OBJECTIVE: For the ubiquity of medical service, when user who has proper authority want to access medical data, user accessability should be assured. And the security of the disclosed medical data is important. This paper presents single user access interface on multiple patient reservoirs and elaborate access control using the Role-Based Access Control(RBAC) system.
METHODS: Proposed system consists of 4-tier architecture that is client application, Access Control Central(ACC) agent, Local Access Control(LAC) agent and Hospital Information Systems(HIS). User requests medical data with client application. ACC notarizes user identity and controls access of user request and selectively encrypts medical data. LAC charges data conversion for communication between ACC and HIS. HIS has repositories of medical datum. System provides security service with digital certificate, X.509v3, of user.
RESULTS: User requests medical data of several HIS approaching single ACC not by each HIS. Through conversion process of LAC, data that is described XML and is used for communication inter system enables information exchange with single common data format that is independent to several HIS.
CONCLUSION: In the proposed system, user accesses medical datum of several HIS regardless of location and has consistent access interface. And using independent format against each HIS makes easy information exchange between several HIS. Transferred data maintains security about significant datum by selective encryption and increases encryption efficiency. Unified access control about multiple patient reservoirs that are scattered in other places provides unified and precise diagnosis of patient information. And it functions the portal of collaborate treatment in inter-HIS. |