應用剖面技術支援病人隱私偏好的系統框架

Publications-Theses

Article View/Open

pdf(414)

Publication Export

Google Scholar^TM

題名	應用剖面技術支援病人隱私偏好的系統框架 An aspect-based approach to supporting patients` privacy preferences
作者	李浩誠 Lee, Hao Cheng
貢獻者	陳恭 Chen, Kung 李浩誠 Lee, Hao Cheng
關鍵詞	剖面導向技術隱私醫療資訊系統權限控管 AOP privacy Health Information System access control
日期	2010
上傳時間	4-Sep-2013 17:05:47 (UTC+8)
摘要	近來，隨著電子病歷的日漸普及，大眾對病人隱私的關注也隨之增加。在現行的醫療資訊系統 (Healthcare Information System, HIS) 中，透過適當的權限控管機制以保障電子病歷隱私是相當普遍的作法。然而，此機制並沒有考慮到病人對於隱私資訊用途的偏好不同。因此，擴充現行醫療資訊系統的權限控管機制，以處理病人隱私偏好的需求相當迫切。針對此議題，我們認為剖面導向程式設計 (Aspect-Oriented Programming) 技術可以成為其解決方案的重要一環。本研究試著實作一個剖面導向的管理框架，在無需大幅度改寫系統的前提之下，能夠和現有的醫療資訊系統整合，達到讓病人自訂及管理隱私偏好。該框架和現行系統的關係是鬆散耦合 (loosely coupled) 的，因此，能夠輕易地用來擴充現行的系統，以便達到支援病人自定隱私偏好的目的。 Electronic health records are getting more and more popular these days, however, concerns for patients` privacy also increase greatly. Currently, it`s not unusual for Healthcare Information System (HIS) to adopt a proper access control mechanism to protect patients` electronic health records. Nonetheless, this design did not consider the requirements of supporting patients’ preferences regarding the use of their privacy information. Hence, it is desirable to extend the original access control system to handle patients` privacy preferences. For this issue, we argue that Aspect-Oriented Programming (AOP) can be an important part of the solutions. This thesis presents an aspect-based preference management framework that collects and manages patients` preferences. It can be integrated with the existing HIS to support patients` privacy preferences without rewriting from scratch. The proposed mechanisms are loosely coupled with the underlying system. It is therefore easier to use it to improve existing systems to support patients’ privacy preferences.
參考文獻	[1] 行政院衛生署電子病歷推動專區, Retrieved January 15, 2011, from http://emr.doh.gov.tw/introduction.aspx [2] U.S. Department of Health and Human Services (2008), Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information, (Internet), Office of the National Coordinator for Health Information Technology, U.S. Department of Health and Human Services, Available from http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_10731_848088_0_0_18/Nationwi dePS_Framework-5.pdf (Accessed 28 June, 2009) [3] APEC (2005), APEC Privacy Framework, (Internet), Asia-Pacific Economic Corporation, Available from http://www.apec.org/apec/news___media/fact_sheets/apec_privacy_framework.html (Accessed 28 June, 2009) [4] 台大醫院當機 8000病患受累 (22 May, 2007), Retrieved January 15, 2011, from http://www.libertytimes.com.tw/2007/new/may/22/today-life3.htm [5] eXtensible Access Control Markup Language (XACML) Version 1.1, Retrieved January 15, 2011, from http://www.oasis-open.org/committees/xacml/repository/cs-xacml-specification-1.1.pdf [6] Enterprise Privacy Authorization Language (EPAL), Retrieved January 15, 2011, from http://www.zurich.ibm.com/security/enterprise-privacy/epal/Specification/index.html 48 [7] XACML on OASIS, Retrieved January 15, 2011, from http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml [8] A Brief Introduction to XACML, Retrieved January 15, 2011, from http://www.oasisopen. org/committees/download.php/2713/%20Brief_Introduction_to_XACML.html [9] XACML Terminology, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/XACML#Terminology [10] EPAL W3C submission, Retrieved January 15, 2011, from http://www.w3.org/Submission/2003/SUBM-EPAL-20031110/ [11] Walter Hürsch and Cristina Videira Lopes, Separation of Concerns, Technical Report, no. NU-CCS-95-03, 1995. [12] Kiczales, G. et al., (1997), Aspect-Oriented Programming, European Conference on Object-Oriented Programming, Jyväskylä, Finland, June 1997, Lecture Notes in Computer Science 1241; 220-242. [13] 陳恭, 剖面導向程式設計(AOP/AOSD)簡介, 2007 [14] Kiczales, G. et al., (2001), Getting Started with AspectJ, Communications of ACM, 44(10), 2001, 59-65. [15] Hilsdale, E. and Hugunin, J. (2004), Advice Weaving in AspectJ, Proc. of the 3rd International Conference on Aspect-Oriented Software Development, Lancaster UK, 2004: 26-35. [16] Plain Old Java Object (POJO), Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Plain_Old_Java_Object [17] Object-relational mapping, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Object-relational_mapping [18] Model–View–Controller, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Model%E2%80%93View%E2%80%93Controller [19] Relational Database, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Relational_database [20] Object-relational impedance mismatch, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Object-relational_impedance_mismatch [21] Connection Pool, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Connection_pool [22] Shan, Tony (2006). "Taxonomy of Java Web Application Frameworks". Proceedings of 2006 IEEE International Conference on e-Business Engineering (ICEBE 2006), http://portal.acm.org/citation.cfm?id=1190953 (Accessed 10 Oct, 2010) [23] Stateless, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Stateless_protocol [24] Blobel B. (2004), Authorisation and access control for electronic health record systems. Int. J. of Medical Informatics, 73(3), March 2004, 251-7. [25] Ferreira A, et al. (2005), Modelling access control for a complex healthcare organization. In: iSHIMR 2005: Proceedings of the Tenth International Symposium on Health Information Management Research, Thessaloniki, Greece, Sep. 2005. [26] Massacci, F. and Zannone, N. (2006), Privacy is Linking Permission to Purpose, Lecture Notes in Computer Science Vol. 3957, Springer Berlin / Heidelberg. [27] Personally identifiable information, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Personally_identifiable_information [28] Hafner, M. et al. (2008), Modeling and Enforcing Advanced Access Control Policies in Healthcare Systems with Sectet, IN: H. Giese (Ed.):MoDELS 2007 Workshops, LNCS 5002, pp. 132-144, 2008, Springer Berlin / Heidelberg. [29] Health Level Seven, The Clinical Document Architecture Release 2.0, Retrieved January 15, 2011, from http://www.hl7.org/library/standards_non1.htm [30] HL7 Security WG: The RBAC Security and Privacy Vocabulary Project (2008), Available from http://hl7projects.hl7.nscee.edu/docman/view.php/57/361/SecurityandPrivacyuthzFramework. pdf, (Accessed June 28, 2009) [31] Platform for Privacy Preferences (P3P) Project, Retrieved January 15, 2011, from http://www.w3.org/P3P/ [32] Aspect Weaver, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Aspect_weaver [33] Sandhu R, et al. (1996), Role-based access control models, IEEE Computer, 29(2), 1996, pp. 38-47. [34] Opt out, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Opt-out [35] Karjoth, G., Schunter, M., Waidner, M. (2004), Privacy-enabled Management of Customer Data. IEEE Data Eng. Bull. 27(1): 3-9 (2004).
描述	碩士國立政治大學資訊科學學系 96971019 99
資料來源	http://thesis.lib.nccu.edu.tw/record/#G0096971019
資料類型	thesis

dc.contributor.advisor	陳恭	zh_TW
dc.contributor.advisor	Chen, Kung	en_US
dc.contributor.author (Authors)	李浩誠	zh_TW
dc.contributor.author (Authors)	Lee, Hao Cheng	en_US
dc.creator (作者)	李浩誠	zh_TW
dc.creator (作者)	Lee, Hao Cheng	en_US
dc.date (日期)	2010	en_US
dc.date.accessioned	4-Sep-2013 17:05:47 (UTC+8)	-
dc.date.available	4-Sep-2013 17:05:47 (UTC+8)	-
dc.date.issued (上傳時間)	4-Sep-2013 17:05:47 (UTC+8)	-
dc.identifier (Other Identifiers)	G0096971019	en_US
dc.identifier.uri (URI)	http://nccur.lib.nccu.edu.tw/handle/140.119/60238	-
dc.description (描述)	碩士	zh_TW
dc.description (描述)	國立政治大學	zh_TW
dc.description (描述)	資訊科學學系	zh_TW
dc.description (描述)	96971019	zh_TW
dc.description (描述)	99	zh_TW
dc.description.abstract (摘要)	近來，隨著電子病歷的日漸普及，大眾對病人隱私的關注也隨之增加。在現行的醫療資訊系統 (Healthcare Information System, HIS) 中，透過適當的權限控管機制以保障電子病歷隱私是相當普遍的作法。然而，此機制並沒有考慮到病人對於隱私資訊用途的偏好不同。因此，擴充現行醫療資訊系統的權限控管機制，以處理病人隱私偏好的需求相當迫切。針對此議題，我們認為剖面導向程式設計 (Aspect-Oriented Programming) 技術可以成為其解決方案的重要一環。本研究試著實作一個剖面導向的管理框架，在無需大幅度改寫系統的前提之下，能夠和現有的醫療資訊系統整合，達到讓病人自訂及管理隱私偏好。該框架和現行系統的關係是鬆散耦合 (loosely coupled) 的，因此，能夠輕易地用來擴充現行的系統，以便達到支援病人自定隱私偏好的目的。	zh_TW
dc.description.abstract (摘要)	Electronic health records are getting more and more popular these days, however, concerns for patients` privacy also increase greatly. Currently, it`s not unusual for Healthcare Information System (HIS) to adopt a proper access control mechanism to protect patients` electronic health records. Nonetheless, this design did not consider the requirements of supporting patients’ preferences regarding the use of their privacy information. Hence, it is desirable to extend the original access control system to handle patients` privacy preferences. For this issue, we argue that Aspect-Oriented Programming (AOP) can be an important part of the solutions. This thesis presents an aspect-based preference management framework that collects and manages patients` preferences. It can be integrated with the existing HIS to support patients` privacy preferences without rewriting from scratch. The proposed mechanisms are loosely coupled with the underlying system. It is therefore easier to use it to improve existing systems to support patients’ privacy preferences.	en_US
dc.description.tableofcontents	第1章緒論............................................................................................................................................1 1.1 研究背景.......................................................................................................................1 1.2 研究動機.......................................................................................................................2 1.3 研究目的.......................................................................................................................3 1.4 論文貢獻.......................................................................................................................3 1.5 章節架構.......................................................................................................................3 第2章相關研究與技術背景.................................................................................................................4 2.1 相關研究.......................................................................................................................4 2.1.1 XACML.............................................................................................................4 2.1.2 EPAL..................................................................................................................8 2.2 AOP/AspectJ技術介紹..............................................................................................10 2.3 Spring/Hibernate/Wicket 技術介紹............................................................................14 2.3.1 Spring...............................................................................................................14 2.3.2 Hibernate..........................................................................................................16 2.3.3 Wicket..............................................................................................................18 第3章系統設計與架構.......................................................................................................................20 3.1 設計理念.....................................................................................................................20 3.2 病人隱私剖面.............................................................................................................24 3.3 行動目的管理員.........................................................................................................26 3.4 病人偏好管理員.........................................................................................................28 IV 第4章系統實作與展示.......................................................................................................................31 4.1 設定病人隱私剖面.....................................................................................................31 4.2 管理行動目的.............................................................................................................35 4.3 管理病人偏好.............................................................................................................38 4.4 系統展示.....................................................................................................................41 第5章結論..........................................................................................................................................46 5.1 結論.............................................................................................................................46 5.2 未來發展.....................................................................................................................47 第6章參考文獻..................................................................................................................................48	zh_TW
dc.format.extent	4849954 bytes	-
dc.format.mimetype	application/pdf	-
dc.language.iso	en_US	-
dc.source.uri (資料來源)	http://thesis.lib.nccu.edu.tw/record/#G0096971019	en_US
dc.subject (關鍵詞)	剖面導向技術	zh_TW
dc.subject (關鍵詞)	隱私	zh_TW
dc.subject (關鍵詞)	醫療資訊系統	zh_TW
dc.subject (關鍵詞)	權限控管	zh_TW
dc.subject (關鍵詞)	AOP	en_US
dc.subject (關鍵詞)	privacy	en_US
dc.subject (關鍵詞)	Health Information System	en_US
dc.subject (關鍵詞)	access control	en_US
dc.title (題名)	應用剖面技術支援病人隱私偏好的系統框架	zh_TW
dc.title (題名)	An aspect-based approach to supporting patients` privacy preferences	en_US
dc.type (資料類型)	thesis	en
dc.relation.reference (參考文獻)	[1] 行政院衛生署電子病歷推動專區, Retrieved January 15, 2011, from http://emr.doh.gov.tw/introduction.aspx [2] U.S. Department of Health and Human Services (2008), Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information, (Internet), Office of the National Coordinator for Health Information Technology, U.S. Department of Health and Human Services, Available from http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_10731_848088_0_0_18/Nationwi dePS_Framework-5.pdf (Accessed 28 June, 2009) [3] APEC (2005), APEC Privacy Framework, (Internet), Asia-Pacific Economic Corporation, Available from http://www.apec.org/apec/news___media/fact_sheets/apec_privacy_framework.html (Accessed 28 June, 2009) [4] 台大醫院當機 8000病患受累 (22 May, 2007), Retrieved January 15, 2011, from http://www.libertytimes.com.tw/2007/new/may/22/today-life3.htm [5] eXtensible Access Control Markup Language (XACML) Version 1.1, Retrieved January 15, 2011, from http://www.oasis-open.org/committees/xacml/repository/cs-xacml-specification-1.1.pdf [6] Enterprise Privacy Authorization Language (EPAL), Retrieved January 15, 2011, from http://www.zurich.ibm.com/security/enterprise-privacy/epal/Specification/index.html 48 [7] XACML on OASIS, Retrieved January 15, 2011, from http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml [8] A Brief Introduction to XACML, Retrieved January 15, 2011, from http://www.oasisopen. org/committees/download.php/2713/%20Brief_Introduction_to_XACML.html [9] XACML Terminology, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/XACML#Terminology [10] EPAL W3C submission, Retrieved January 15, 2011, from http://www.w3.org/Submission/2003/SUBM-EPAL-20031110/ [11] Walter Hürsch and Cristina Videira Lopes, Separation of Concerns, Technical Report, no. NU-CCS-95-03, 1995. [12] Kiczales, G. et al., (1997), Aspect-Oriented Programming, European Conference on Object-Oriented Programming, Jyväskylä, Finland, June 1997, Lecture Notes in Computer Science 1241; 220-242. [13] 陳恭, 剖面導向程式設計(AOP/AOSD)簡介, 2007 [14] Kiczales, G. et al., (2001), Getting Started with AspectJ, Communications of ACM, 44(10), 2001, 59-65. [15] Hilsdale, E. and Hugunin, J. (2004), Advice Weaving in AspectJ, Proc. of the 3rd International Conference on Aspect-Oriented Software Development, Lancaster UK, 2004: 26-35. [16] Plain Old Java Object (POJO), Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Plain_Old_Java_Object [17] Object-relational mapping, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Object-relational_mapping [18] Model–View–Controller, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Model%E2%80%93View%E2%80%93Controller [19] Relational Database, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Relational_database [20] Object-relational impedance mismatch, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Object-relational_impedance_mismatch [21] Connection Pool, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Connection_pool [22] Shan, Tony (2006). "Taxonomy of Java Web Application Frameworks". Proceedings of 2006 IEEE International Conference on e-Business Engineering (ICEBE 2006), http://portal.acm.org/citation.cfm?id=1190953 (Accessed 10 Oct, 2010) [23] Stateless, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Stateless_protocol [24] Blobel B. (2004), Authorisation and access control for electronic health record systems. Int. J. of Medical Informatics, 73(3), March 2004, 251-7. [25] Ferreira A, et al. (2005), Modelling access control for a complex healthcare organization. In: iSHIMR 2005: Proceedings of the Tenth International Symposium on Health Information Management Research, Thessaloniki, Greece, Sep. 2005. [26] Massacci, F. and Zannone, N. (2006), Privacy is Linking Permission to Purpose, Lecture Notes in Computer Science Vol. 3957, Springer Berlin / Heidelberg. [27] Personally identifiable information, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Personally_identifiable_information [28] Hafner, M. et al. (2008), Modeling and Enforcing Advanced Access Control Policies in Healthcare Systems with Sectet, IN: H. Giese (Ed.):MoDELS 2007 Workshops, LNCS 5002, pp. 132-144, 2008, Springer Berlin / Heidelberg. [29] Health Level Seven, The Clinical Document Architecture Release 2.0, Retrieved January 15, 2011, from http://www.hl7.org/library/standards_non1.htm [30] HL7 Security WG: The RBAC Security and Privacy Vocabulary Project (2008), Available from http://hl7projects.hl7.nscee.edu/docman/view.php/57/361/SecurityandPrivacyuthzFramework. pdf, (Accessed June 28, 2009) [31] Platform for Privacy Preferences (P3P) Project, Retrieved January 15, 2011, from http://www.w3.org/P3P/ [32] Aspect Weaver, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Aspect_weaver [33] Sandhu R, et al. (1996), Role-based access control models, IEEE Computer, 29(2), 1996, pp. 38-47. [34] Opt out, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Opt-out [35] Karjoth, G., Schunter, M., Waidner, M. (2004), Privacy-enabled Management of Customer Data. IEEE Data Eng. Bull. 27(1): 3-9 (2004).	zh_TW

Publications-Theses

Article View/Open

Publication Export

Google ScholarTM

NCCU Library

Citation Infomation

Related Publications in TAIR

Google Scholar^TM