提升病患隱私權之醫療資訊即時安全認證機制

10.30007/JICTA.201201.0004

陳志達；黃建勛

醫療資訊電子化 ； HL7 ； 電子病歷 ； 病患隱私權 ； 電子病歷交換 ； Electronic Medical Information ； Health Level Seven(HL7) ； Electronic Medical Records(EMR) ； Patient Privacy ； Electronic Medical Records Exchange

電腦稽核

25期（2012 / 01 / 01）

44 - 56

繁體中文

近年來，由於科技資訊產業蓬勃發展與網路普及率的大幅提升，使得政府、企業內部各項作業方式乃至於民眾生活型態都快速朝向數位化、資訊化的方向發展邁進。行政院衛生署達到簡化醫療作業流程、降低人事與資訊管理成本、提昇醫療服務品質與行政效率等多項目標，規劃藉由HL7國際標準將現有國內各醫療機構院所各式各樣的醫療資訊格式統一，以利未來醫療電子資訊能於各院所間交換使用，充分發揮醫療資源與提高醫療服務品質。雖然醫療資訊電子化對醫療產業帶來無窮願景，但亦伴隨著病患個人私密醫療資訊於儲存、交換與傳輸過程中安全維護上的隱憂，醫療院所要確保醫療電子資訊不致外洩或不遭不肖人士竊取、偽造與竄改，導致侵犯病患個人隱私情事發生，除了醫療電子資訊儲存安全外亦應考量病患救治與診療時效上有著無法延誤的急迫性，所以醫療資訊系統應具備較高的系統運作效能與即時性以符合實務所需，這都是在醫療資訊電子化推展過程中值得探討與研究的議題。目前，電子媒體資訊或檔案在存取過程中都僅針對資訊存取者作身分認證及存取紀錄稽核，但因醫療電子資訊大都牽涉病患個人隱私，倘若套用過去傳統認證稽核機制，則可能導致病患隱私權保障上的問題，所以本研究提出以病患角度思考為出發點，設計出一個於電子病歷交換傳輸或存取過程中加入病患授權認證機制，藉以賦予病患維護個人隱私之權力，也讓醫療電子資訊在交換存取過程中多一層安全保障機制，以建構一個安全、有效率且以人為本的即時性電子病歷交換及醫療資訊共享平台與環境。

In recent years, development of information industry as technology and network coverage improved dramatically, making the government, business practices and even the life style people have to quickly toward digital, information-oriented direction; the Department of Health simplifying processes for healthcare, lower costs and improve administrative efficiency, HL7 international standards through existing national institutions of the various medical institutions in a unified format for medical information to facilitate future medical electronic information can be exchanged between the various institutions use of medical resources and give full play to improve health care quality. Although electronic medical information for health care, bring profound vision, but also for the patients along with the personal privacy of medical information in the storage, exchange and transmission during the maintenance of security worries, so how to avoid information leakage or medical electronics was not evil individuals theft, forgery and tampering led to violations of patient privacy violations occur in the process of electronic medical information to promote the study of the subject worth exploring. At present, the electronic media to access information or file in the process of information access are only for authentication and access to those records for audit, but most involve the patient medical electronics and information privacy, if applied to the traditional certification audit mechanism, may lead to patient privacy protection issues, so we propose to stand in patient perspective as a starting point to design a transfer or exchange of electronic medical records in the process of adding patients to access authorization authentication mechanism to empower patients to protection of personal privacy of patient power, but also to health care access electronic information exchange process in the multi-layer security mechanisms to build a safe, efficient and people-oriented exchange of electronic medical records and medical information sharing platform and environment.