電子化醫療資訊系統的安全策略與隱私權保障

Security Policy and Privacy Protection of Electronic Medical Information System

許寬宏(Kuan-Hung Hsu)；黃耀民(Yao-Ming Huang)；吳鎮宇(Zhen-Yu Wu)；陳澤雄(Tzer-Shyong Chen)

電子醫療 ； 電子病歷 ； 電子處方箋 ； 醫療資訊系統 ； Electronic medical treatments ； Electronic patient records ； Electronic prescriptions ； Medical information system

資訊安全通訊

26卷3期（2020 / 08 / 01）

20 - 50

繁體中文

網路發展經年，應用面向日漸繁複，相關技術也趨於多樣化，相對於醫療的應用，資訊技術的意義在於擴大醫療資訊的臨床輔助功能。數位化醫療所涵蓋的範圍，包括電子病歷、電子處方箋、醫療資訊系統等，各種相關系統的資料處理結構與格式的研究雖趨於成熟，但整合性不足，因此，本研究提出一個整合醫療資訊系統，使跨醫療院所之間的電子病歷交換可以安全的進行，並且透過密碼機制的設計，保障病患與醫師的隱私權，但也提供主管機關的查核追蹤機制。藉此，醫療資訊系統或可發展為全面性的功能，免除人工單據的傳遞，維持病患就醫資訊的安全性，因此可以降低、甚或免除後續護理、藥劑、技術人員等可能的人為失誤，不但可以改善醫療品質，同時也是醫務管理上不可或缺的基礎設施。本系統達到下列相關功能：強化健保IC卡的功能及其與整合式醫療資訊系統的相容性、建置功能完整的電子處方箋系統及其與醫療資訊系統的整合、保障病患與醫師的隱私權，並且從架構的設計上，根本解決病患就診紀錄儲存方式，提供代領藥物的機制設計以及維護醫師與病患的隱私權。

With the development of the Internet, the application orientations have become complicated as well as the relevant technologies have become diverse. Contrary to the application of medical treatments, the significance of information technology is to expand the clinical supports in medical information. Digital medical treatments cover the areas of electronic patient records, electronic prescriptions, and medical information system. Furthermore, studies on the data processing structures and the formats in various relevant systems have become mature, but the integration is still insufficient. For this reason, this project proposes an integrative medical information system to securely exchange electronic patient records among medical organizations, to guarantee the privacies of patients and doctors with the design of passwords, and to provide authorities with verification and tracking mechanisms. By doing so, the medical information system can be developed with comprehensive functions to dispense the transfer of manual documents and maintain the security of medical information so that the possible human errors, such as the follow-up nursing, medical preparation, and technical staff, can be reduced or even avoided. Not only can it improve the medical quality, but it can also become one of the inevitable fundamental facilities in medical management. This project aims to strengthen the functions of National Health Insurance IC card and the compatibility with the integrative medical information system, to establish a full-functional electronic prescription system and the integration with medical information system, and to guarantee the privacies of patients and doctors. From the architectural design, it further aims to solve the problem of storing patients' treatment records, provide the design of helping draw medicine mechanisms, and protect the privacies of doctors and patients.

1. 二代健保，衛生福利部中央健康保險署，http://www.nhi.gov.tw/ ，2014。
2. HCA 一般問題，醫事憑證管理中心，http://hca.nat.gov.tw/Default.aspx，2014。
3. Ateniese, G.,Cutmola, R.,Meideiros, B. de.,Davis, D.(2002).Medical Information Privacy Assurance: Cryptographic and System Aspects.Third Conference on Security in Communication Networks,Amalfi, Italy:
4. Ball, E.,Chadwick, D.W.,Mundy, D.(2003).Patient Privacy in Electronic Prescription Transfer.IEEE Security & Privacy Magazine,1(2),77-80.
5. Cao, F.,Cao, Z.(2009).A secure identity-based proxy multi-signature scheme.Information Sciences,179(3),292-302.
6. Chan, A. T.S.,Cao, J.,Chan, H.,Young, G.(2001).A Web-Enabled Framework for Smart Card Application in Health Services.Communications of the ACM,44(9),77-82.
7. Chaum, D.,van Heyst, E.(1991).Group signatures.proceedings of Advances in Cryptology - Eurocrypt 1991
8. Chen, C.-L.,Chen, Y.-Y.,Chen, Y.-H.(2009).Group-based Authentication to Protect Digital Content for Business Applications.International Journal of Innovative Computing, Information and Control,5(5),1243-1251.
9. Dolin, R. H.,Alschuler, L.,Beebe, C.,Biron, P. V.,Boyer, S. L.,Essin, D.,Kimber, E.,Lincoln, T.,Mattison, J. E.(2001).The HL7 Clinical Document Architecture.Journal of the American Medical Informatics Association,8(6),552-569.
10. Dolin, R. H.,Rishel, W.,Biron, P. V.,Spinosa, J.,Mattison, J. E.(1998).SGML and XML as Interchange Formats for HL7 Messages.Journal of the American Medical Informatics Association,720-724.
11. ElGamal, T.(1985).A public key cryptosystem and a signature scheme based on discrete logarithms.IEEE Transactions on Information Theory,31(4),469-472.
12. Gritzalis, S.,Lambrinoudakis, C.,Lekkas, D.,Deftereos, S.(2005).Technicl Guidelines for Enhancing Privacy and Data Protection in Modern Electronic Medical Environments.IEEE Transactions on Information Technology in Biomedicine,9(3),413-423.
13. Hong, X.(2009).Efficient threshold proxy signature protocol for mobile agents.Information Sciences,179(24),4243-4248.
14. Hsu, C. C.,Ho, C. S.(2004).A new hybrid case-based architecture for medical diagnosis.Information Sciences,166(1-4),231-247.
15. Huang, K.-H.,Hsieh, S.-H.,Chang, Y.-J.,Lai, F.,Hsieh, S.-L.,Lee, H.-H.(2010).Application of portable CDA for secure clinical-document exchange.Journal of Medical Systems,34(4),531-539.
16. Huston, T.(2001).Security Issues for Implementation of E-Medical Records.Communications of the ACM,44(9),89-94.
17. Koblitz, N.(1987).Elliptic curve cryptosystems.Mathematics of Computation,48,203-209.
18. Le, X. H.,Lee, S.,Lee, Y.-K.,Lee, H.,Khalid, M.,Sankar, R.(2010).Activity-oriented access control to ubiquitous hospital information and services.Information Sciences,180(16),2979-2990.
19. Mambo, M.,Usuda, K.,Okamoto, E.(1996).Proxy signatures: Delegation of the power to sign message.IEICE transactions on fundamentals of electronics, communications and computer sciences, E79-A,9,1338-1354.
20. Miller, V.S.(1986).Use of Elliptic Curves in Cryptography.Advances in Cryptology--Crypto '85 Proceedings
21. National Institute of Standards and Technology(1994).Technical reportTechnical report,未出版
22. Rash, M.C.(2005).Privacy Concerns Hinder Electronic Medical Records.The Business Journal of the Greater Triad Area
23. Rivest, R.L.,Shamir, A.,Adleman, L.(1978).A Method for Obtaining Digital Signatures and Public-Key Cryptosystems.Communications of the ACM,21(2),120-126.
24. Stallings, W.(2013).Cryptography and network security: principal and practices.Prentice Hall.
25. Takeda, H.,Matsumura, Y.,Kuwata, S.(2000).Architecture for networked electronic patient record systems.International Journal of Medical Informatics,60(2),161-167.
26. Tsumoto, S.(2004).Mining diagnostic rules from clinical databases using routh sets and medical diagnostic model.Information Sciences,162(2),65-80.
27. Ulieru, M.,Hadzic, M.,Chang, E.(2006).Soft computing agents for e-Health in application to the research and control of unknown diseases.Information Sciences,176(9),1190-1214.
28. Um, K. S.,Kwak, Y. S.,Cho, H.,Kim, I. K.(2005).Development of an HL7 interface engine, based on tree structure and streaming algorithm, for large-size messages which include image data.Computer Methods and Programs in Biomedicine,80,126-140.
29. Wang, D.W.,Liu, D.R.,Chen,Y.C.(1999).A Mechanism to Verify the Integrity of Computer-Based Patient Records.The Journal of China Association for Medical Informatics,10,71-84.
30. Yang, Y.,Han, X.,Bao, F.,Deng, R. H.(2004).A Smart-Card-Enabled Privacy Preserving E-Prescription System.IEEE Transactions on Information Technology in Biomedicine,8(1),47-58.
31. 丁鎮權(2003)。台北市，淡江大學電機工程學系。
32. 王裕盛(2006)。台南市，立德管理學院應用資訊學系。
33. 王鴻康(2007)。南投縣，國立暨南國際大學資訊管理學系。
34. 吳一杰(2006)。台中市，逢甲大學資訊工程學系。
35. 吳彥典(2008)。高雄市，國立高雄應用科技大學電子工程學系。
36. 呂卓勳(2006)。高雄市，國立中正大學資訊管理學系。
37. 李依金函(2013)。嘉義市，國立中正大學醫療資訊管理學系。
38. 林玉玲(2001)。台北市，國立臺灣大學醫療機構管理學系。
39. 邱柏盛(2012)。台中市，逢甲大學資訊電機工程學系在職專班。
40. 胡國新(2000)。彰化縣，大葉大學資訊管理學系。
41. 張勝偉(2000)。新竹市，國立清華大學電機工程學系。
42. 張雅琦(1999)。台中市，亞洲大學健康管理學系。
43. 許加樂(2012)。台中市，國立勤益科技大學研發科技與資訊管理學系。
44. 陳哲豪(2006)。台中市，朝陽科技大學資訊管理學系。
45. 黃正心(2002)。新竹市，國立交通大學資訊科學學系。
46. 黃志龍(2005)。台南市，國立成功大學工程科學系專班。
47. 黃勛隆(2006)。新竹市，國立交通大學經營管理學系。
48. 黃履州(2009)。台北市，國立陽明大學醫學工程學系。
49. 劉建良(2002)。南投縣，國立暨南國際大學資訊管理學系。
50. 賴郁仁(2008)。台北市，東吳大學資訊科學學系。
51. 賴溪松,韓亮,張真誠(2004).近代密碼學及其應用.台北:旗標出版公司.
52. 戴靜瑤(2013)。新竹市，國立交通大學資訊科學與工程學系。

1. 蘇琬茲,郭倩琳,郭宏杉,李佩育(2021)。臨床護理人員對病人個人資料保護之知識調查。護理雜誌，68(5)，41-50。