| dc.contributor | 資科系 | - |
| dc.creator (作者) | Chen, Kung | - |
| dc.creator (作者) | 陳恭 | zh_TW |
| dc.creator (作者) | Chang, Y.-C. | en_US |
| dc.date (日期) | 2010-03 | - |
| dc.date.accessioned | 18-Jun-2015 17:17:25 (UTC+8) | - |
| dc.date.available | 18-Jun-2015 17:17:25 (UTC+8) | - |
| dc.date.issued (上傳時間) | 18-Jun-2015 17:17:25 (UTC+8) | - |
| dc.identifier.uri (URI) | http://nccur.lib.nccu.edu.tw/handle/140.119/75977 | - |
| dc.description.abstract (摘要) | Objectives: Maintaining proper access control to Electronic Medical Records (EMR) is essential to protecting patients` privacy. We aim to develop mechanisms and tools that can support fine-grained and adaptable access control for EMR. Method: This paper presents an aspect-oriented design and implementation scheme to providing adaptable access control for Web-based EMR systems. In our scheme, access control logic is decoupled from the core of the EMR application and collected into separate aspect modules which are automatically synthesized from access control rules in XML format and properly designed aspect templates. The generated aspect modules will then be compiled and integrated into the underlying EMR application using standard aspect tools. At runtime, these binary aspect modules will be executed to enforce the required access control. Future changes of access control rules can also be effectively realized through these mechanisms without actual coding. Results: A structured form of access control rules based on the Taiwan Electronic Medical Record Template, a suite of abstract aspects and templates for enforcing access control and a translator for synthesizing the complete access control code in AspectJ from such access control rules and aspect templates. We have also built a Web-based EMR prototype implementation to demonstrate our approach. Conclusion: Our approach can not only accommodate a wide range of fine-grained access control requirements but also enforce them in a modular and easy to adapt manner without incurring extra performance overhead due to rule interpretation. The use of aspect-oriented technology to provide adaptable access control for EMR is a promising approach. We have further enhanced our scheme with a mechanism for dynamic adjustment of access control rules. Other tools for authoring and analyzing the access control rules are the main parts of our future work. © 2010 Elsevier Ireland Ltd. All rights reserved. | - |
| dc.format.extent | 4815018 bytes | - |
| dc.format.mimetype | application/pdf | - |
| dc.relation (關聯) | International Journal of Medical Informatics,Volume 79, Issue 3, Pages 181-203 | - |
| dc.subject (關鍵詞) | Access control logic; Aspect-J; Aspect-oriented; Aspect-oriented designs; Aspect-oriented programming; Dynamic adjustment; Electronic medical record; EMR systems; Implementation scheme; Prototype implementations; Runtimes; XML format; Computer systems programming; Electric relays; Medical computing; Program interpreters; Security systems; Software prototyping; Synthesis (chemical); Access control; access to information; article; aspect oriented programming; computer program; electronic medical record; human; medical informatics; medical information system; priority journal; web browser; Access to Information; Computer Communication Networks; Confidentiality; Electronic Health Records; Internet; Software; Taiwan | - |
| dc.title (題名) | Aspect-oriented design and implementation of adaptable access control for Electronic Medical Records | - |
| dc.type (資料類型) | article | en |
| dc.identifier.doi (DOI) | 10.1016/j.ijmedinf.2009.12.007 | - |
| dc.doi.uri (DOI) | http://dx.doi.org/10.1016/j.ijmedinf.2009.12.007 | - |
