| Aspect-oriented design and implementation of adaptable access control for electronic medical records. | |
| | |
MedLine Citation:
|
PMID: 20117962 Owner: NLM Status: MEDLINE |
Abstract/OtherAbstract:
|
OBJECTIVES: Maintaining proper access control to Electronic Medical Records (EMR) is essential to protecting patients' privacy. We aim to develop mechanisms and tools that can support fine-grained and adaptable access control for EMR. METHOD: This paper presents an aspect-oriented design and implementation scheme to providing adaptable access control for Web-based EMR systems. In our scheme, access control logic is decoupled from the core of the EMR application and collected into separate aspect modules which are automatically synthesized from access control rules in XML format and properly designed aspect templates. The generated aspect modules will then be compiled and integrated into the underlying EMR application using standard aspect tools. At runtime, these binary aspect modules will be executed to enforce the required access control. Future changes of access control rules can also be effectively realized through these mechanisms without actual coding. RESULTS: A structured form of access control rules based on the Taiwan Electronic Medical Record Template, a suite of abstract aspects and templates for enforcing access control and a translator for synthesizing the complete access control code in AspectJ from such access control rules and aspect templates. We have also built a Web-based EMR prototype implementation to demonstrate our approach. CONCLUSION: Our approach can not only accommodate a wide range of fine-grained access control requirements but also enforce them in a modular and easy to adapt manner without incurring extra performance overhead due to rule interpretation. The use of aspect-oriented technology to provide adaptable access control for EMR is a promising approach. We have further enhanced our scheme with a mechanism for dynamic adjustment of access control rules. Other tools for authoring and analyzing the access control rules are the main parts of our future work. |
| | |
Authors:
|
Kung Chen; Yuan-Chun Chang; Da-Wei Wang |
Publication Detail:
|
Type: Journal Article; Research Support, Non-U.S. Gov't Date: 2010-02-01 |
Journal Detail:
|
Title: International journal of medical informatics Volume: 79 ISSN: 1872-8243 ISO Abbreviation: Int J Med Inform Publication Date: 2010 Mar |
Date Detail:
|
Created Date: 2010-02-17 Completed Date: 2010-05-20 Revised Date: - |
Medline Journal Info:
|
Nlm Unique ID: 9711057 Medline TA: Int J Med Inform Country: Ireland |
Other Details:
|
Languages: eng Pagination: 181-203 Citation Subset: IM |
Copyright Information:
|
Copyright 2010 Elsevier Ireland Ltd. All rights reserved. |
Affiliation:
|
Department of Computer Science, National Chengchi University, Taipei, Taiwan. chenk@cs.nccu.edu.tw |
Export Citation:
|
APA/MLA Format Download EndNote Download BibTex |
| MeSH Terms | |
Descriptor/Qualifier:
|
Access to Information* Computer Communication Networks Confidentiality* Electronic Health Records / organization & administration* Internet Software Taiwan |
From MEDLINE®/PubMed®, a database of the U.S. National Library of Medicine
Previous Document: Human copper homeostasis: a network of interconnected pathways.
Next Document: Antigenic and physicochemical characterization of the 2nd International Standard for hepatitis B vir...