Abstract

Objective For the ubiquity of medical service, when user who has proper authority want to access medical data, user accessability should be assured. And the security of the disclosed medical data is important. This paper presents single user access interface on multiple patient reservoirs and elaborate access control using the Role-Based Access Control(RBAC) system. Methods Proposed system consists of 4-tier architecture that is client application, Access Control Central(ACC) agent, Local Access Control(LAC) agent and Hospital Information Systems(HIS). User requests medical data with client application. ACC notarizes user identity and controls access of user request and selectively encrypts medical data. LAC charges data conversion for communication between ACC and HIS. HIS has repositories of medical datum. System provides security service with digital certificate, X.509v3, of user. Results User requests medical data of several HIS approaching single ACC not by each HIS. Through conversion process of LAC, data that is described XML and is used for communication inter system enables information exchange with single common data format that is independent to several HIS. Conclusion In the proposed system, user accesses medical datum of several HIS regardless of location and has consistent access interface. And using independent format against each HIS makes easy information exchange between several HIS. Transferred data maintains security about significant datum by selective encryption and increases encryption efficiency. Unified access control about multiple patient reservoirs that are scattered in other places provides unified and precise diagnosis of patient information. And it functions the portal of collaborate treatment in inter-HIS.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.