陳俊良臺灣大學：資訊工程學研究所龔榮芳Kung, Jung-FangJung-FangKung2007-11-262018-07-052007-11-262018-07-052004http://ntur.lib.ntu.edu.tw//handle/246246/53999醫療資訊電子化後，資料因流通便利而能提升醫療及健康服務之品質與效率，但是若沒有對資訊之傳輸、保存以及使用作好妥善規劃與管制，勢將較傳統以人工記載的處理方式，對病患個人隱私造成更大的危害。本研究利用加解密、數位信封、數位簽章等密碼學相關技術，配合晶片卡的應用，來做電子病歷的安全管理，使得一方面能保障資料所有者之個人隱私，另一方面亦能方便電子病歷的流通。 本研究亦為未來健保IC卡的定位提出一可行方向，使得健保IC卡不單單只是記載就醫紀錄的工具，而能在產生金鑰對、儲存私鑰、加解密運算方面，發揮智慧卡最適宜的用途。病患對於自己的病歷更因此握有相當的控制權，自行決定敏感資料對外公開的程度。本研究可提供給中央健保局作為未來發展健保業務的參考，並且消除民間團體對於隱私外洩的疑慮，相信民眾將更能享受到使用健保IC卡所帶來的便利。The electronic medical record can bring patients’ convenience of data distribution, and even promote the quality and efficiency of medical service and health care. Unless the transmission, preservation and usage of information is well-controlled, however, the patient’s privacy would be damaged more seriously than written by hand traditionally. This research introduces security management by means of the technology of cryptography such as encryption, decryption, digital envelope, and digital signature, with the application of smart cards. On the one hand, it can protect the privacy of the information owner. On the other hand, it still preserves the convenience of information distribution. This research also brings up a practical direction for the health card. The health card is not only a tool for storing medical records, but also it can develop the most suitable purpose of key pair production, private key storage, and cipher operation. Moreover, the patient will hold his own rights of medical records, and decide how his sensitive information will be presented. The research can provide a reference for the Bureau of National Health Insurance, and eliminate the doubt of some civil organizations regarding privacy exposure. We believe that people will benefit more from using health cards in the future.摘要………………………………………………………………………..iii Abstract……………………………………………………………………..iv 目錄………………………………………………………………………...v 圖目錄…………………………………………………………………….vii 表目錄……………………………………………………………………..ix 1 緒論……………………………………………………………………...1 1.1 背景介紹…………………………………………………………...1 1.2 研究目的…………………………………………………………...2 2 文獻探討………………………………………………………………...3 2.1 電子病歷…………………………………………………………...3 2.2 聯邦健康保險法案（HIPAA）……………………………………...4 2.3 健保IC卡…………………………………………………………..7 2.3.1 健保IC卡的意義與弁遄K…………………………………7 2.3.2 卡片內容…………………………………………………….7 2.3.3 健保IC卡安全機制…………………………………………8 2.4 智慧卡…………………………………………………………….11 2.4.1 簡介…………………………………………………………11 2.4.2 ISO 7816標準……………………………………………...12 2.4.3 APDU協定…………………………………………………12 2.5 密碼學…………………………………………………………….13 2.5.1 對稱性加解密法…………………………………………...14 2.5.2 非對稱性加解密法………………………………………...15 2.5.3 數位信封…………………………………………………...15 2.5.4 數位簽章…………………………………………………...16 3 系統設計……………………………………………………………….19 3.1 系統概述………………………………………………………….19 3.2 存放病歷於醫院資料庫………………………………………….19 3.3 存放一般就醫紀錄於健保卡…………………………………….22 3.4 存放就醫紀錄於健保局資料庫………………………………….23 4 系統實作……………………………………………………………….27 4.1 開發平台與環境………………………………………………….27 4.2 系統展示………………………………………………………….29 4.2.1 診間醫令系統（與醫院資料庫連線）……………………...30 4.2.2 診間醫令系統（與健保局資料庫連線）…………………...37 5 結論與未來展望…………………………………………………….…45 參考文獻…………………………………………………………………...473007819 bytesapplication/pdfen-US隱私權電子病歷晶片卡smart cardprivacyelectronic medical recordthesishttp://ntur.lib.ntu.edu.tw/bitstream/246246/53999/1/ntu-93-R91922003-1.pdf