近來，隨著電子病歷的日漸普及，大眾對病人隱私的關注也隨之增加。在現行的醫療資訊系統 (Healthcare Information System, HIS) 中，透過適當的權限控管機制以保障電子病歷隱私是相當普遍的作法。然而，此機制並沒有考慮到病人對於隱私資訊用途的偏好不同。因此，擴充現行醫療資訊系統的權限控管機制，以處理病人隱私偏好的需求相當迫切。
針對此議題，我們認為剖面導向程式設計 (Aspect-Oriented Programming) 技術可以成為其解決方案的重要一環。本研究試著實作一個剖面導向的管理框架，在無需大幅度改寫系統的前提之下，能夠和現有的醫療資訊系統整合，達到讓病人自訂及管理隱私偏好。該框架和現行系統的關係是鬆散耦合 (loosely coupled) 的，因此，能夠輕易地用來擴充現行的系統，以便達到支援病人自定隱私偏好的目的。

Electronic health records are getting more and more popular these days, however, concerns for patients' privacy also increase greatly. Currently, it's not unusual for Healthcare Information System (HIS) to adopt a proper access
control mechanism to protect patients' electronic health records. Nonetheless, this design did not consider the requirements of supporting patients’ preferences regarding the use of their privacy information. Hence, it is desirable to extend the original access control system to handle patients' privacy preferences.
For this issue, we argue that Aspect-Oriented Programming (AOP) can be an important part of the solutions. This thesis presents an aspect-based preference management framework that collects and manages patients' preferences. It can be integrated with the existing HIS to support patients' privacy preferences without rewriting from scratch. The proposed mechanisms are loosely coupled
with the underlying system. It is therefore easier to use it to improve existing systems to support patients’ privacy preferences.

[1] 行政院衛生署 電子病歷推動專區, Retrieved January 15, 2011, from
http://emr.doh.gov.tw/introduction.aspx
[2] U.S. Department of Health and Human Services (2008), Nationwide Privacy and Security
Framework For Electronic Exchange of Individually Identifiable Health Information,
(Internet), Office of the National Coordinator for Health Information Technology, U.S.
Department of Health and Human Services, Available from
http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_10731_848088_0_0_18/Nationwi
dePS_Framework-5.pdf (Accessed 28 June, 2009)
[3] APEC (2005), APEC Privacy Framework, (Internet), Asia-Pacific Economic Corporation,
Available from
http://www.apec.org/apec/news___media/fact_sheets/apec_privacy_framework.html
(Accessed 28 June, 2009)
[4] 台大醫院當機 8000病患受累 (22 May, 2007), Retrieved January 15, 2011, from
http://www.libertytimes.com.tw/2007/new/may/22/today-life3.htm
[5] eXtensible Access Control Markup Language (XACML) Version 1.1, Retrieved January
15, 2011, from
http://www.oasis-open.org/committees/xacml/repository/cs-xacml-specification-1.1.pdf
[6] Enterprise Privacy Authorization Language (EPAL), Retrieved January 15, 2011, from
http://www.zurich.ibm.com/security/enterprise-privacy/epal/Specification/index.html
48
[7] XACML on OASIS, Retrieved January 15, 2011, from
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
[8] A Brief Introduction to XACML, Retrieved January 15, 2011, from
http://www.oasisopen.
org/committees/download.php/2713/%20Brief_Introduction_to_XACML.html
[9] XACML Terminology, Retrieved January 15, 2011, from
http://en.wikipedia.org/wiki/XACML#Terminology
[10] EPAL W3C submission, Retrieved January 15, 2011, from
http://www.w3.org/Submission/2003/SUBM-EPAL-20031110/
[11] Walter Hürsch and Cristina Videira Lopes, Separation of Concerns, Technical Report, no.
NU-CCS-95-03, 1995.
[12] Kiczales, G. et al., (1997), Aspect-Oriented Programming, European Conference on
Object-Oriented Programming, Jyväskylä, Finland, June 1997, Lecture Notes in Computer
Science 1241; 220-242.
[13] 陳恭, 剖面導向程式設計(AOP/AOSD)簡介, 2007
[14] Kiczales, G. et al., (2001), Getting Started with AspectJ, Communications of ACM,
44(10), 2001, 59-65.
[15] Hilsdale, E. and Hugunin, J. (2004), Advice Weaving in AspectJ, Proc. of the 3rd
International Conference on Aspect-Oriented Software Development, Lancaster UK, 2004:
26-35.
[16] Plain Old Java Object (POJO), Retrieved January 15, 2011, from
http://en.wikipedia.org/wiki/Plain_Old_Java_Object
[17] Object-relational mapping, Retrieved January 15, 2011, from
http://en.wikipedia.org/wiki/Object-relational_mapping
[18] Model–View–Controller, Retrieved January 15, 2011, from
http://en.wikipedia.org/wiki/Model%E2%80%93View%E2%80%93Controller
[19] Relational Database, Retrieved January 15, 2011, from
http://en.wikipedia.org/wiki/Relational_database
[20] Object-relational impedance mismatch, Retrieved January 15, 2011, from
http://en.wikipedia.org/wiki/Object-relational_impedance_mismatch
[21] Connection Pool, Retrieved January 15, 2011, from
http://en.wikipedia.org/wiki/Connection_pool
[22] Shan, Tony (2006). "Taxonomy of Java Web Application Frameworks". Proceedings of
2006 IEEE International Conference on e-Business Engineering (ICEBE 2006),
http://portal.acm.org/citation.cfm?id=1190953 (Accessed 10 Oct, 2010)
[23] Stateless, Retrieved January 15, 2011, from
http://en.wikipedia.org/wiki/Stateless_protocol
[24] Blobel B. (2004), Authorisation and access control for electronic health record systems.
Int. J. of Medical Informatics, 73(3), March 2004, 251-7.
[25] Ferreira A, et al. (2005), Modelling access control for a complex healthcare organization.
In: iSHIMR 2005: Proceedings of the Tenth International Symposium on Health Information Management Research, Thessaloniki, Greece, Sep. 2005.
[26] Massacci, F. and Zannone, N. (2006), Privacy is Linking Permission to Purpose, Lecture
Notes in Computer Science Vol. 3957, Springer Berlin / Heidelberg.
[27] Personally identifiable information, Retrieved January 15, 2011, from
http://en.wikipedia.org/wiki/Personally_identifiable_information
[28] Hafner, M. et al. (2008), Modeling and Enforcing Advanced Access Control Policies in
Healthcare Systems with Sectet, IN: H. Giese (Ed.):MoDELS 2007 Workshops, LNCS 5002,
pp. 132-144, 2008, Springer Berlin / Heidelberg.
[29] Health Level Seven, The Clinical Document Architecture Release 2.0, Retrieved January
15, 2011, from http://www.hl7.org/library/standards_non1.htm
[30] HL7 Security WG: The RBAC Security and Privacy Vocabulary Project (2008),
Available from
http://hl7projects.hl7.nscee.edu/docman/view.php/57/361/SecurityandPrivacyuthzFramework.
pdf, (Accessed June 28, 2009)
[31] Platform for Privacy Preferences (P3P) Project, Retrieved January 15, 2011, from
http://www.w3.org/P3P/
[32] Aspect Weaver, Retrieved January 15, 2011, from
http://en.wikipedia.org/wiki/Aspect_weaver
[33] Sandhu R, et al. (1996), Role-based access control models, IEEE Computer, 29(2), 1996,
pp. 38-47.
[34] Opt out, Retrieved January 15, 2011, from http://en.wikipedia.org/wiki/Opt-out
[35] Karjoth, G., Schunter, M., Waidner, M. (2004), Privacy-enabled Management of
Customer Data. IEEE Data Eng. Bull. 27(1): 3-9 (2004).