| Summary: | 碩士 === 淡江大學 === 資訊管理學系碩士班 === 96 === Nowadays, more and more healthcare providers use information systems to provide healthcare services. How to protect the private patient’s information is an important issue about security management of information to all healthcare providers. The Health Insurance Portability and Accountability Act enacted by the United State Congress in August, 1996, is the Federal Law which applies to the U.S healthcare industry. HIPAA specifies the guideline about health information security to enhance the healthcare quality. The regulations about patient’s privacy specifically indicate that the patients should have more power to control themselves’ health record, and the use and the disclosure of health information should be under the control safely.
This research is to design a management of security to comply with HIPAA, to satisfy the necessity to exchange the electrical patient’s record, and to consider that the patients don’t need to disclosure the irrelevant health information to the healthcare workers. Therefore the session keys are made between the patient and each department of the hospital. If healthcare workers need to refer to the patient’s record in other department, they can get the record through the hospital using the mechanism of access control. Even the record is in other hospital, they are still able to get the record through the mechanism of interflow of electrical patient’s record between hospitals.
Besides, the mechanism of security uses the advantage of elliptic curve cryptography, ex. better efficiency, stringer security, and shorter key length under the same security level. For the time cost establishing the key, the experiment result [13] shows that elliptic curve cryptography is quicker than DSA mechanism about 30%
|
|---|
