臺灣博碩士論文加值系統

在醫療隱私保護的議題中，HIPAA隱私權與資訊安全法規是最重要的標準。其中，隱私權條文規定了病患對個人的醫療資訊必須擁有更多的控制權利，以及醫療資料的使用與揭露都應該受到管制，另外，在資訊安全條文規定中，建立具體防護措施以保護資料的完整性、機密性與可使用性是不可或缺的。無疑地，定義明確的應用密碼學技術提供許多合適的解決方案，本論文中，為了順利整合現有的密碼學技術，我們提出一個密碼金鑰管理的解決機制，此系統不但遵循HIPAA標準的規定與需求，而且在急救處置或病患無法親自授權醫療資訊使用之例外情況，也有簡單明瞭的處理方案。

HIPAA Privacy and Security Regulations are two crucial provisions in protecting healthcare privacy issue. Privacy Regulation creates standard to define patients have more control over their health information and sets limits on the use and disclosure of health information; and the Security Regulation stipulates the implemental provisions to guard data integrity, confidentiality, and availability. Undoubtedly, the cryptographic mechanisms are well-defined to provide the suitable solutions. In this thesis, to comply with HIPAA regulations, a cryptographic key management solution is proposed to facilitate the inter-operation among the applied cryptographic primitives. In addition, the consent exceptions resolution intends saving the life urgently or other possible exceptions can be also handled easier.

Table of Contents
Acknowledgements i
中文摘要 ii
Abstract iii
Table of Contents iv
List of Tables vi
List of Figure vii
Chapter 1 Introduction 1
1.1 Background 1
1.2 The HIPAA Laws 2
1.2.1 Privacy Regulation 2
1.2.2 Security Regulation 4
1.3 Motivation 4
1.4 Thesis Organization 7
Chapter 2 Preliminary 9
2.1 Smart Card 9
2.2 Symmetric Cryptosystem 10
2.3 Digital Signature 11
2.4 Hash Function 11
Chapter 3 Proposed Scheme 12
3.1 Registration Phase 13
3.2 Encryption Phase 14
3.3 Decryption Phase 15
3.3.1 Consent Case 15
3.3.2 Consent Exception Case 15
Chapter 4 Discussions 17
4.1 HIPAA Regulations Compliance17
4.2 Feasibility Analysis 21
4.2.1 Key Management Issue 21
4.2.2 Smart Card Equipment 22
4.2.3 Computational Performance 22
4.2.4 Storage Performance 24
Chapter 5 Conclusions 25
Reference 26
Vita 29

[1]Health Insurance Portability and Accountability Act of 1996,” 104th Congress, Public Law 104-191, 1996.
[2]Centers for Medicare and Medicaid Services (1996), Health Insurance Portability Accountability Act of 1996 (HIPAA). [Online]. Available : http://cms.hhs.gov/hipaa/
[3]Department of Health and Human Services, “Standards for Privacy of Individually Identifiable Health Information,” Federal Register, vol. 67, pp. 53181–53273, Aug. 2002.
[4]Stevens, G. “A Brief Summary of the Medical Privacy Rule,” CRS Report for Congress, April, 30th, 2003.
[5]Department of Health and Human Services, “Security and electronic signature standards,” Federal Register, vol. 63, pp. 43241–43280, Aug. 1998.
[6]J. Collmann, D. Lambert, M. Brummett, D. DeFord, J. Coleman, T.Cooper, K. Mcall, D. Seymour, C. Albert, A. Dorofee., “Beyond good practice: why HIPAA only addresses part of the data security problem,” International Congress Series, 1268, pp. 113-118, 2004.
[7]J. L. Zoreda and J. M. Oton, Smart Cards. Norwood, MA: Artech House, 1994.
[8]Rienhoff Otto, Integrated Circuit Health Data Cards (Smart Cards): A Primer for Health Professionals, Washington, D. C. PAHO, 2003.
[9]Davie Jones, “Smart cards — the key to secure and flexible healthcare provision,” Card Technology Today, Vol.15, Issue.11, pp.8, Nov.-Dec., 2003.
[10]C. Lambrinoudakis and S. Gritzalis, “Managing medical and insurance information through a smart-card-based information system,” J. Med. Syst., vol. 24, no. 4, pp. 213–234, 2000.
[11]B. Lampson, M. Abadi, M. Burrows, E. Wobber, “Authentication in Distributed Systems: Theory and Practice,” ACM Trans. Computer Systems, Vol.10, No.4, pp. 265-310, Nov. 1992.
[12]Schneier, Bruce, Applied Cryptography. 2nd ed. John Wiley & Sons, 1996.
[13]National Institute of Standards and Technology, “Advanced Encryption Standard”, FIPS 197, 26 November 2001.
[14]“Proposed Federal Information Processing Standard for Digital Signature Standard (DSS),” Federal Register, Vol.56, No.169, pp.42980-42982, Aug.30, 1991.
[15]T. ELGamal, “A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,” IEEE Tran. Inform. Theory, Vol.31, No.4, pp.469-472, 1985.
[16]National Institute of Standards and Technology, “Secure Hash Standard”, FIPS 180-1, 17 April 1995.
[17]Giesecke & Devient Gmbh (2004), “Smart Health Card: The key to the health care system of the future,” [Online]. Available: http://www.gi-de.com/
[18]B. Blobel and P.Pharow, “Experiences with health professional card,” in Proc. Electron. Health Rec. Europe’97, London, U. K., pp. 29-39.
[19]William C.Pao, ”NHI IC cards in use at all hospitals, clinics,” The China Post, pp. 5, Friday, March, 2004. [Online]. Available: http://www.nhi.gov.tw/00english/file/0305paper.pdf
[20]Bureau of National Health Insurance,” NHI Profile/ Current Status,” [Online]. Available: http://www.nhi.gov.tw/00english/e_05pro_104.htm
[21]S.M. Yen and C.S.Laih, “Improved Digital Signature Algorithm,” IEEE Trans. on Computers, Vol.44, No.5, pp.729-730, May 1995.