32(1), 9.
[19] Health Insurance Portability and Accountability Act of 1996 (U.S.), Pub. L. No. 104-191, 110 Stat. 1936.
[20] Hoang, D. B., and Chen, L. (2010, December). Mobile cloud for assistive healthcare (MoCAsH). In Services Computing Conference (APSCC), 2010 IEEE Asia-Pacific (pp. 325-332).
[21] Hollingsworth, D., and Hampshire, U. K. (1993). Workflow management coalition the workflow reference model. Workflow Management Coalition, 68.
[22] Hsu, J. T., Hsieh, S. H., Lo, C. C., Hsu, C. H., Cheng, P. H., Chen, S. J., and Lai, F. P. (2011, November). Ubiquitous mobile personal health system based on cloud computing. In TENCON 2011-2011 IEEE Region 10 Conference (pp. 1387-1390).
[23] Jha, A. K., DesRoches, C. M., Campbell, E. G., Donelan, K., Rao, S. R., Ferris, T. G., Shields, A., Rosenbaum, S., and Blumenthal, D. (2009). Use of electronic health records in US hospitals. New England Journal of Medicine, 360(16), 1628-1638.
[24] Kuo, A. M. H. (2011). Opportunities and challenges of cloud computing to improve health care services. Journal of Medical Internet Research, 13(3).
[25] Kuo, M. H. (2012). A Healthcare Cloud Computing Strategic Planning Model. Computer Science and Convergence, 114, 769-775.
[26] Li, M., Yu, S., Ren, K., and Lou, W. (2010). Securing personal health records in cloud computing: Patient-centric and fine-grained data access control in multi-owner settings. In Security and Privacy in Communication Networks (pp. 89-106). Springer Berlin Heidelberg.
[27] Maus, H. (2001). Workflow context as a means for intelligent information support. In Modeling and Using Context (pp. 261-274). Springer Berlin Heidelberg.
[28] Medina-Mora, R., Winograd, T., Flores, R., & Flores, F. (1992, December). The action workflow approach to workflow management technology. In Proceedings of the 1992 ACM conference on Computer-supported cooperative work (pp. 281-288). ACM.
[29] Mell, P. and Grance, T. (2011). The nist definition of cloud computing. Special publication 800-145, National Institute of Standards and Technology. Information Technology Laboratory, September, 800-145.
[30] Popovic, K. and Hocenski, Z. (2010, May). Cloud computing security issues and challenges. In MIPRO, 2010 Proceedings of the 33rd International Convention (pp. 344-349).
[31] Rolim, C. O., Koch, F. L., Westphall, C. B., Werner, J., Fracalossi, A., and Salvador, G. S. (2010, February). A cloud computing solution for patient’s data collection in health care institutions. In eHealth, Telemedicine, and Social Medicine, 2010. ETELEMED’10. Second International Conference on (pp. 95-99).
[32] Ross, J. W., and Westerman, G. (2004). Preparing for utility computing: The role of IT architecture and relationship management. IBM systems journal, 43(1), 5-19.
[33] Schweitzer, E. J. (2012). Reconciliation of the cloud computing model with US federal electronic health record regulations. Journal of the American Medical Informatics Association, 19(2), 161-165.
[34] Stallings, W. (2009). Network security essentials: applications and standards 3rd edition. Pearson Education, Inc.
[35] Subashini, S. and Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1-11.
[36] Takabi, H., Joshi, J. B., and Ahn, G. J. (2010). Security and privacy challenges in cloud computing environments. Security & Privacy, IEEE, 8(6), 24-31.
[37] Teng, C. C., Mitchell, J., Walker, C., Swan, A., Davila, C., Howard, D., and Needham, T. (2010, July). A medical image archive solution in the cloud. InSoftware Engineering and Service Sciences (ICSESS), 2010 IEEE International Conference on (pp. 431-434).
[38] van der Linden, H., Kalra, D., Hasman, A., and Talmon, J. (2009). Inter-organizational future proof EHR systems: A review of the security and privacy related issues. International journal of medical informatics, 78(3), 141-160.
[39] Wang, X., and Tan, Y. (2010, October). Application of cloud computing in the health information system. In Computer Application and System Modeling (ICCASM), 2010 International Conference on (Vol. 1, pp. V1-179).
[40] Weiss, A. (2007). Computing in the clouds. Computing, 16.
[41] What is cloud computing? Available:
http://aws.amazon.com/what-is-cloud-computing/
[42] Workflow Management Coalition, 2013. http://www.wfmc.org/
[43] Yang, C. M., Lin, H. C., Chang, P., and Jian, W. S. (2006). Taiwan’s perspective on electronic medical records’ security and privacy protection: Lessons learned from HIPAA. Computer methods and programs in biomedicine, 82(3), 277-282.
[44] Zhang, R., and Liu, L. (2010, July). Security models and requirements for healthcare application clouds. In Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on (pp. 268-275).
[45] Zhou, M., Zhang, R., Xie, W., Qian, W., and Zhou, A. (2010, November). Security and privacy in cloud computing: A survey. In Semantics Knowledge and Grid (SKG), 2010 Sixth International Conference on (pp. 105-112).
[46] Zissis, D. and Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation Computer Systems, 28(3), 583-592.

指導教授

陳仲儼(Chung-yang Chen)

審核日期

2013-7-25

推文