政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/60238
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文笔数/总笔数 : 113325/144300 (79%)
造访人次 : 51185963      在线人数 : 859
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻
    政大機構典藏 > 資訊學院 > 資訊科學系 > 學位論文 >  Item 140.119/60238


    请使用永久网址来引用或连结此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/60238


    题名: 應用剖面技術支援病人隱私偏好的系統框架
    An aspect-based approach to supporting patients` privacy preferences
    作者: 李浩誠
    Lee, Hao Cheng
    贡献者: 陳恭
    Chen, Kung
    李浩誠
    Lee, Hao Cheng
    关键词: 剖面導向技術
    隱私
    醫療資訊系統
    權限控管
    AOP
    privacy
    Health Information System
    access control
    日期: 2010
    上传时间: 2013-09-04 17:05:47 (UTC+8)
    摘要: 近來,隨著電子病歷的日漸普及,大眾對病人隱私的關注也隨之增加。在現行的醫療資訊系統 (Healthcare Information System, HIS) 中,透過適當的權限控管機制以保障電子病歷隱私是相當普遍的作法。然而,此機制並沒有考慮到病人對於隱私資訊用途的偏好不同。因此,擴充現行醫療資訊系統的權限控管機制,以處理病人隱私偏好的需求相當迫切。
    針對此議題,我們認為剖面導向程式設計 (Aspect-Oriented Programming) 技術可以成為其解決方案的重要一環。本研究試著實作一個剖面導向的管理框架,在無需大幅度改寫系統的前提之下,能夠和現有的醫療資訊系統整合,達到讓病人自訂及管理隱私偏好。該框架和現行系統的關係是鬆散耦合 (loosely coupled) 的,因此,能夠輕易地用來擴充現行的系統,以便達到支援病人自定隱私偏好的目的。
    Electronic health records are getting more and more popular these days, however, concerns for patients` privacy also increase greatly. Currently, it`s not unusual for Healthcare Information System (HIS) to adopt a proper access
    control mechanism to protect patients` electronic health records. Nonetheless, this design did not consider the requirements of supporting patients’ preferences regarding the use of their privacy information. Hence, it is desirable to extend the original access control system to handle patients` privacy preferences.
    For this issue, we argue that Aspect-Oriented Programming (AOP) can be an important part of the solutions. This thesis presents an aspect-based preference management framework that collects and manages patients` preferences. It can be integrated with the existing HIS to support patients` privacy preferences without rewriting from scratch. The proposed mechanisms are loosely coupled
    with the underlying system. It is therefore easier to use it to improve existing systems to support patients’ privacy preferences.
    參考文獻: [1] 行政院衛生署 電子病歷推動專區, Retrieved January 15, 2011, from
    http://emr.doh.gov.tw/introduction.aspx
    [2] U.S. Department of Health and Human Services (2008), Nationwide Privacy and Security
    Framework For Electronic Exchange of Individually Identifiable Health Information,
    (Internet), Office of the National Coordinator for Health Information Technology, U.S.
    Department of Health and Human Services, Available from
    http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_10731_848088_0_0_18/Nationwi
    dePS_Framework-5.pdf (Accessed 28 June, 2009)
    [3] APEC (2005), APEC Privacy Framework, (Internet), Asia-Pacific Economic Corporation,
    Available from
    http://www.apec.org/apec/news___media/fact_sheets/apec_privacy_framework.html
    (Accessed 28 June, 2009)
    [4] 台大醫院當機 8000病患受累 (22 May, 2007), Retrieved January 15, 2011, from
    http://www.libertytimes.com.tw/2007/new/may/22/today-life3.htm
    [5] eXtensible Access Control Markup Language (XACML) Version 1.1, Retrieved January
    15, 2011, from
    http://www.oasis-open.org/committees/xacml/repository/cs-xacml-specification-1.1.pdf
    [6] Enterprise Privacy Authorization Language (EPAL), Retrieved January 15, 2011, from
    http://www.zurich.ibm.com/security/enterprise-privacy/epal/Specification/index.html
    48
    [7] XACML on OASIS, Retrieved January 15, 2011, from
    http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
    [8] A Brief Introduction to XACML, Retrieved January 15, 2011, from
    http://www.oasisopen.
    org/committees/download.php/2713/%20Brief_Introduction_to_XACML.html
    [9] XACML Terminology, Retrieved January 15, 2011, from
    http://en.wikipedia.org/wiki/XACML#Terminology
    [10] EPAL W3C submission, Retrieved January 15, 2011, from
    http://www.w3.org/Submission/2003/SUBM-EPAL-20031110/
    [11] Walter Hürsch and Cristina Videira Lopes, Separation of Concerns, Technical Report, no.
    NU-CCS-95-03, 1995.
    [12] Kiczales, G. et al., (1997), Aspect-Oriented Programming, European Conference on
    Object-Oriented Programming, Jyväskylä, Finland, June 1997, Lecture Notes in Computer
    Science 1241; 220-242.
    [13] 陳恭, 剖面導向程式設計(AOP/AOSD)簡介, 2007
    [14] Kiczales, G. et al., (2001), Getting Started with AspectJ, Communications of ACM,
    44(10), 2001, 59-65.
    [15] Hilsdale, E. and Hugunin, J. (2004), Advice Weaving in AspectJ, Proc. of the 3rd
    International Conference on Aspect-Oriented Software Development, Lancaster UK, 2004:
    26-35.
    [16] Plain Old Java Object (POJO), Retrieved January 15, 2011, from
    http://en.wikipedia.org/wiki/Plain_Old_Java_Object
    [17] Object-relational mapping, Retrieved January 15, 2011, from
    http://en.wikipedia.org/wiki/Object-relational_mapping
    [18] Model–View–Controller, Retrieved January 15, 2011, from
    http://en.wikipedia.org/wiki/Model%E2%80%93View%E2%80%93Controller
    [19] Relational Database, Retrieved January 15, 2011, from
    http://en.wikipedia.org/wiki/Relational_database
    [20] Object-relational impedance mismatch, Retrieved January 15, 2011, from
    http://en.wikipedia.org/wiki/Object-relational_impedance_mismatch
    [21] Connection Pool, Retrieved January 15, 2011, from
    http://en.wikipedia.org/wiki/Connection_pool
    [22] Shan, Tony (2006). "Taxonomy of Java Web Application Frameworks". Proceedings of
    2006 IEEE International Conference on e-Business Engineering (ICEBE 2006),
    http://portal.acm.org/citation.cfm?id=1190953 (Accessed 10 Oct, 2010)
    [23] Stateless, Retrieved January 15, 2011, from
    http://en.wikipedia.org/wiki/Stateless_protocol
    [24] Blobel B. (2004), Authorisation and access control for electronic health record systems.
    Int. J. of Medical Informatics, 73(3), March 2004, 251-7.
    [25] Ferreira A, et al. (2005), Modelling access control for a complex healthcare organization.
    In: iSHIMR 2005: Proceedings of the Tenth International Symposium on Health Information Management Research, Thessaloniki, Greece, Sep. 2005.
    [26] Massacci, F. and Zannone, N. (2006), Privacy is Linking Permission to Purpose, Lecture
    Notes in Computer Science Vol. 3957, Springer Berlin / Heidelberg.
    [27] Personally identifiable information, Retrieved January 15, 2011, from
    http://en.wikipedia.org/wiki/Personally_identifiable_information
    [28] Hafner, M. et al. (2008), Modeling and Enforcing Advanced Access Control Policies in
    Healthcare Systems with Sectet, IN: H. Giese (Ed.):MoDELS 2007 Workshops, LNCS 5002,
    pp. 132-144, 2008, Springer Berlin / Heidelberg.
    [29] Health Level Seven, The Clinical Document Architecture Release 2.0, Retrieved January
    15, 2011, from http://www.hl7.org/library/standards_non1.htm
    [30] HL7 Security WG: The RBAC Security and Privacy Vocabulary Project (2008),
    Available from
    http://hl7projects.hl7.nscee.edu/docman/view.php/57/361/SecurityandPrivacyuthzFramework.
    pdf, (Accessed June 28, 2009)
    [31] Platform for Privacy Preferences (P3P) Project, Retrieved January 15, 2011, from
    http://www.w3.org/P3P/
    [32] Aspect Weaver, Retrieved January 15, 2011, from
    http://en.wikipedia.org/wiki/Aspect_weaver
    [33] Sandhu R, et al. (1996), Role-based access control models, IEEE Computer, 29(2), 1996,
    pp. 38-47.
    [34] Opt out, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Opt-out
    [35] Karjoth, G., Schunter, M., Waidner, M. (2004), Privacy-enabled Management of
    Customer Data. IEEE Data Eng. Bull. 27(1): 3-9 (2004).
    描述: 碩士
    國立政治大學
    資訊科學學系
    96971019
    99
    資料來源: http://thesis.lib.nccu.edu.tw/record/#G0096971019
    数据类型: thesis
    显示于类别:[資訊科學系] 學位論文

    文件中的档案:

    档案 大小格式浏览次数
    101901.pdf4736KbAdobe PDF2414检视/开启


    在政大典藏中所有的数据项都受到原著作权保护.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回馈