Research And Design On XML-based Electronic Medical Record Security Architecture

Medical record includes information that the patient provides concerning his or her symptoms and medical history, the results of examinations, reports of x rays and laboratory tests, diagnoses, and treatment plans. It is the media and executing gist of healthcare activities, it is also the information source of medical research and education. With the development of Hospital Information System, a transition from paper-based patients records to electronic medical records has taken place.EMR is the core technique of Medical Information, it is not only a collection of patient medical information,but also a vector of information sharing,therefore the security of EMR becomes very important, this issue causes a great theoretical and practical significance on the project of Medical Information.This paper analysis the potential safety problems of the electronic medical records system. According to norms and technology presents this paper design a security system for EMR, and on this basis making a more systematic study on the standard definition of EMR file, XML security technology, XML Key Management technology.Confidentiality, integrity and non-repudiation are three basic requirements for the security of EMR. The security of EMR is based on laws,management and technology. Encryption and electronic signature technology are based on asymmetric cryptography method, they provide solutions for the security of EMR. This paper relies on"Junweiyihao"system(The EMR system used in Xinqiao hospital of Third Military Medical University),and discusses XML security technology in the application and implementation of an EMR system.EMR system used for storage and transmission in the form of XML documents.The structure and expanded of XML document is very appropriate description of the contents of the medical documents containing complex. According to the characteristics of XML_based EMR, this system use XML schema models for Developing the structure and content of medical documents, and make sure the medical documents can be linked smoothly between different hospitals. Furthermore, this system provides encryption and signature components which used encryption and signature standards followed by W3C. This paper tells how to develop EMR security system, and then analysis some key modules. Focused on the design and workflow of encryption and signature, this paper analyses the timing for encryption and signature. Furthermore, relies on"Junweiyihao"system, this paper give us a new and feasible solution which use Muti-signature on EMR.XML Key Management Specification XKMS can provide new key management services, combined with traditional PKI it can implement PKI application which cost less and develop easily. This system uses XKMS services to manage the keys which are used by encryption and signature components. This system constructs a web-based service framework using XKMS services, and gives the XKMS trust services following by the applications, including key register, key revoke, key locate and some other methods. It uses XKMS PKI Authentication Center for deployment.In short, this paper develops a workable solution for the security of EMR by using encryption and signature technology based on XKMS services.