Abstract
The exchange of patient information between medical institutions via the network is expected to improve the quality of medical services. We built a system which enabled doctors to send patient information extracted from the electronic patient record to doctors in other hospitals using a Web system. The security protection is essential for this system. We use SSL (Secure Socket Layer) to prevent the interpolation of patient information on the net and we authenticate doctors who access the web server by using IDs and passwords. Furthermore, the web server publishes a token called “patient information access ticket” which enables doctors to view patient information. This ticket is used for access control on the web server. A doctor who has a right to receive this ticket can transfer this right to other doctors. As a result, safe and flexible access control to patient information became possible. We built this system in Osaka University Hospital and confirmed the usability of it.
