2009 年 29 巻 3 号 p. 117-128
With the spread of electronic health records, patients’ privacy concerns rise greatly. In response, many organizations advocate that healthcare information systems (HIS) should have an opt-in capability and a way for people to segment sensitive information, if they choose to. Currently, employing a proper access control mechanism to protect patients’ electronic health records is a well-accepted discipline in HIS development. However, the design of such mechanisms hardly includes the requirement of supporting patients’ preferences regarding the use of their personal information. It is therefore highly desirable to extend a HIS’s access control to handle patients’ privacy preferences. On the other hand, as the principle and practice of patients’ privacy preferences are still emerging, instead of replacing existing mechanisms with new ones, techniques for adapting existing mechanisms to quickly reflect patients’ privacy preferences can be a worthwhile solution. In particular, we argue that aspect-oriented programming (AOP) can be part of the solutions and has the potential to provide fine-grained privacy protection to cater to the privacy needs of each individual. Aspect-oriented approach enables separation of concerns which are better designed independently, but must operate together. We propose an aspect-based preference management framework that collects and manages patients’ preferences independently yet can integrate with the underlying HIS to support patients’ privacy preferences effectively. The proposed mechanisms are loosely coupled with the underlying system. It is thus easy to adapt them and employ them for migrating existing systems to support patients’ privacy preferences.