良好的授權以及存取控制設計，是電子化病歷系統要應用在大型醫療機構中所不可或缺的一環。因此，系統需要自動化的代理人，依照系統狀態的演進來做動態的分散式安全性管理。基於決策（policy）的系統是分散式管理的最新發展之一。藉由配置決策來管理權限，我們便可以動態地規範系統行為，而不須將行為規範寫入代理人程式中。我們提出了一個制定可實作的決策的方法。制訂在組織層級的決策會被轉化為可實作的行動。授權決策指定了一個角色被允許或禁止在哪些目標上執行哪些行動，而義務決策指定了一個角色必須或不必執行哪些行動。此模型規範了使用者在病歷系統中的存取權，並支援正或負的授權，以及動態或靜態的義務。權利與義務的決定是基於存取時的環境背景資訊－例如醫師與病人的關係，並考慮了角色之間的衝突。這使我們可以制定精確而具彈性的決策，來依照使用者的權利和職務需求作授權。我們也討論了在決策間有衝突時，如何用優先順序關係來化解。

The design of proper models for authorization and access control for electronic medical record (EMR) is essential to a wide scale use of EMR in large health organizations. There is a need for distributed, automated management agents whose behaviors also have to dynamically change to reflect the evolution of the system being managed. Policy-based management is one of the latest developments in network and distributed systems management. The use of policy-based management in areas such as security is particularly attractive. Security management involves specification and deployment of access control policies. Policies are a means of specifying and influencing management behavior within a system, without coding the behaviors into the manager agents. Our approach is aimed at specifying implementable policies, although policies may be initially specified at the organizational level, and then refined to implementable actions. Authorization policies specify what activities a role is permitted or forbidden to do to a set of target objects and are similar to security access control policies. Obligation policies specify what activities a role must or must not do to a set of target objects and essentially define the duties of the role. This model regulates user’s access to EMR based on organizational roles. It supports positive and negative authorizations; static and dynamic separation of duties based on weak and strong role conflicts. Authorization with context use environmental information available at access time, like user/patient relationship, in order to decide whether a user is allowed to access an EMR resource. This enables the specification of a more flexible and precise authorization policy, where permission is granted or denied according to the right and the need of the user to carry out a particular job function. We also discuss various precedence relationships that can be established between policies in order to allow inconsistent policies to co-exist with the system and review policy conflicts, focusing on the problems of conflict detection and resolution.

[1] Anderson R. J., “Security in Clinical Information Systems.” British Medical Association, Jan. 1996.
[2] Anderson R. J., “A Security Policy Model for Clinical Information Systems.” IEEE, Jan. 1996
[3] Bertino E., Jajordia S., and Samarati P., “A Flexible Authorization Mechanism for Relational Data Management Systems,” ACM Trans. Info. Syst., vol. 17, Apr. 1999.
[4] Cimino J. J., Clayton P. D., Hripcsack G., and Johnson S. B. “Knowledge-Based Approaches to the Maintenance of Large Controlled Medical Terminology,” Journal of the American Medical Informatics Association, vol. 1, pp. 35-50, 1994
[5] College of American Pathologists, “Systmatized NOmendlature of MEDicine SNOMED,” http://www.smomed.org/, Dec, 2002.
[6] Damianou N., Dulay N., Lupu E., and Sloman M. “The Ponder specification Language”. The Policy Workshop (2001), Bristol U.K., LNCS 1995.
[7] Dahlin B. and Arnesjo B., Doctors Journal. In: G. Petersson and M. Rydmark, editors Medicine Informatic, 1996.
[8] Farquhar A., Fikes R., and Rice J. “The Ontolingua Server: A tool for Collaborative Ontology Construction” http://www.cs.umbc.edu/771/papers/KSL-96-26.pdf, Dec. 23, 2002.
[9] Ferralolo D, Sandhu R., Gavrila S., and Kuhn D. , “Proponed NIST Standard for Role-Based Access Control,” ACM Trans. Info. Syst., vol. 4, Aug. 2001.
[10] Gaudin, S. (2000). Case Study on insider sabotage. The Tim Lloyd/Omega case. Computer Security Journal, 16(3), 1-9.
[11] Gruber T. R., “What is an Ontology?,” http://www-ksl.stanford.edu/kst/what-is-an-ontology.html, Jan. 11, 2003.
[12] Gruber T. R., “A Translation Approach to Portable Ontology Specifications,” Knowledge Acquasition, vol 5, 1993
[13] HL7, “What is HL7?” http://www.hl7.org.about, March, 2002.
[14] Lindberg D., Humphreys B., and McCray A., “The Unified Medical Language System (UMLS). Amsterdam: International Medical Informatics Association 1993.
[15] McDaniel P. “On Context in Authorization Policy,”. AT&T Labs – Research. DARPA, SACMAT,.June 2003
[16] Musen M. A, Ferguson R. W., Crosso W. E., Noy N. F., Crubezy M., and Gennari J. H., “Component-Based Support for Building Knowledge-Acquisition Systems”. Standford Medical Informatics, Department of Medicine, Stanford University School of Medicine, Stanford, Conference Proceedings SMI – 2000 – 0838, August, 2000.
[17] Noy N. F., McGuiness D.C. “Ontology Development 101: A Guide to Creating Your First Ontology”. Stanford Knowledge System Laboratory Technical report KSL-01-05, March 2001. http://protege.standford.edu/publications/ontology_developement/ontology101-noy-mcquinness.html.
[18] Rector A.L., Solomon W. D. , Nowlan , W. A. and Rush T. W, “ A Terminology Server for Medical Language and Medical Information Systems,” Methods of Information in Medicine, vol. 34, pp. 147-157, 1995.
[19] Rindfleisch T., “Privacy, Information Technology and Health Care”, Communications ACM, 40 (8) pp. 93 – 100, 1997.
[20] Sandhu R. S., Coyne F.J. , and Youman C. F., “Role-based access control models,” IEEE, Compur, vol. 29, pp. 38 47, Feb. 1999.
[21] Sandhu R., Ferraiolo D., and Kuhn D. The NIST model for role-based access control: towards a unified standard. In Proceedings of the Fifth ACM Workshop on Role-Based Access Control (RBAC’00), pp. 47-63, 2000
[22] Simpson R., “Security Threats are Usually an Inside Job”, Nursing Management, 27 (12): 43, 1996.
[23] Sloman M. “Policy Driven Management for Distributed Systems.” Network and Systems Management, 2 (4) pp. 333-360, 1994
[24] Swartout B., Ramesh P., Knight K., and Russ T., “ Toward Distributed Use of Large-Scale Ontologies,” presented at Tenth Knowledge Acquisition for Knowledge-Based Systems Workshop (KAW’96)., Banff, Alberta, Canada, Nov. 1996.
[25] Uszok A., Bradshaw J., Jeffers R., Suri N., Hayes P., Breedy M., Bunch L., Johnson M., Kulkami S., Lott J., “KAoS Policy and Domain Services: Toward a Description-Logic Approach to Policy Representation, De-confliction, and Enforcement” Proceedings of Policy. Como. Italy 2003.