Open Access  Subscription Access

現今，因醫療普及人們普遍壽命延長，我們需要長期保存並存取一生中健康資料，以讓該資料可於未來與醫院、健康組織、醫療人員共享，因此歷史健康資料的保存是重要的。我們的目的是維持與管理人們的歷史健康記錄，並避免電子健康記錄遺失。為了讓歷史健康記錄可以長期保存至人的一生，我們提出一個身份識別與授權機制來保存與管理長期電子健康記錄，使用者可自行將其醫院或健康組織內的健康記錄轉移至特定的組織。機制是採用累積簽章機制將在轉移前擁有資料的組織的信任程度轉移至新組織，並以第三方可信任機關作為身份提供商身份識別所有組織，最後由授權機制確保使用者授權該機構共享資料，並可以達到長期電子健康記錄的完整性、可用性與記錄授權的不可否認性。Due to the medicine knowledge widespread, the human life expectancy is extending. People have to keep personal health records during their lifetime to share and discuss with medical professionals. Therefore, the issue of maintaining the historical personal health records becomes more significant. Our aim is to keep and manage the long-term historical electronic health records to avoid the records lost. In this paper, we proposed an authentication and authorization protocol for the long-term historical electronic health records to manage more than the human life lifetime. User can request its records to migrate to a specific organization, and then authorize the organization. The proposed protocol is referring the cumulatively notarized signature to transfer the trustworthiness to a specific organization, and the trust third notary as an identity provider to authenticate the user, specific organizations. Finally, the trust third notary requests the authorization to user to share their historical records with the organization. And the proposed protocol achieves data integrity, non-repudiation for data authorization and availability of EHR.

電子健康紀錄; 長期管理電子資料; 累積公證簽章; 身份辨識; 授權; Electronic health records; Long-term electronic records management; Cumulatively notarized signature; Authentication; Authorization