Situation Based Access Policy for EPHR Data

• Main Authors: Anh NguyenBao, 阮堡英
• Other Authors: Tzonelih Hwang
• Format: Others
• Language: en_US
• Published: 2014
• Online Access: http://ndltd.ncl.edu.tw/handle/83139211461449749843

碩士 === 國立成功大學 === 資訊工程學系 === 102 === Electronic Patient Health Record (EPHR) systems may facilitate a patient not only to share his/her health records securely with healthcare professional but also to control his/her health privacy, in a convenient and easy way even in case of emergency. In order to fulfill these requirements, it is greatly desirable to have the access control mechanism which can efficiently handle every circumstance without negotiating security. However, the existing access control mechanisms used in healthcare to regulate and restrict the disclosure of pa-tient data are often bypassed in case of emergencies. In this thesis, we propose a way to se-curely share EPHR data under any situation including break-the-glass (BtG) without com-promising its security. In this regard, we adopt the reference security model designed by Quantum Information and Network Security Lab (QINS, NCKU), which consists of a multi-level data flow hierarchy, and an efficient access control framework based on the conventional Role-Based and Mandatory Access Control polices. Here, the main contribu-tion of this thesis work is to enforce “situations based access policy” on the reference secu-rity model.