Department of Computer Science, National Chengchi University, Taipei, Taiwan.
Int J Med Inform. 2010 Mar;79(3):181-203. doi: 10.1016/j.ijmedinf.2009.12.007. Epub 2010 Feb 1.
Maintaining proper access control to Electronic Medical Records (EMR) is essential to protecting patients' privacy. We aim to develop mechanisms and tools that can support fine-grained and adaptable access control for EMR.
This paper presents an aspect-oriented design and implementation scheme to providing adaptable access control for Web-based EMR systems. In our scheme, access control logic is decoupled from the core of the EMR application and collected into separate aspect modules which are automatically synthesized from access control rules in XML format and properly designed aspect templates. The generated aspect modules will then be compiled and integrated into the underlying EMR application using standard aspect tools. At runtime, these binary aspect modules will be executed to enforce the required access control. Future changes of access control rules can also be effectively realized through these mechanisms without actual coding.
A structured form of access control rules based on the Taiwan Electronic Medical Record Template, a suite of abstract aspects and templates for enforcing access control and a translator for synthesizing the complete access control code in AspectJ from such access control rules and aspect templates. We have also built a Web-based EMR prototype implementation to demonstrate our approach.
Our approach can not only accommodate a wide range of fine-grained access control requirements but also enforce them in a modular and easy to adapt manner without incurring extra performance overhead due to rule interpretation. The use of aspect-oriented technology to provide adaptable access control for EMR is a promising approach. We have further enhanced our scheme with a mechanism for dynamic adjustment of access control rules. Other tools for authoring and analyzing the access control rules are the main parts of our future work.
维护电子病历(EMR)的适当访问控制对于保护患者隐私至关重要。我们旨在开发能够支持 EMR 细粒度和自适应访问控制的机制和工具。
本文提出了一种面向方面的设计和实现方案,为基于 Web 的 EMR 系统提供自适应访问控制。在我们的方案中,访问控制逻辑与 EMR 应用程序的核心分离,并收集到单独的方面模块中,这些模块是从 XML 格式的访问控制规则自动合成的,并使用适当设计的方面模板。然后,使用标准的方面工具将生成的方面模块编译并集成到基础的 EMR 应用程序中。在运行时,这些二进制方面模块将被执行以实施所需的访问控制。通过这些机制,还可以有效地实现未来对访问控制规则的更改,而无需实际编码。
一种基于台湾电子病历模板的结构化访问控制规则形式、一套用于实施访问控制的抽象方面和模板以及一个用于从这些访问控制规则和方面模板综合完整的 AspectJ 访问控制代码的翻译器。我们还构建了一个基于 Web 的 EMR 原型实现来演示我们的方法。
我们的方法不仅可以适应广泛的细粒度访问控制要求,而且可以以模块化和易于适应的方式实施它们,而不会因规则解释而产生额外的性能开销。使用面向方面的技术为 EMR 提供自适应访问控制是一种很有前途的方法。我们进一步增强了我们的方案,增加了动态调整访问控制规则的机制。用于编写和分析访问控制规则的其他工具是我们未来工作的主要部分。
